Initial support for DSO FIPS fingerprinting.
This commit is contained in:
Andy Polyakov
parent
780b97aba6
commit
d58d546e2d
15 changed files with 161 additions and 143 deletions
|
|
@ -21,7 +21,7 @@ AR= ar r
|
|||
PEX_LIBS=
|
||||
EX_LIBS=
|
||||
|
||||
CFLAGS= $(INCLUDE) $(CFLAG)
|
||||
CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
|
||||
|
||||
|
||||
LIBS=
|
||||
|
|
@ -101,11 +101,7 @@ libs:
|
|||
done;
|
||||
|
||||
tests:
|
||||
@for i in $(FDIRS) ;\
|
||||
do \
|
||||
(cd $$i && echo "making tests in fips/$$i..." && \
|
||||
$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
|
||||
done;
|
||||
(cd ..; make DIRS=test)
|
||||
|
||||
top_fips_test_suite:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
|
||||
|
|
@ -114,8 +110,8 @@ fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
|
|||
$(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
|
||||
|
||||
fips_test: top top_fips_test_suite
|
||||
cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
|
||||
fips_test: top tests
|
||||
-cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
|
||||
@for i in dsa sha aes des hmac rand rsa; \
|
||||
do \
|
||||
(cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
|
||||
|
|
|
|||
|
|
@ -66,18 +66,11 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_aesavs:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
|
||||
|
||||
fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
|
||||
|
||||
fips_test: top top_fips_aesavs
|
||||
find ../testvectors/aes/req -name '*.req' > testlist
|
||||
fips_test:
|
||||
-find ../testvectors/aes/req -name '*.req' > testlist
|
||||
-rm -rf ../testvectors/aes/rsp
|
||||
mkdir ../testvectors/aes/rsp
|
||||
./fips_aesavs -d testlist
|
||||
if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
|
|
|||
|
|
@ -64,18 +64,11 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_desmovs:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
|
||||
|
||||
fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
|
||||
|
||||
fips_test: top_fips_desmovs
|
||||
find ../testvectors/tdes/req -name '*.req' > testlist
|
||||
fips_test:
|
||||
-find ../testvectors/tdes/req -name '*.req' > testlist
|
||||
-rm -rf ../testvectors/tdes/rsp
|
||||
mkdir ../testvectors/tdes/rsp
|
||||
./fips_desmovs -d testlist
|
||||
if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ AR= ar r
|
|||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
TEST=fips_dsatest.c
|
||||
TEST=fips_dsatest.c fips_dssvs.c
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
|
|
@ -62,23 +62,16 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_dssvs:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
|
||||
|
||||
fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
|
||||
|
||||
Q=../testvectors/dsa/req
|
||||
A=../testvectors/dsa/rsp
|
||||
|
||||
fips_test: top_fips_dssvs
|
||||
fips_test:
|
||||
-rm -rf $A
|
||||
mkdir $A
|
||||
./fips_dssvs pqg < $Q/PQGGen.req > $A/PQGGen.rsp
|
||||
./fips_dssvs keypair < $Q/KeyPair.req > $A/KeyPair.rsp
|
||||
./fips_dssvs siggen < $Q/SigGen.req > $A/SigGen.rsp
|
||||
./fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp
|
||||
if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
|
||||
if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
|
||||
if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
|
||||
if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
|
|
|||
77
fips/fips.c
77
fips/fips.c
|
|
@ -145,6 +145,73 @@ int FIPS_selftest()
|
|||
&& FIPS_selftest_dsa();
|
||||
}
|
||||
|
||||
#ifndef HMAC_EXT
|
||||
#define HMAC_EXT "sha1"
|
||||
#endif
|
||||
|
||||
static char key[]="etaonrishdlcupfm";
|
||||
|
||||
#ifdef OPENSSL_PIC
|
||||
int DSO_pathbyaddr(void *addr,char *path,int sz);
|
||||
|
||||
static int FIPS_check_dso()
|
||||
{
|
||||
unsigned char buf[1024];
|
||||
char path [512];
|
||||
unsigned char mdbuf[EVP_MAX_MD_SIZE];
|
||||
FILE *f;
|
||||
HMAC_CTX hmac;
|
||||
int len,n;
|
||||
|
||||
len = DSO_pathbyaddr(NULL,path,sizeof(path)-sizeof(HMAC_EXT));
|
||||
if (len<=0)
|
||||
{
|
||||
FIPSerr(FIPS_F_FIPS_CHECK_DSO,FIPS_R_NO_DSO_PATH);
|
||||
return 0;
|
||||
}
|
||||
|
||||
f=fopen(path,"rb");
|
||||
if(!f)
|
||||
{
|
||||
FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
|
||||
return 0;
|
||||
}
|
||||
|
||||
HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
|
||||
while(!feof(f))
|
||||
{
|
||||
n=fread(buf,1,sizeof buf,f);
|
||||
if(ferror(f))
|
||||
{
|
||||
clearerr(f);
|
||||
fclose(f);
|
||||
FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
|
||||
return 0;
|
||||
}
|
||||
if (n) HMAC_Update(&hmac,buf,n);
|
||||
}
|
||||
fclose(f);
|
||||
HMAC_Final(&hmac,mdbuf,&n);
|
||||
HMAC_CTX_cleanup(&hmac);
|
||||
|
||||
path[len-1]='.';
|
||||
strcpy(path+len,HMAC_EXT);
|
||||
f=fopen(path,"rb");
|
||||
if(!f || fread(buf,1,20,f) != 20)
|
||||
{
|
||||
if (f) fclose(f);
|
||||
FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
|
||||
return 0;
|
||||
}
|
||||
fclose(f);
|
||||
if(memcmp(buf,mdbuf,20))
|
||||
{
|
||||
FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
#else
|
||||
static int FIPS_check_exe(const char *path)
|
||||
{
|
||||
unsigned char buf[1024];
|
||||
|
|
@ -152,9 +219,8 @@ static int FIPS_check_exe(const char *path)
|
|||
unsigned int n;
|
||||
unsigned char mdbuf[EVP_MAX_MD_SIZE];
|
||||
FILE *f;
|
||||
static char key[]="etaonrishdlcupfm";
|
||||
HMAC_CTX hmac;
|
||||
const char *sha1_fmt="%s.sha1";
|
||||
const char *sha1_fmt="%s."HMAC_EXT;
|
||||
|
||||
f=fopen(path,"rb");
|
||||
#ifdef __CYGWIN32__
|
||||
|
|
@ -163,7 +229,7 @@ static int FIPS_check_exe(const char *path)
|
|||
just in case the behavior changes in the future... */
|
||||
if (!f)
|
||||
{
|
||||
sha1_fmt="%s.exe.sha1";
|
||||
sha1_fmt="%s.exe."HMAC_EXT;
|
||||
BIO_snprintf(p2,sizeof p2,"%s.exe",path);
|
||||
f=fopen(p2,"rb");
|
||||
}
|
||||
|
|
@ -205,6 +271,7 @@ static int FIPS_check_exe(const char *path)
|
|||
}
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
int FIPS_mode_set(int onoff,const char *path)
|
||||
{
|
||||
|
|
@ -232,7 +299,11 @@ int FIPS_mode_set(int onoff,const char *path)
|
|||
goto end;
|
||||
}
|
||||
|
||||
#ifdef OPENSSL_PIC
|
||||
if(!FIPS_check_dso())
|
||||
#else
|
||||
if(!FIPS_check_exe(path))
|
||||
#endif
|
||||
{
|
||||
fips_selftest_fail = 1;
|
||||
ret = 0;
|
||||
|
|
|
|||
|
|
@ -110,6 +110,7 @@ void ERR_load_FIPS_strings(void);
|
|||
#define FIPS_F_RSA_GENERATE_KEY 113
|
||||
#define FIPS_F_RSA_X931_GENERATE_KEY 119
|
||||
#define FIPS_F_SSLEAY_RAND_BYTES 101
|
||||
#define FIPS_F_FIPS_CHECK_DSO 120
|
||||
|
||||
/* Reason codes. */
|
||||
#define FIPS_R_CANNOT_READ_EXE 103
|
||||
|
|
@ -122,6 +123,7 @@ void ERR_load_FIPS_strings(void);
|
|||
#define FIPS_R_NON_FIPS_METHOD 100
|
||||
#define FIPS_R_PAIRWISE_TEST_FAILED 107
|
||||
#define FIPS_R_SELFTEST_FAILED 101
|
||||
#define FIPS_R_NO_DSO_PATH 110
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
|
|
@ -90,6 +90,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
|
|||
{ERR_FUNC(FIPS_F_RSA_GENERATE_KEY), "RSA_generate_key"},
|
||||
{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY), "RSA_X931_generate_key"},
|
||||
{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
|
||||
{ERR_FINC(FIPS_F_FIPS_CHECK_DSO), "FIPS_check_dso"},
|
||||
{0,NULL}
|
||||
};
|
||||
|
||||
|
|
@ -105,6 +106,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
|
|||
{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
|
||||
{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
|
||||
{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"},
|
||||
{ERR_REASON(FIPS_R_NO_DSO_PATH) ,"DSO can't be determined"},
|
||||
{0,NULL}
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
const char * const FIPS_source_hashes[] = {
|
||||
"HMAC-SHA1(fips.c)= 9ff14b7f6f7db99c04de226a075a358e3578c4df",
|
||||
"HMAC-SHA1(fips.c)= c5116c8f381d5981d840d240f66c8303b866f5f6",
|
||||
"HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
|
||||
"HMAC-SHA1(fips.h)= 9e8d77f438eabc36273e2046aa209e6e78515103",
|
||||
"HMAC-SHA1(fips_err.h)= fec567f1abe0f8d53a208b7f24b992dda2db3e4d",
|
||||
"HMAC-SHA1(fips.h)= 23151c26e0c735c09b0f229a16a31235150b4ca4",
|
||||
"HMAC-SHA1(fips_err.h)= b9cd3383335a4db7663dd3b7a4851e2d60998597",
|
||||
"HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
|
||||
"HMAC-SHA1(aes/asm/fips-ax86-elf.s)= f797b524a79196e7f59458a5b223432fcfd4a868",
|
||||
"HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0",
|
||||
|
|
@ -26,7 +26,7 @@ const char * const FIPS_source_hashes[] = {
|
|||
"HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
|
||||
"HMAC-SHA1(rsa/fips_rsa_x931g.c)= 1827d381bb21c53a38a7194cb1c428a2b5f1e3ab",
|
||||
"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
|
||||
"HMAC-SHA1(sha/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
|
||||
"HMAC-SHA1(sha/fips_standalone_sha1.c)= 46a66875e68398eabca2e933958a2d865149ca1b",
|
||||
"HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
|
||||
"HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
|
||||
"HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
|
||||
|
|
|
|||
|
|
@ -62,20 +62,13 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_hmactest:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_hmactest sub_target)
|
||||
|
||||
fips_hmactest: fips_hmactest.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_hmactest fips_hmactest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_hmactest
|
||||
|
||||
Q=../testvectors/hmac/req
|
||||
A=../testvectors/hmac/rsp
|
||||
|
||||
fips_test: top top_fips_hmactest
|
||||
fips_test:
|
||||
-rm -rf $(A)
|
||||
mkdir $(A)
|
||||
./fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp
|
||||
if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
lib=$1
|
||||
exe=$2
|
||||
ext=${HMAC_EXT:-sha1}
|
||||
|
||||
# deal with the case where we're run from within the build and OpenSSL is
|
||||
# not yet installed. Also, make sure LD_LIBRARY_PATH is properly set in
|
||||
|
|
@ -22,9 +23,9 @@ else
|
|||
fi
|
||||
|
||||
echo "Checking library fingerprint for $lib"
|
||||
openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
|
||||
openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.$ext - || { echo "$libs fingerprint mismatch"; exit 1; }
|
||||
|
||||
[ -x $exe.exe ] && exe=$exe.exe
|
||||
|
||||
echo "Making fingerprint for $exe"
|
||||
openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1
|
||||
openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ AR= ar r
|
|||
CFLAGS= $(INCLUDES) $(CFLAG)
|
||||
|
||||
GENERAL=Makefile
|
||||
TEST= fips_randtest.c
|
||||
TEST= fips_randtest.c fips_rngvs.c
|
||||
APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
|
|
@ -62,21 +62,14 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_rngvs:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rngvs sub_target)
|
||||
|
||||
fips_rngvs: fips_rngvs.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_rngvs fips_rngvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rngvs
|
||||
|
||||
Q=../testvectors/rng/req
|
||||
A=../testvectors/rng/rsp
|
||||
|
||||
fips_test: top_fips_rngvs
|
||||
fips_test:
|
||||
-rm -rf $(A)
|
||||
mkdir $(A)
|
||||
./fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp
|
||||
./fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp
|
||||
if [ -f $(Q)/ANSI931_TDES2MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp; fi
|
||||
if [ -f $(Q)/ANSI931_TDES2VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp; fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
|
|
|||
|
|
@ -62,35 +62,21 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_rsastest:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsastest sub_target)
|
||||
|
||||
top_fips_rsavtest:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsavtest sub_target)
|
||||
|
||||
top_fips_rsagtest:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsagtest sub_target)
|
||||
|
||||
fips_rsastest: fips_rsastest.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_rsastest fips_rsastest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsastest
|
||||
|
||||
fips_rsavtest: fips_rsavtest.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_rsavtest fips_rsavtest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsavtest
|
||||
|
||||
fips_rsagtest: fips_rsagtest.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_rsagtest fips_rsagtest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsagtest
|
||||
|
||||
Q=../testvectors/rsa/req
|
||||
A=../testvectors/rsa/rsp
|
||||
|
||||
fips_test: top top_fips_rsastest top_fips_rsavtest top_fips_rsagtest
|
||||
fips_test:
|
||||
-rm -rf $(A)
|
||||
mkdir $(A)
|
||||
./fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp
|
||||
./fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp
|
||||
if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp; fi
|
||||
if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
|
||||
if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
|
||||
if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
|
||||
if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
|
||||
if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
|
||||
if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
|
||||
if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
|
||||
if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
|
|
|
|||
|
|
@ -72,13 +72,6 @@ tags:
|
|||
|
||||
tests:
|
||||
|
||||
top_fips_shatest:
|
||||
(cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_shatest sub_target)
|
||||
|
||||
fips_shatest: fips_shatest.o $(TOP)/libcrypto.a
|
||||
$(CC) $(CFLAGS) -o fips_shatest fips_shatest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_shatest
|
||||
|
||||
Q=../testvectors/sha/req
|
||||
A=../testvectors/sha/rsp
|
||||
|
||||
|
|
@ -98,11 +91,13 @@ VECTORS = SHA1LongMsg \
|
|||
SHA512Monte \
|
||||
SHA512ShortMsg
|
||||
|
||||
fips_test: top_fips_shatest
|
||||
fips_test:
|
||||
-rm -rf $(A)
|
||||
mkdir $(A)
|
||||
for file in $(VECTORS); do \
|
||||
./fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
|
||||
if [ -f $(Q)/$$file.req ]; then \
|
||||
$(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
|
||||
fi; \
|
||||
done
|
||||
|
||||
lint:
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ int main(int argc,char **argv)
|
|||
{
|
||||
#ifdef OPENSSL_FIPS
|
||||
static char key[]="etaonrishdlcupfm";
|
||||
int n;
|
||||
int n,binary=0;
|
||||
|
||||
if(argc < 2)
|
||||
{
|
||||
|
|
@ -112,7 +112,14 @@ int main(int argc,char **argv)
|
|||
exit(1);
|
||||
}
|
||||
|
||||
for(n=1 ; n < argc ; ++n)
|
||||
n=1;
|
||||
if (!strcmp(argv[n],"-binary"))
|
||||
{
|
||||
n++;
|
||||
binary=1; /* emit binary fingerprint... */
|
||||
}
|
||||
|
||||
for(; n < argc ; ++n)
|
||||
{
|
||||
FILE *f=fopen(argv[n],"rb");
|
||||
SHA_CTX md_ctx,o_ctx;
|
||||
|
|
@ -145,6 +152,12 @@ int main(int argc,char **argv)
|
|||
}
|
||||
hmac_final(md,&md_ctx,&o_ctx);
|
||||
|
||||
if (binary)
|
||||
{
|
||||
fwrite(md,20,1,stdout);
|
||||
break; /* ... for single(!) file */
|
||||
}
|
||||
|
||||
printf("HMAC-SHA1(%s)= ",argv[n]);
|
||||
for(i=0 ; i < 20 ; ++i)
|
||||
printf("%02x",md[i]);
|
||||
|
|
|
|||
|
|
@ -68,6 +68,8 @@ FIPS_HMACTEST= fips_hmactest
|
|||
FIPS_RSAVTEST= fips_rsavtest
|
||||
FIPS_RSASTEST= fips_rsastest
|
||||
FIPS_RSAGTEST= fips_rsagtest
|
||||
FIPS_DSSVS= fips_dssvs
|
||||
FIPS_RNGVS= fips_rngvs
|
||||
|
||||
TESTS= alltests
|
||||
|
||||
|
|
@ -78,7 +80,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(E
|
|||
$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
|
||||
$(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
|
||||
$(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
|
||||
$(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT)
|
||||
$(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
|
||||
$(FIPS_DSSVS)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT)
|
||||
|
||||
# $(METHTEST)$(EXE_EXT)
|
||||
|
||||
|
|
@ -89,7 +92,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).
|
|||
$(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
|
||||
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \
|
||||
$(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
|
||||
$(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o
|
||||
$(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_DSSVS).o $(FIPS_RNGVS).o
|
||||
SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
|
||||
$(HMACTEST).c \
|
||||
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
|
||||
|
|
@ -97,7 +100,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c $(MD4TEST).c $(MD5TEST)
|
|||
$(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
|
||||
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \
|
||||
$(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
|
||||
$(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c
|
||||
$(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_DSSVS).c $(FIPS_RNGVS).c
|
||||
|
||||
EXHEADER=
|
||||
HEADER= $(EXHEADER)
|
||||
|
|
@ -328,35 +331,31 @@ BUILD_CMD=if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
|
|||
$(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
|
||||
fi;
|
||||
|
||||
$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_AESTEST); $(BUILD_CMD)
|
||||
FIPS_BUILD_CMD=$(BUILD_CMD) \
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_AESTEST); \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $$target; \
|
||||
fi
|
||||
|
||||
$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_HMACTEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_HMACTEST); \
|
||||
fi
|
||||
@target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_RSAVTEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSAVTEST); \
|
||||
fi
|
||||
@target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_RSASTEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSASTEST); \
|
||||
fi
|
||||
@target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_RSAGTEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSAGTEST); \
|
||||
fi
|
||||
@target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
|
||||
@target=$(RSATEST); $(BUILD_CMD)
|
||||
|
|
@ -383,10 +382,7 @@ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
|
|||
@target=$(SHA1TEST); $(BUILD_CMD)
|
||||
|
||||
$(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_SHATEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHATEST); \
|
||||
fi
|
||||
@target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
|
||||
@target=$(RMDTEST); $(BUILD_CMD)
|
||||
|
|
@ -422,19 +418,13 @@ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
|
|||
@target=$(DESTEST); $(BUILD_CMD)
|
||||
|
||||
$(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_DESTEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DESTEST); \
|
||||
fi
|
||||
@target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
|
||||
@target=$(RANDTEST); $(BUILD_CMD)
|
||||
|
||||
$(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_RANDTEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RANDTEST); \
|
||||
fi
|
||||
@target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
|
||||
@target=$(DHTEST); $(BUILD_CMD)
|
||||
|
|
@ -443,10 +433,7 @@ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
|
|||
@target=$(DSATEST); $(BUILD_CMD)
|
||||
|
||||
$(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
|
||||
@target=$(FIPS_DSATEST); $(BUILD_CMD)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DSATEST); \
|
||||
fi
|
||||
@target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
|
||||
|
||||
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
|
||||
@target=$(METHTEST); $(BUILD_CMD)
|
||||
|
|
|
|||
Loading…
Reference in a new issue