diff options
| -rw-r--r-- | doc/gcrypt.texi | 11 | ||||
| -rw-r--r-- | random/ChangeLog | 1 | ||||
| -rw-r--r-- | random/random-fips.c | 8 | ||||
| -rw-r--r-- | tests/ChangeLog | 3 | ||||
| -rw-r--r-- | tests/fipsrngdrv.c | 44 |
5 files changed, 45 insertions, 22 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index d4ee49d9..11c97cc9 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3442,10 +3442,11 @@ this is the hashed data is highly confidential. @item GCRY_MD_FLAG_HMAC Turn the algorithm into a HMAC message authentication algorithm. This -only works if just one algorithm is enabled for the handle. Note that the function -@code{gcry_md_setkey} must be used to set the MAC key. If you want CBC -message authentication codes based on a cipher, see @xref{Working with -cipher handles}. +only works if just one algorithm is enabled for the handle. Note that +the function @code{gcry_md_setkey} must be used to set the MAC key. +The size of the MAC is equal to the message digest of the underlying +hash algorithm. If you want CBC message authentication codes based on +a cipher, see @xref{Working with cipher handles}. @end table @c begin table of hash flags @@ -3472,7 +3473,7 @@ be set using the function: @deftypefun gcry_error_t gcry_md_setkey (gcry_md_hd_t @var{h}, const void *@var{key}, size_t @var{keylen}) For use with the HMAC feature, set the MAC key to the value of @var{key} -of length @var{keylen}. +of length @var{keylen}. There is no restriction on the length of the key. @end deftypefun diff --git a/random/ChangeLog b/random/ChangeLog index 60702eba..c22ea2ea 100644 --- a/random/ChangeLog +++ b/random/ChangeLog @@ -1,6 +1,7 @@ 2008-09-16 Werner Koch <wk@g10code.com> * random-fips.c (x931_aes_driver): No re-seeding with test contexts. + (_gcry_rngfips_init_external_test): Fix setting of test_dt_ptr. 2008-09-15 Werner Koch <wk@g10code.com> diff --git a/random/random-fips.c b/random/random-fips.c index eb1706fc..2fc9596e 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -37,7 +37,7 @@ caller requested less bits, the extra bits are not used. The key for each generator is only set once at the first time a generator is used. The seed value is set with the key and again after 1000 - (SEED_TTL) output blocks. + (SEED_TTL) output blocks; the re-seeding is disabled in test mode. The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are keyed and seeded from the /dev/random device. Thus these @@ -1043,9 +1043,9 @@ _gcry_rngfips_init_external_test (void **r_context, /* Setup a DT value. Because our context structure only stores a pointer we copy the DT value to the extra space we allocated in - the test_ctx and set the pointer to tehre. */ - memcpy ((char*)test_ctx + sizeof *test_ctx, dt, dtlen); - test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof test_ctx; + the test_ctx and set the pointer to that address. */ + memcpy ((unsigned char*)test_ctx + sizeof *test_ctx, dt, dtlen); + test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx; test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24) |(test_ctx->test_dt_ptr[13] << 16) |(test_ctx->test_dt_ptr[14] << 8) diff --git a/tests/ChangeLog b/tests/ChangeLog index 23da9a91..c24fb5b1 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,6 +1,7 @@ 2008-09-16 Werner Koch <wk@g10code.com> - * fipsrngdrv.c: Bail out on write error. + * fipsrngdrv.c (main): Bail out on write error. Implement verbose + option. 2008-09-15 Werner Koch <wk@g10code.com> diff --git a/tests/fipsrngdrv.c b/tests/fipsrngdrv.c index bda0bde4..dfcea7c1 100644 --- a/tests/fipsrngdrv.c +++ b/tests/fipsrngdrv.c @@ -63,7 +63,7 @@ die (const char *format, ...) exactly to LENGTH bytes. The string is delimited by either end of string or a white space character. The function returns -1 on error or the length of the parsed string. */ -int +static int hex2bin (const char *string, void *buffer, size_t length) { int i; @@ -149,9 +149,16 @@ main (int argc, char **argv) argc--; argv++; break; } + else if (!strcmp (*argv, "--help")) + { + fputs ("usage: " PGM + " [--verbose] [--binary] [--loop] [--progress] KEY V DT\n", + stdout); + exit (0); + } else if (!strcmp (*argv, "--verbose")) { - verbose = 2; + verbose++; argc--; argv++; } else if (!strcmp (*argv, "--binary")) @@ -185,13 +192,16 @@ main (int argc, char **argv) die ("args are not 32 hex digits each\n"); } else - die ("invalid usage\n"); + die ("invalid usage (try --help)\n"); #ifndef HAVE_W32_SYSTEM if (loop) signal (SIGPIPE, SIG_IGN); #endif + if (verbose) + fputs (PGM ": started\n", stderr); + gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); if (!gcry_check_version ("1.4.3")) @@ -205,26 +215,33 @@ main (int argc, char **argv) do { + int writerr = 0; + err = run_external_test (context, buffer, sizeof buffer); if (err) die ("run external test failed: %s\n", gpg_strerror (err)); if (binary) { if (fwrite (buffer, 16, 1, stdout) != 1) - { -#ifndef HAVE_W32_SYSTEM - if (loop && errno == EPIPE) - break; -#endif - die ("writing output failed: %s\n", strerror (errno)); - } - fflush (stdout); + writerr = 1; + else + fflush (stdout); } else { print_buffer (buffer, sizeof buffer); - putchar ('\n'); + if (putchar ('\n') == EOF) + writerr = 1; } + if (writerr) + { +#ifndef HAVE_W32_SYSTEM + if (loop && errno == EPIPE) + break; +#endif + die ("writing output failed: %s\n", strerror (errno)); + } + if (progress) { putc ('.', stderr); @@ -238,6 +255,9 @@ main (int argc, char **argv) deinit_external_test (context); + if (verbose) + fputs (PGM ": ready\n", stderr); + return 0; } |