Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
ded19997
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
ded19997
编写于
4月 04, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Change RNG test to block oriented instead of request oriented, add option
to test a "stuck" DRBG.
上级
a255e5bc
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
82 addition
and
68 deletion
+82
-68
crypto/fips_err.h
crypto/fips_err.h
+2
-0
fips/fips.h
fips/fips.h
+3
-0
fips/fips_test_suite.c
fips/fips_test_suite.c
+7
-0
fips/rand/fips_drbg_ctr.c
fips/rand/fips_drbg_ctr.c
+10
-0
fips/rand/fips_drbg_hash.c
fips/rand/fips_drbg_hash.c
+10
-0
fips/rand/fips_drbg_lib.c
fips/rand/fips_drbg_lib.c
+36
-66
fips/rand/fips_drbg_rand.c
fips/rand/fips_drbg_rand.c
+8
-1
fips/rand/fips_rand_lcl.h
fips/rand/fips_rand_lcl.h
+6
-1
未找到文件。
crypto/fips_err.h
浏览文件 @
ded19997
...
...
@@ -71,6 +71,7 @@
static
ERR_STRING_DATA
FIPS_str_functs
[]
=
{
{
ERR_FUNC
(
FIPS_F_DH_BUILTIN_GENPARAMS
),
"DH_BUILTIN_GENPARAMS"
},
{
ERR_FUNC
(
FIPS_F_DRBG_CPRNG_TEST
),
"DRBG_CPRNG_TEST"
},
{
ERR_FUNC
(
FIPS_F_DSA_BUILTIN_PARAMGEN
),
"DSA_BUILTIN_PARAMGEN"
},
{
ERR_FUNC
(
FIPS_F_DSA_BUILTIN_PARAMGEN2
),
"DSA_BUILTIN_PARAMGEN2"
},
{
ERR_FUNC
(
FIPS_F_DSA_DO_SIGN
),
"DSA_do_sign"
},
...
...
@@ -139,6 +140,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
{
ERR_REASON
(
FIPS_R_GENERATE_ERROR_UNDETECTED
),
"generate error undetected"
},
{
ERR_REASON
(
FIPS_R_INSTANTIATE_ERROR
)
,
"instantiate error"
},
{
ERR_REASON
(
FIPS_R_INSUFFICIENT_SECURITY_STRENGTH
),
"insufficient security strength"
},
{
ERR_REASON
(
FIPS_R_INTERNAL_ERROR
)
,
"internal error"
},
{
ERR_REASON
(
FIPS_R_INVALID_KEY_LENGTH
)
,
"invalid key length"
},
{
ERR_REASON
(
FIPS_R_IN_ERROR_STATE
)
,
"in error state"
},
{
ERR_REASON
(
FIPS_R_KEY_TOO_SHORT
)
,
"key too short"
},
...
...
fips/fips.h
浏览文件 @
ded19997
...
...
@@ -92,6 +92,7 @@ void FIPS_corrupt_ec_keygen(void);
void
FIPS_corrupt_rng
(
void
);
void
FIPS_corrupt_drbg
(
void
);
void
FIPS_rng_stick
(
void
);
void
FIPS_drbg_stick
(
void
);
int
FIPS_selftest_rng
(
void
);
int
FIPS_selftest_hmac
(
void
);
int
FIPS_selftest_drbg
(
void
);
...
...
@@ -188,6 +189,7 @@ void ERR_load_FIPS_strings(void);
/* Function codes. */
#define FIPS_F_DH_BUILTIN_GENPARAMS 100
#define FIPS_F_DRBG_CPRNG_TEST 141
#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
#define FIPS_F_DSA_BUILTIN_PARAMGEN2 126
#define FIPS_F_DSA_DO_SIGN 102
...
...
@@ -253,6 +255,7 @@ void ERR_load_FIPS_strings(void);
#define FIPS_R_GENERATE_ERROR_UNDETECTED 136
#define FIPS_R_INSTANTIATE_ERROR 125
#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 132
#define FIPS_R_INTERNAL_ERROR 143
#define FIPS_R_INVALID_KEY_LENGTH 109
#define FIPS_R_IN_ERROR_STATE 126
#define FIPS_R_KEY_TOO_SHORT 108
...
...
fips/fips_test_suite.c
浏览文件 @
ded19997
...
...
@@ -671,6 +671,7 @@ int main(int argc,char **argv)
int
do_corrupt_rsa_keygen
=
0
,
do_corrupt_dsa_keygen
=
0
;
int
bad_rsa
=
0
,
bad_dsa
=
0
;
int
do_rng_stick
=
0
;
int
do_drbg_stick
=
0
;
int
no_exit
=
0
;
fips_algtest_init_nofips
();
...
...
@@ -727,6 +728,10 @@ int main(int argc,char **argv)
do_rng_stick
=
1
;
no_exit
=
1
;
printf
(
"RNG test with stuck continuous test...
\n
"
);
}
else
if
(
!
strcmp
(
argv
[
1
],
"drbgstick"
))
{
do_drbg_stick
=
1
;
no_exit
=
1
;
printf
(
"DRBG test with stuck continuous test...
\n
"
);
}
else
{
printf
(
"Bad argument
\"
%s
\"\n
"
,
argv
[
1
]);
exit
(
1
);
...
...
@@ -756,6 +761,8 @@ int main(int argc,char **argv)
FIPS_corrupt_dsa_keygen
();
if
(
do_corrupt_rsa_keygen
)
FIPS_corrupt_rsa_keygen
();
if
(
do_drbg_stick
)
FIPS_drbg_stick
();
if
(
do_rng_stick
)
FIPS_rng_stick
();
...
...
fips/rand/fips_drbg_ctr.c
浏览文件 @
ded19997
...
...
@@ -330,14 +330,24 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
for
(;;)
{
inc_128
(
cctx
);
if
(
!
(
dctx
->
flags
&
DRBG_FLAG_TEST
)
&&
!
dctx
->
lb_valid
)
{
AES_encrypt
(
cctx
->
V
,
dctx
->
lb
,
&
cctx
->
ks
);
dctx
->
lb_valid
=
1
;
continue
;
}
if
(
outlen
<
16
)
{
/* Use K as temp space as it will be updated */
AES_encrypt
(
cctx
->
V
,
cctx
->
K
,
&
cctx
->
ks
);
if
(
!
drbg_cprng_test
(
dctx
,
cctx
->
K
))
return
0
;
memcpy
(
out
,
cctx
->
K
,
outlen
);
break
;
}
AES_encrypt
(
cctx
->
V
,
out
,
&
cctx
->
ks
);
if
(
!
drbg_cprng_test
(
dctx
,
out
))
return
0
;
out
+=
16
;
outlen
-=
16
;
if
(
outlen
==
0
)
...
...
fips/rand/fips_drbg_hash.c
浏览文件 @
ded19997
...
...
@@ -195,13 +195,23 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
{
FIPS_digestinit
(
&
hctx
->
mctx
,
hctx
->
md
);
FIPS_digestupdate
(
&
hctx
->
mctx
,
hctx
->
vtmp
,
dctx
->
seedlen
);
if
(
!
(
dctx
->
flags
&
DRBG_FLAG_TEST
)
&&
!
dctx
->
lb_valid
)
{
FIPS_digestfinal
(
&
hctx
->
mctx
,
dctx
->
lb
,
NULL
);
dctx
->
lb_valid
=
1
;
continue
;
}
if
(
outlen
<
dctx
->
blocklength
)
{
FIPS_digestfinal
(
&
hctx
->
mctx
,
hctx
->
vtmp
,
NULL
);
if
(
!
drbg_cprng_test
(
dctx
,
hctx
->
vtmp
))
return
0
;
memcpy
(
out
,
hctx
->
vtmp
,
outlen
);
return
1
;
}
FIPS_digestfinal
(
&
hctx
->
mctx
,
out
,
NULL
);
if
(
!
drbg_cprng_test
(
dctx
,
out
))
return
0
;
outlen
-=
dctx
->
blocklength
;
if
(
outlen
==
0
)
return
1
;
...
...
fips/rand/fips_drbg_lib.c
浏览文件 @
ded19997
...
...
@@ -268,8 +268,7 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
}
static
int
fips_drbg_generate_internal
(
DRBG_CTX
*
dctx
,
unsigned
char
*
out
,
size_t
outlen
,
int
FIPS_drbg_generate
(
DRBG_CTX
*
dctx
,
unsigned
char
*
out
,
size_t
outlen
,
int
strength
,
int
prediction_resistance
,
const
unsigned
char
*
adin
,
size_t
adinlen
)
{
...
...
@@ -323,76 +322,13 @@ static int fips_drbg_generate_internal(DRBG_CTX *dctx,
if
(
r
)
{
if
(
!
(
dctx
->
flags
&
DRBG_FLAG_NOERR
))
FIPSerr
(
FIPS_F_FIPS_DRBG_GENERATE
_INTERNAL
,
r
);
FIPSerr
(
FIPS_F_FIPS_DRBG_GENERATE
,
r
);
return
0
;
}
return
1
;
}
/* external generate function: incorporates continuous RNG test if not
* in test mode.
*/
int
FIPS_drbg_generate
(
DRBG_CTX
*
dctx
,
unsigned
char
*
out
,
size_t
outlen
,
int
strength
,
int
prediction_resistance
,
const
unsigned
char
*
adin
,
size_t
adinlen
)
{
unsigned
char
tmp
[
16
],
*
pout
;
size_t
poutlen
;
/* If test mode don't run continuous RNG test */
if
(
dctx
->
flags
&
DRBG_FLAG_TEST
)
{
return
fips_drbg_generate_internal
(
dctx
,
out
,
outlen
,
strength
,
prediction_resistance
,
adin
,
adinlen
);
}
/* If this is the first call generate block and save buffer */
if
(
!
dctx
->
lb_valid
)
{
if
(
!
fips_drbg_generate_internal
(
dctx
,
dctx
->
lb
,
16
,
strength
,
prediction_resistance
,
adin
,
adinlen
))
return
0
;
dctx
->
lb_valid
=
1
;
}
/* If request less that 16 bytes request 16 in temp buffer */
if
(
outlen
<
16
)
{
pout
=
tmp
;
poutlen
=
16
;
}
else
{
pout
=
out
;
poutlen
=
outlen
;
}
/* Generate data */
if
(
!
fips_drbg_generate_internal
(
dctx
,
pout
,
poutlen
,
strength
,
prediction_resistance
,
adin
,
adinlen
))
return
0
;
/* Compare to last block for continuous PRNG test */
if
(
!
memcmp
(
pout
,
dctx
->
lb
,
16
))
{
FIPSerr
(
FIPS_F_FIPS_DRBG_GENERATE
,
FIPS_R_DRBG_STUCK
);
return
0
;
}
/* Update last block */
memcpy
(
dctx
->
lb
,
pout
,
16
);
/* Copy to output buffer if needed */
if
(
outlen
<
16
)
memcpy
(
out
,
pout
,
outlen
);
return
1
;
}
int
FIPS_drbg_uninstantiate
(
DRBG_CTX
*
dctx
)
{
int
rv
;
...
...
@@ -461,3 +397,37 @@ int FIPS_drbg_get_strength(DRBG_CTX *dctx)
{
return
dctx
->
strength
;
}
static
int
drbg_stick
=
0
;
void
FIPS_drbg_stick
(
void
)
{
drbg_stick
=
1
;
}
/* Continuous DRBG utility function */
int
drbg_cprng_test
(
DRBG_CTX
*
dctx
,
const
unsigned
char
*
out
)
{
/* No CPRNG in test mode */
if
(
dctx
->
flags
&
DRBG_FLAG_TEST
)
return
1
;
/* Check block is valid: should never happen */
if
(
dctx
->
lb_valid
==
0
)
{
FIPSerr
(
FIPS_F_DRBG_CPRNG_TEST
,
FIPS_R_INTERNAL_ERROR
);
fips_set_selftest_fail
();
return
0
;
}
if
(
drbg_stick
)
memcpy
(
dctx
->
lb
,
out
,
dctx
->
blocklength
);
/* Check against last block: fail if match */
if
(
!
memcmp
(
dctx
->
lb
,
out
,
dctx
->
blocklength
))
{
FIPSerr
(
FIPS_F_DRBG_CPRNG_TEST
,
FIPS_R_DRBG_STUCK
);
fips_set_selftest_fail
();
return
0
;
}
/* Save last block for next comparison */
memcpy
(
dctx
->
lb
,
out
,
dctx
->
blocklength
);
return
1
;
}
fips/rand/fips_drbg_rand.c
浏览文件 @
ded19997
...
...
@@ -117,6 +117,13 @@ static int fips_drbg_bytes(unsigned char *out, int count)
return
rv
;
}
static
int
fips_drbg_pseudo
(
unsigned
char
*
out
,
int
count
)
{
if
(
fips_drbg_bytes
(
out
,
count
)
<=
0
)
return
-
1
;
return
1
;
}
static
int
fips_drbg_status
(
void
)
{
DRBG_CTX
*
dctx
=
&
ossl_dctx
;
...
...
@@ -168,7 +175,7 @@ static const RAND_METHOD rand_drbg_meth =
fips_drbg_bytes
,
fips_drbg_cleanup
,
fips_drbg_add
,
fips_drbg_
bytes
,
fips_drbg_
pseudo
,
fips_drbg_status
};
...
...
fips/rand/fips_rand_lcl.h
浏览文件 @
ded19997
...
...
@@ -100,6 +100,10 @@ struct drbg_ctr_ctx_st
/* A default maximum length: larger than any reasonable value used in pratice */
#define DRBG_MAX_LENGTH 0x7ffffff0
/* Maximum DRBG block length: all md sizes are bigger than cipher blocks sizes
* so use max digest length.
*/
#define DRBG_MAX_BLOCK EVP_MAX_MD_SIZE
/* DRBG context structure */
...
...
@@ -163,7 +167,7 @@ struct drbg_ctx_st
/* Continuous random number test temporary area */
/* Last block */
unsigned
char
lb
[
16
];
unsigned
char
lb
[
EVP_MAX_MD_SIZE
];
/* set if lb is valid */
int
lb_valid
;
...
...
@@ -181,3 +185,4 @@ struct drbg_ctx_st
int
fips_drbg_ctr_init
(
DRBG_CTX
*
dctx
);
int
fips_drbg_hash_init
(
DRBG_CTX
*
dctx
);
int
fips_drbg_kat
(
DRBG_CTX
*
dctx
,
int
nid
,
unsigned
int
flags
);
int
drbg_cprng_test
(
DRBG_CTX
*
dctx
,
const
unsigned
char
*
out
);
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录