]> granicus.if.org Git - openssl/commitdiff
Initial support for DSO FIPS fingerprinting.
authorAndy Polyakov <appro@openssl.org>
Tue, 7 Jun 2005 12:39:27 +0000 (12:39 +0000)
committerAndy Polyakov <appro@openssl.org>
Tue, 7 Jun 2005 12:39:27 +0000 (12:39 +0000)
15 files changed:
fips/Makefile
fips/aes/Makefile
fips/des/Makefile
fips/dsa/Makefile
fips/fips.c
fips/fips.h
fips/fips_err.h
fips/fipshashes.c
fips/hmac/Makefile
fips/openssl_fips_fingerprint
fips/rand/Makefile
fips/rsa/Makefile
fips/sha/Makefile
fips/sha/fips_standalone_sha1.c
test/Makefile

index 2ac2cd5eb722e9657db7e13318007bac5f98b8de..4fe4075d96e83e6fdd50bfad880dba0e705123e2 100644 (file)
@@ -21,7 +21,7 @@ AR=           ar r
 PEX_LIBS=
 EX_LIBS=
 
-CFLAGS= $(INCLUDE) $(CFLAG)
+CFLAGS= $(INCLUDE) $(CFLAG) -DHMAC_EXT=\"$${HMAC_EXT:-sha1}\"
 
 
 LIBS=
@@ -101,11 +101,7 @@ libs:
        done;
 
 tests:
-       @for i in $(FDIRS) ;\
-       do \
-       (cd $$i && echo "making tests in fips/$$i..." && \
-       $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
-       done;
+       (cd ..; make DIRS=test)
 
 top_fips_test_suite:
        (cd $(TOP); $(MAKE) DIRS=fips FDIRS=. TARGET=fips_test_suite sub_target)
@@ -114,8 +110,8 @@ fips_test_suite: fips_test_suite.o $(TOP)/libcrypto.a
        $(CC) $(CFLAGS) -o fips_test_suite fips_test_suite.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
        TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_test_suite || { rm fips_test_suite; false; }
 
-fips_test: top top_fips_test_suite
-       cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
+fips_test: top tests
+       -cd testvectors && perl -p -i -e 's/COUNT=/COUNT = /' des[23]/req/*.req
        @for i in dsa sha aes des hmac rand rsa; \
        do \
                (cd $$i && echo "making fips_test in fips/$$i..." && $(MAKE) fips_test) \
index b33e0ce19e3f4dd0dbeb97042ae361c66f6382d7..c81cd39f062441eef4f8a46582fc802a9bbb0893 100644 (file)
@@ -66,18 +66,11 @@ tags:
 
 tests:
 
-top_fips_aesavs:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_aesavs sub_target)
-
-fips_aesavs: fips_aesavs.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_aesavs fips_aesavs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_aesavs
-
-fips_test: top top_fips_aesavs
-       find ../testvectors/aes/req -name '*.req' > testlist
+fips_test:
+       -find ../testvectors/aes/req -name '*.req' > testlist
        -rm -rf ../testvectors/aes/rsp
        mkdir ../testvectors/aes/rsp
-       ./fips_aesavs -d testlist
+       if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_aesavs -d testlist; fi
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
index 7526c0af5c3298106bfae3c68197eedbe185f223..2e6b9d8f397ebdc08047607aff54cef1ab5af88d 100644 (file)
@@ -64,18 +64,11 @@ tags:
 
 tests:
 
-top_fips_desmovs:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_desmovs sub_target)
-
-fips_desmovs: fips_desmovs.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_desmovs fips_desmovs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_desmovs
-
-fips_test: top_fips_desmovs
-       find ../testvectors/tdes/req -name '*.req' > testlist
+fips_test:
+       -find ../testvectors/tdes/req -name '*.req' > testlist
        -rm -rf ../testvectors/tdes/rsp
        mkdir ../testvectors/tdes/rsp
-       ./fips_desmovs -d testlist
+       if [ -s testlist ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_desmovs -d testlist; fi
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
index c0536611802f3a6ea31dfc89c2f9022dad452193..a07bea4f5f09220bb9cafd3fd9892270b7dc24df 100644 (file)
@@ -18,7 +18,7 @@ AR=           ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST=fips_dsatest.c
+TEST=fips_dsatest.c fips_dssvs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
@@ -62,23 +62,16 @@ tags:
 
 tests:
 
-top_fips_dssvs:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_dssvs sub_target)
-
-fips_dssvs: fips_dssvs.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_dssvs fips_dssvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_dssvs
-
 Q=../testvectors/dsa/req
 A=../testvectors/dsa/rsp
 
-fips_test: top_fips_dssvs
+fips_test:
        -rm -rf $A
        mkdir $A
-       ./fips_dssvs pqg < $Q/PQGGen.req > $A/PQGGen.rsp
-       ./fips_dssvs keypair < $Q/KeyPair.req > $A/KeyPair.rsp
-       ./fips_dssvs siggen < $Q/SigGen.req > $A/SigGen.rsp
-       ./fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp
+       if [ -f $(Q)/PQGGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs pqg < $(Q)/PQGGen.req > $(A)/PQGGen.rsp; fi
+       if [ -f $(Q)/KeyPair.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs keypair < $(Q)/KeyPair.req > $(A)/KeyPair.rsp; fi
+       if [ -f $(Q)/SigGen.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs siggen < $(Q)/SigGen.req > $(A)/SigGen.rsp; fi
+       if [ -f $(Q)/SigVer.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_dssvs sigver < $Q/SigVer.req > $A/SigVer.rsp; fi
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
index 234445bb70292091f3b1e6f0a8e1935a32bec770..0bdaddf82cf77a13399fa22adc3bfa39a0467def 100644 (file)
@@ -145,6 +145,73 @@ int FIPS_selftest()
        && FIPS_selftest_dsa();
     }
 
+#ifndef HMAC_EXT
+#define HMAC_EXT "sha1"
+#endif
+
+static char key[]="etaonrishdlcupfm";
+
+#ifdef OPENSSL_PIC
+int DSO_pathbyaddr(void *addr,char *path,int sz);
+
+static int FIPS_check_dso()
+    {
+    unsigned char buf[1024];
+    char path [512];
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    FILE *f;
+    HMAC_CTX hmac;
+    int len,n;
+
+    len = DSO_pathbyaddr(NULL,path,sizeof(path)-sizeof(HMAC_EXT));
+    if (len<=0)
+       {
+       FIPSerr(FIPS_F_FIPS_CHECK_DSO,FIPS_R_NO_DSO_PATH);
+       return 0;
+       }
+
+    f=fopen(path,"rb");
+    if(!f)
+       {
+       FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
+       return 0;
+       }
+
+    HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
+    while(!feof(f))
+       {
+       n=fread(buf,1,sizeof buf,f);
+       if(ferror(f))
+           {
+           clearerr(f);
+           fclose(f);
+           FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
+           return 0;
+           }
+       if (n) HMAC_Update(&hmac,buf,n);
+       }
+    fclose(f);
+    HMAC_Final(&hmac,mdbuf,&n);
+    HMAC_CTX_cleanup(&hmac);
+
+    path[len-1]='.';
+    strcpy(path+len,HMAC_EXT);
+    f=fopen(path,"rb");
+    if(!f || fread(buf,1,20,f) != 20)
+       {
+       if (f) fclose(f);
+       FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
+       return 0;
+       }
+    fclose(f);
+    if(memcmp(buf,mdbuf,20))
+       {
+       FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
+       return 0;
+       }
+    return 1;
+    }
+#else
 static int FIPS_check_exe(const char *path)
     {
     unsigned char buf[1024];
@@ -152,9 +219,8 @@ static int FIPS_check_exe(const char *path)
     unsigned int n;
     unsigned char mdbuf[EVP_MAX_MD_SIZE];
     FILE *f;
-    static char key[]="etaonrishdlcupfm";
     HMAC_CTX hmac;
-    const char *sha1_fmt="%s.sha1";
+    const char *sha1_fmt="%s."HMAC_EXT;
 
     f=fopen(path,"rb");
 #ifdef __CYGWIN32__
@@ -163,7 +229,7 @@ static int FIPS_check_exe(const char *path)
        just in case the behavior changes in the future... */
     if (!f)
        {
-       sha1_fmt="%s.exe.sha1";
+       sha1_fmt="%s.exe."HMAC_EXT;
        BIO_snprintf(p2,sizeof p2,"%s.exe",path);
        f=fopen(p2,"rb");
        }
@@ -205,6 +271,7 @@ static int FIPS_check_exe(const char *path)
        }
     return 1;
     }
+#endif
 
 int FIPS_mode_set(int onoff,const char *path)
     {
@@ -232,7 +299,11 @@ int FIPS_mode_set(int onoff,const char *path)
            goto end;
            }
 
+#ifdef OPENSSL_PIC
+       if(!FIPS_check_dso())
+#else
        if(!FIPS_check_exe(path))
+#endif
            {
            fips_selftest_fail = 1;
            ret = 0;
index 3dbdc661ceaed22fee5f9a8dd5f67291b215c31c..98db0ed6dc00613a43e74b28dd7029077ab66902 100644 (file)
@@ -110,6 +110,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_RSA_GENERATE_KEY                                 113
 #define FIPS_F_RSA_X931_GENERATE_KEY                    119
 #define FIPS_F_SSLEAY_RAND_BYTES                        101
+#define FIPS_F_FIPS_CHECK_DSO                           120
 
 /* Reason codes. */
 #define FIPS_R_CANNOT_READ_EXE                          103
@@ -122,6 +123,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_R_NON_FIPS_METHOD                          100
 #define FIPS_R_PAIRWISE_TEST_FAILED                     107
 #define FIPS_R_SELFTEST_FAILED                          101
+#define FIPS_R_NO_DSO_PATH                              110
 
 #ifdef  __cplusplus
 }
index 59144e4c24bbc4e4f2078333db8d56600d8fc58f..c40cc5fbebcebaa605b395f6472f0972699d1dfb 100644 (file)
@@ -90,6 +90,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_RSA_GENERATE_KEY),    "RSA_generate_key"},
 {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY),       "RSA_X931_generate_key"},
 {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),   "SSLEAY_RAND_BYTES"},
+{ERR_FINC(FIPS_F_FIPS_CHECK_DSO),      "FIPS_check_dso"},
 {0,NULL}
        };
 
@@ -105,6 +106,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_NON_FIPS_METHOD)      ,"non fips method"},
 {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
 {ERR_REASON(FIPS_R_SELFTEST_FAILED)      ,"selftest failed"},
+{ERR_REASON(FIPS_R_NO_DSO_PATH)                 ,"DSO can't be determined"},
 {0,NULL}
        };
 
index dfcbc5a877a2ce15534916cbaa453e8acf186cda..e0dcdca2e1378f8bef6adb910e7e065c68036c02 100644 (file)
@@ -1,8 +1,8 @@
 const char * const FIPS_source_hashes[] = {
-"HMAC-SHA1(fips.c)= 9ff14b7f6f7db99c04de226a075a358e3578c4df",
+"HMAC-SHA1(fips.c)= c5116c8f381d5981d840d240f66c8303b866f5f6",
 "HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
-"HMAC-SHA1(fips.h)= 9e8d77f438eabc36273e2046aa209e6e78515103",
-"HMAC-SHA1(fips_err.h)= fec567f1abe0f8d53a208b7f24b992dda2db3e4d",
+"HMAC-SHA1(fips.h)= 23151c26e0c735c09b0f229a16a31235150b4ca4",
+"HMAC-SHA1(fips_err.h)= b9cd3383335a4db7663dd3b7a4851e2d60998597",
 "HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
 "HMAC-SHA1(aes/asm/fips-ax86-elf.s)= f797b524a79196e7f59458a5b223432fcfd4a868",
 "HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0",
@@ -26,7 +26,7 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
 "HMAC-SHA1(rsa/fips_rsa_x931g.c)= 1827d381bb21c53a38a7194cb1c428a2b5f1e3ab",
 "HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
-"HMAC-SHA1(sha/fips_standalone_sha1.c)= faae95bc36cc80f5be6a0cde02ebab0f63d4fd97",
+"HMAC-SHA1(sha/fips_standalone_sha1.c)= 46a66875e68398eabca2e933958a2d865149ca1b",
 "HMAC-SHA1(sha/fips_sha1_selftest.c)= a08f9c1e2c0f63b9aa96b927c0333a03b020749f",
 "HMAC-SHA1(sha/asm/fips-sx86-elf.s)= ae66fb23ab8e1a2287e87a0a2dd30a4b9039fe63",
 "HMAC-SHA1(sha/fips_sha_locl.h)= 30b6d6bdbdc9db0d66dc89010c1f4fe1c7b60574",
index 6a64289a38d64a47d70528bef7b3085b20e9d7b6..2e1d92b89cf87710e3ab8798d437dd70c37f887a 100644 (file)
@@ -62,20 +62,13 @@ tags:
 
 tests:
 
-top_fips_hmactest:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_hmactest sub_target)
-
-fips_hmactest: fips_hmactest.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_hmactest fips_hmactest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_hmactest
-
 Q=../testvectors/hmac/req
 A=../testvectors/hmac/rsp
 
-fips_test: top top_fips_hmactest
+fips_test:
        -rm -rf $(A)
        mkdir $(A)
-       ./fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp
+       if [ -f $(Q)/HMAC.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_hmactest < $(Q)/HMAC.req > $(A)/HMAC.rsp; fi
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
index d3dfb7eb61efb57da45736f072b002ef45bb2769..eb8c9c253d4113143d8b9645b9f0ab98a11ebe48 100755 (executable)
@@ -5,6 +5,7 @@
 
 lib=$1
 exe=$2
+ext=${HMAC_EXT:-sha1}
 
 # deal with the case where we're run from within the build and OpenSSL is
 # not yet installed.  Also, make sure LD_LIBRARY_PATH is properly set in
@@ -22,9 +23,9 @@ else
 fi
 
 echo "Checking library fingerprint for $lib"
-openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.sha1 - || { echo "$libs fingerprint mismatch"; exit 1; }
+openssl sha1 -hmac etaonrishdlcupfm $lib | sed "s/(.*\//(/" | diff -w $lib.$ext - || { echo "$libs fingerprint mismatch"; exit 1; }
 
 [ -x $exe.exe ] && exe=$exe.exe
 
 echo "Making fingerprint for $exe"
-openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.sha1 || rm $exe.sha1
+openssl sha1 -hmac etaonrishdlcupfm -binary $exe > $exe.$ext || rm $exe.$ext
index ccdc1ec517b9346a547128e568320ce4c0e0b5ff..8ac67dbae294cbe6895faa9f02665415d6cb8a1f 100644 (file)
@@ -18,7 +18,7 @@ AR=           ar r
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
-TEST= fips_randtest.c
+TEST= fips_randtest.c fips_rngvs.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
@@ -62,21 +62,14 @@ tags:
 
 tests:
 
-top_fips_rngvs:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rngvs sub_target)
-
-fips_rngvs: fips_rngvs.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_rngvs fips_rngvs.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rngvs
-
 Q=../testvectors/rng/req
 A=../testvectors/rng/rsp
 
-fips_test: top_fips_rngvs
+fips_test:
        -rm -rf $(A)
        mkdir $(A)
-       ./fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp
-       ./fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp
+       if [ -f $(Q)/ANSI931_TDES2MCT.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs mct < $(Q)/ANSI931_TDES2MCT.req > $(A)/ANSI931_TDES2MCT.rsp; fi
+       if [ -f $(Q)/ANSI931_TDES2VST.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rngvs vst < $(Q)/ANSI931_TDES2VST.req > $(A)/ANSI931_TDES2VST.rsp; fi
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
index 7ead49974031cbe2612a4d2c3125efb937240c70..ab236df8de694aae4d14e64ac511c3ac8bc71077 100644 (file)
@@ -62,35 +62,21 @@ tags:
 
 tests:
 
-top_fips_rsastest:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsastest sub_target)
-
-top_fips_rsavtest:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsavtest sub_target)
-
-top_fips_rsagtest:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_rsagtest sub_target)
-
-fips_rsastest: fips_rsastest.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_rsastest fips_rsastest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsastest
-
-fips_rsavtest: fips_rsavtest.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_rsavtest fips_rsavtest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsavtest
-
-fips_rsagtest: fips_rsagtest.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_rsagtest fips_rsagtest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_rsagtest
-
 Q=../testvectors/rsa/req
 A=../testvectors/rsa/rsp
 
-fips_test: top top_fips_rsastest top_fips_rsavtest top_fips_rsagtest
+fips_test:
        -rm -rf $(A)
        mkdir $(A)
-       ./fips_rsastest < $(Q)/SigGen15.req > $(A)/SigGen15.rsp
-       ./fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp
+       if [ -f $(Q)/SigGen15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest < $(Q)/SigGen15.req  > $(A)/SigGen15.rsp; fi
+       if [ -f $(Q)/SigVer15.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest < $(Q)/SigVer15.req > $(A)/SigVer15.rsp; fi
+       if [ -f $(Q)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 0 < $(Q)/SigGenPSS.req > $(A)/SigGenPSS.rsp; fi
+       if [ -f $(Q)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 0 < $(Q)/SigVerPSS.req > $(A)/SigVerPSS.rsp; fi
+       if [ -f $(Q)/SigGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -x931 < $(Q)/SigGenRSA.req > $(A)/SigGenRSA.rsp; fi
+       if [ -f $(Q)/SigVerRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -x931 < $(Q)/SigVerRSA.req > $(A)/SigVerRSA.rsp; fi
+       if [ -f $(Q62)/SigGenPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsastest -saltlen 62 < $(Q62)/SigGenPSS.req >$(A62)/SigGenPSS.rsp; fi
+       if [ -f $(Q62)/SigVerPSS.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsavtest -saltlen 62 <$(Q62)/SigVerPSS.req >$(A62)/SigVerPSS.rsp; fi
+       if [ -f $(Q)/KeyGenRSA.req ]; then $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_rsagtest < $(Q)/KeyGenRSA.req > $(A)/KeyGenRSA.rsp; fi
 
 lint:
        lint -DLINT $(INCLUDES) $(SRC)>fluff
index 711b09eb05e82b632f31ffe3922005121953ba53..ef00a1bb2a30da186bbb0be03627599ed6808fb7 100644 (file)
@@ -72,13 +72,6 @@ tags:
 
 tests:
 
-top_fips_shatest:
-       (cd $(TOP); $(MAKE) DIRS=fips FDIRS=$(DIR) TARGET=fips_shatest sub_target)
-
-fips_shatest: fips_shatest.o $(TOP)/libcrypto.a
-       $(CC) $(CFLAGS) -o fips_shatest fips_shatest.o $(PEX_LIBS) $(TOP)/libcrypto.a $(EX_LIBS)
-       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a fips_shatest
-
 Q=../testvectors/sha/req
 A=../testvectors/sha/rsp
 
@@ -98,11 +91,13 @@ VECTORS = SHA1LongMsg \
        SHA512Monte \
        SHA512ShortMsg
 
-fips_test: top_fips_shatest
+fips_test:
        -rm -rf $(A)
        mkdir $(A)
        for file in $(VECTORS); do \
-               ./fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+           if [ -f $(Q)/$$file.req ]; then \
+               $(TOP)/util/shlib_wrap.sh $(TOP)/test/fips_shatest $(Q)/$$file.req $(A)/$$file.rsp; \
+           fi; \
        done
 
 lint:
index 2ea3a41ce5aa2c8674fa48cad4f08771f713c4fc..8c10c2cd83112e2c3ae0789a9784e2bb5250ad17 100644 (file)
@@ -104,7 +104,7 @@ int main(int argc,char **argv)
     {
 #ifdef OPENSSL_FIPS
     static char key[]="etaonrishdlcupfm";
-    int n;
+    int n,binary=0;
 
     if(argc < 2)
        {
@@ -112,7 +112,14 @@ int main(int argc,char **argv)
        exit(1);
        }
 
-    for(n=1 ; n < argc ; ++n)
+    n=1;
+    if (!strcmp(argv[n],"-binary"))
+       {
+       n++;
+       binary=1;       /* emit binary fingerprint... */
+       }
+
+    for(; n < argc ; ++n)
        {
        FILE *f=fopen(argv[n],"rb");
        SHA_CTX md_ctx,o_ctx;
@@ -145,6 +152,12 @@ int main(int argc,char **argv)
            }
        hmac_final(md,&md_ctx,&o_ctx);
 
+       if (binary)
+           {
+           fwrite(md,20,1,stdout);
+           break;      /* ... for single(!) file */
+           }
+
        printf("HMAC-SHA1(%s)= ",argv[n]);
        for(i=0 ; i < 20 ; ++i)
            printf("%02x",md[i]);
index 3405d7e5c94ba886fdbd24ed98ca3e2527aaba56..3a20a5b57d4cbbdd472a65566c33d87089bb2ef8 100644 (file)
@@ -68,6 +68,8 @@ FIPS_HMACTEST=        fips_hmactest
 FIPS_RSAVTEST= fips_rsavtest
 FIPS_RSASTEST= fips_rsastest
 FIPS_RSAGTEST= fips_rsagtest
+FIPS_DSSVS=    fips_dssvs
+FIPS_RNGVS=    fips_rngvs
 
 TESTS=         alltests
 
@@ -78,7 +80,8 @@ EXE=  $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) $(MD2TEST)$(E
        $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
        $(EVPTEST)$(EXE_EXT) $(FIPS_AESTEST)$(EXE_EXT) \
        $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
-       $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT)
+       $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
+       $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_RNGVS)$(EXE_EXT)
 
 # $(METHTEST)$(EXE_EXT)
 
@@ -89,7 +92,7 @@ OBJ=  $(BNTEST).o $(ECTEST).o $(IDEATEST).o $(MD2TEST).o $(MD4TEST).o $(MD5TEST).
        $(RANDTEST).o $(FIPS_RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
        $(BFTEST).o  $(SSLTEST).o  $(DSATEST).o $(FIPS_DSATEST).o $(EXPTEST).o $(RSATEST).o \
        $(EVPTEST).o $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
-       $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o
+       $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o $(FIPS_DSSVS).o $(FIPS_RNGVS).o
 SRC=   $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
        $(HMACTEST).c \
        $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
@@ -97,7 +100,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD4TEST).c $(MD5TEST)
        $(RANDTEST).c $(FIPS_RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
        $(BFTEST).c  $(SSLTEST).c $(DSATEST).c $(FIPS_DSATEST).c $(EXPTEST).c $(RSATEST).c \
        $(EVPTEST).c $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
-       $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c
+       $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c $(FIPS_DSSVS).c $(FIPS_RNGVS).c
 
 EXHEADER= 
 HEADER=        $(EXHEADER)
@@ -328,35 +331,31 @@ BUILD_CMD=if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
                $(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
        fi;
 
-$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_AESTEST); $(BUILD_CMD)
+FIPS_BUILD_CMD=$(BUILD_CMD) \
        if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_AESTEST); \
+         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $$target; \
        fi
 
+$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
+       @target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
+
 $(FIPS_HMACTEST)$(EXE_EXT): $(FIPS_HMACTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_HMACTEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_HMACTEST); \
-       fi
+       @target=$(FIPS_HMACTEST); $(FIPS_BUILD_CMD)
 
 $(FIPS_RSAVTEST)$(EXE_EXT): $(FIPS_RSAVTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_RSAVTEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSAVTEST); \
-       fi
+       @target=$(FIPS_RSAVTEST); $(FIPS_BUILD_CMD)
 
 $(FIPS_RSASTEST)$(EXE_EXT): $(FIPS_RSASTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_RSASTEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSASTEST); \
-       fi
+       @target=$(FIPS_RSASTEST); $(FIPS_BUILD_CMD)
 
 $(FIPS_RSAGTEST)$(EXE_EXT): $(FIPS_RSAGTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_RSAGTEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RSAGTEST); \
-       fi
+       @target=$(FIPS_RSAGTEST); $(FIPS_BUILD_CMD)
+
+$(FIPS_DSSVS)$(EXE_EXT): $(FIPS_DSSVS).o $(DLIBCRYPTO)
+       @target=$(FIPS_DSSVS); $(FIPS_BUILD_CMD)
+
+$(FIPS_RNGVS)$(EXE_EXT): $(FIPS_RNGVS).o $(DLIBCRYPTO)
+       @target=$(FIPS_RNGVS); $(FIPS_BUILD_CMD)
 
 $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
        @target=$(RSATEST); $(BUILD_CMD)
@@ -383,10 +382,7 @@ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
        @target=$(SHA1TEST); $(BUILD_CMD)
 
 $(FIPS_SHATEST)$(EXE_EXT): $(FIPS_SHATEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_SHATEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_SHATEST); \
-       fi
+       @target=$(FIPS_SHATEST); $(FIPS_BUILD_CMD)
 
 $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
        @target=$(RMDTEST); $(BUILD_CMD)
@@ -422,19 +418,13 @@ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
        @target=$(DESTEST); $(BUILD_CMD)
 
 $(FIPS_DESTEST)$(EXE_EXT): $(FIPS_DESTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_DESTEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DESTEST); \
-       fi
+       @target=$(FIPS_DESTEST); $(FIPS_BUILD_CMD)
 
 $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
        @target=$(RANDTEST); $(BUILD_CMD)
 
 $(FIPS_RANDTEST)$(EXE_EXT): $(FIPS_RANDTEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_RANDTEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_RANDTEST); \
-       fi
+       @target=$(FIPS_RANDTEST); $(FIPS_BUILD_CMD)
 
 $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
        @target=$(DHTEST); $(BUILD_CMD)
@@ -443,10 +433,7 @@ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
        @target=$(DSATEST); $(BUILD_CMD)
 
 $(FIPS_DSATEST)$(EXE_EXT): $(FIPS_DSATEST).o $(DLIBCRYPTO)
-       @target=$(FIPS_DSATEST); $(BUILD_CMD)
-       if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
-         TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(FIPS_DSATEST); \
-       fi
+       @target=$(FIPS_DSATEST); $(FIPS_BUILD_CMD)
 
 $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
        @target=$(METHTEST); $(BUILD_CMD)