/
0001-Test-enable-debugging-include-bn-functions-in-FIPS-b.patch
165 lines (150 loc) · 3.78 KB
/
0001-Test-enable-debugging-include-bn-functions-in-FIPS-b.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
From 18b5359ceea65263fbaca9c3d6f62a4f11e473b4 Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Thu, 26 Dec 2013 23:54:37 +0100
Subject: [PATCH] Test: enable debugging + include bn functions in FIPS build
---
Makefile.fips | 3 +++
crypto/bn/bn_kron.c | 2 ++
crypto/bn/bn_print.c | 12 ++++++++++++
crypto/bn/bn_sqrt.c | 1 +
fips/rand/fips_drbg_ec.c | 13 ++++++++++---
5 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/Makefile.fips b/Makefile.fips
index 74db065..03472b4 100644
--- a/Makefile.fips
+++ b/Makefile.fips
@@ -286,16 +286,19 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
../crypto/bn/bn_exp.o \
../crypto/bn/bn_gcd.o \
../crypto/bn/bn_gf2m.o \
+ ../crypto/bn/bn_kron.o \
../crypto/bn/bn_lib.o \
../crypto/bn/bn_mod.o \
../crypto/bn/bn_mont.o \
../crypto/bn/bn_mul.o \
../crypto/bn/bn_nist.o \
../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_print.o \
../crypto/bn/bn_rand.o \
../crypto/bn/bn_recp.o \
../crypto/bn/bn_shift.o \
../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_sqrt.o \
../crypto/bn/bn_word.o \
../crypto/bn/bn_x931p.o \
../crypto/buffer/buf_str.o \
diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
index 740359b..d013c38 100644
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@@ -53,6 +53,8 @@
*
*/
+#define OPENSSL_FIPSAPI
+
#include "cryptlib.h"
#include "bn_lcl.h"
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 1743b6a..9394ce0 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include <ctype.h>
#include "cryptlib.h"
@@ -99,6 +101,7 @@ err:
return(buf);
}
+#if 0
/* Must 'OPENSSL_free' the returned data */
char *BN_bn2dec(const BIGNUM *a)
{
@@ -169,6 +172,8 @@ err:
return(buf);
}
+#endif
+
int BN_hex2bn(BIGNUM **bn, const char *a)
{
BIGNUM *ret=NULL;
@@ -236,6 +241,7 @@ err:
return(0);
}
+#if 0
int BN_dec2bn(BIGNUM **bn, const char *a)
{
BIGNUM *ret=NULL;
@@ -314,6 +320,9 @@ int BN_asc2bn(BIGNUM **bn, const char *a)
(*bn)->neg = 1;
return 1;
}
+#endif
+
+#define OPENSSL_NO_BIO
#ifndef OPENSSL_NO_BIO
#ifndef OPENSSL_NO_FP_API
@@ -358,6 +367,7 @@ end:
}
#endif
+#if 0
char *BN_options(void)
{
static int init=0;
@@ -376,3 +386,5 @@ char *BN_options(void)
}
return(data);
}
+
+#endif
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 6beaf9e..cefe6bf 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -54,6 +54,7 @@
* Hudson (tjh@cryptsoft.com).
*
*/
+#define OPENSSL_FIPSAPI
#include "cryptlib.h"
#include "bn_lcl.h"
diff --git a/fips/rand/fips_drbg_ec.c b/fips/rand/fips_drbg_ec.c
index 6be6534..942d142 100644
--- a/fips/rand/fips_drbg_ec.c
+++ b/fips/rand/fips_drbg_ec.c
@@ -61,7 +61,7 @@
#include <openssl/bn.h>
#include "fips_rand_lcl.h"
-/*#define EC_DRBG_TRACE*/
+#define EC_DRBG_TRACE
#ifdef EC_DRBG_TRACE
static void hexprint(FILE *out, const unsigned char *buf, int buflen)
@@ -202,6 +202,8 @@ static int bin2bnbits(DRBG_CTX *dctx, BIGNUM *r, const unsigned char *buf)
static int drbg_ec_mul(DRBG_EC_CTX *ectx, BIGNUM *r, const BIGNUM *s, int use_q)
{
+ BIGNUM *y = BN_new();
+ int ret;
if (use_q)
{
if (!EC_POINT_mul(ectx->curve, ectx->ptmp,
@@ -215,8 +217,13 @@ static int drbg_ec_mul(DRBG_EC_CTX *ectx, BIGNUM *r, const BIGNUM *s, int use_q)
return 0;
}
/* Get x coordinate of result */
- if (!EC_POINT_get_affine_coordinates_GFp(ectx->curve, ectx->ptmp, r,
- NULL, ectx->bctx))
+ ret = EC_POINT_get_affine_coordinates_GFp(ectx->curve, ectx->ptmp, r,
+ y, ectx->bctx);
+#ifdef EC_DRBG_TRACE
+ bnprint(stderr, "y coordinate at end of mul: ", y);
+#endif
+ BN_free(y);
+ if(!ret)
return 0;
return 1;
}
--
1.7.10.4