The recent code changes with fips created incompatibility with the
DJGPP port of 0.9.7. The attached patch fixes those problems caused
by different path separators (";" vs ":") and by the differentiation
in handling of binary and text mode files. In addition, "386" was
associated with elf assembly routines, but DJGPP uses coff rather than
elf.
The DJGPP version of make was unable to handle the shell comparators
in the Makefiles in the subdirectories of fips where $(EXHEADER) is
null, despite the fact that the shell itself handles this well. I put
alternative conditionals in the makefiles. I think these are probably
GNU extensions, but I didn't see another way of having this work in
DJGPP. I hope this isn't breaking the makefiles for other platforms.
The fips/aes makefile was also trying to use mklink to create a
subdirectory in the test directory. This doesn't work in DJGPP and
seems unnecessary for any platform, since the directory is created by
the "mkdir -p" in the fips_test_aes part of test/Makefile.
I also looked at the problem of DJGPP not having had a good way of
getting entropy to seed the PNRG. I made a change to let DJGPP use the
rand_egd mechanism. I don't see any reason why it can't work in DJGPP
and now seems to be polling the socket when tested. I also put in a
new RAND_poll function for DJGPP. The DJGPP system does not have a
good random number generator, but does have two pseudo random number
generators, rand and random, which use different algorithms to obtain
pseudorandom numbers from a seed. I used the rawclock function to
obtain the number of clock ticks since midnight (granularity 55ms),
used that to seed one pseudorandom function, then used the result of
that to seed the alternate function. Please look carefully at this,
since I am neither a programmer nor a cryptographer.
I also configured for fips mode with 386 under DJGPP. There is a
problem with one of the tests which used sed, since the official
DJGPP port of gnu sed also changes all EOLs to \r\n in addition to
any other editing changes it is supposed to do. I compiled a binary
version of sed to use with the "make test" part of compilation, which
treats files and streams as binary. The test will fail, however, if
using stock sed for DJGPP. The fips "make test" generates a number
of warnings about PRNG IN TEST MODE. I think they are supposed to
be there, but did want to make sure. In addition, I got a number of
warnings about small memory leaks. I am attaching an extract from the
log of "make test" run with fips. I don't see where these problems are
specific to DJGPP.
The attached patch is against the 20040725 snapshot of 0.9.7, after
applying the mingw patch I previously submitted (rt#924). Since I am
in the US, I am also submitting the patch to the US Bureau of Industry
and Security.
Thanks for looking at this. I suspect that not many people are
compiling OpenSSL under DJGPP besides me and Gisle Vanem.
Doug
--
Doug Kaufman
Internet: [EMAIL PROTECTED]
--- OpenSSL-0.9.7/Configure.orig 2004-08-04 00:10:26.000000000 -0800
+++ OpenSSL-0.9.7/Configure 2004-08-04 19:10:36.000000000 -0800
@@ -526,7 +526,7 @@
"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486
-Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2
-Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}::::::::::",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DNO_SYS_UN_H -DTERMIOS -DL_ENDIAN
-fomit-frame-pointer -fno-strict-aliasing -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib
-lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
# Ultrix from Bernhard Simon <[EMAIL PROTECTED]>
"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@@ -1168,8 +1168,8 @@
}
$des_obj=$des_enc unless (!$fips && $des_obj =~ /\.o$/);
my $fips_des_obj='asm/fips-dx86-elf.o';
-$fips_des_obj=$fips_des_enc unless $processor eq '386';
-my $fips_sha1_obj='asm/sx86-elf.o' if $processor eq '386';
+$fips_des_obj=$fips_des_enc unless ($processor eq '386' && $target ne 'DJGPP');
+my $fips_sha1_obj='asm/sx86-elf.o' if ($processor eq '386' && $target ne 'DJGPP');
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
--- OpenSSL-0.9.7/crypto/des/des_enc.c.ori 2004-05-11 05:00:58.000000000 -0800
+++ OpenSSL-0.9.7/crypto/des/des_enc.c 2004-08-01 17:14:50.000000000 -0800
@@ -293,7 +293,7 @@
#ifndef DES_DEFAULT_OPTIONS
-#if !defined(OPENSSL_FIPS) || !defined(I386_ONLY)
+#if !defined(OPENSSL_FIPS) || !defined(I386_ONLY) || defined(__DJGPP__)
#undef CBC_ENC_C__DONT_UPDATE_IV
#include "ncbc_enc.c" /* DES_ncbc_encrypt */
--- OpenSSL-0.9.7/crypto/rand/rand_egd.c.ori 2004-06-28 14:04:24.000000000 -0800
+++ OpenSSL-0.9.7/crypto/rand/rand_egd.c 2004-08-04 16:56:36.000000000 -0800
@@ -95,7 +95,7 @@
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS)
+#if !defined(__DJGPP__) && (defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) ||
defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS))
int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
{
return(-1);
--- OpenSSL-0.9.7/crypto/rand/rand_unix.c.ori 2003-12-27 09:01:10.000000000 -0800
+++ OpenSSL-0.9.7/crypto/rand/rand_unix.c 2004-08-02 21:40:54.000000000 -0800
@@ -142,6 +142,26 @@
return 1;
}
#else
+#ifdef __DJGPP__
+int RAND_poll(void)
+{
+ long rnd = 0;
+ int i, rnd1 = 0;
+ unsigned char buf[ENTROPY_NEEDED];
+
+ for (i = 0; i < sizeof(buf); i++) {
+ srand(rawclock() + i);
+ rnd1 = rand();
+ srandom(rnd1);
+ rnd = random();
+ buf[i] = rnd;
+ }
+ RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+ memset(buf, 0, sizeof(buf));
+
+ return 1;
+}
+#else
int RAND_poll(void)
{
unsigned long l;
@@ -255,6 +275,7 @@
#endif
#endif
+#endif
#if defined(OPENSSL_SYS_VXWORKS)
int RAND_poll(void)
--- OpenSSLl-0.9.7/fips/openssl_fips_fingerprint.ori 2004-06-27 00:01:44.000000000
-0800
+++ OpenSSLl-0.9.7/fips/openssl_fips_fingerprint 2004-08-01 17:55:24.000000000
-0800
@@ -11,7 +11,11 @@
# case shared libraries are built.
if [ "X$TOP" != "X" ]
then
- PATH=$TOP/apps:$PATH
+ if test "$OSTYPE" = msdosdjgpp; then
+ PATH=$TOP/apps\;$PATH
+ else
+ PATH=$TOP/apps:$PATH
+ fi
LD_LIBRARY_PATH=$TOP; export LD_LIBRARY_PATH
else
LD_LIBRARY_PATH=.; export LD_LIBRARY_PATH
--- OpenSSL-0.9.7/fips/aes/Makefile.ori 2004-07-31 23:36:42.000000000 -0800
+++ OpenSSL-0.9.7/fips/aes/Makefile 2004-08-01 12:49:26.000000000 -0800
@@ -19,7 +19,6 @@
GENERAL=Makefile
TEST=fips_aesavs.c
-TESTDATA=fips_aes_data
APPS=
LIB=$(TOP)/libcrypto.a
@@ -52,17 +51,18 @@
links:
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TESTDATA)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+ifeq ("$(EXHEADER)", "")
+install:
+else
install:
- @if test -n "$(EXHEADER)"; then \
- for i in $(EXHEADER) ; \
+ @for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done; \
- fi
+ done
+endif
tags:
ctags $(SRC)
--- OpenSSL-0.9.7/fips/des/Makefile.ori 2004-07-31 23:36:40.000000000 -0800
+++ OpenSSL-0.9.7/fips/des/Makefile 2004-08-01 12:46:14.000000000 -0800
@@ -55,14 +55,16 @@
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+ifeq ("$(EXHEADER)", "")
install:
- @if test -n "$(EXHEADER)"; then \
- for i in $(EXHEADER) ; \
+else
+install:
+ @for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done; \
- fi
+ done
+endif
tags:
ctags $(SRC)
--- OpenSSL-0.9.7/fips/dh/Makefile.ori 2004-07-31 23:36:46.000000000 -0800
+++ OpenSSL-0.9.7/fips/dh/Makefile 2004-08-01 12:58:58.000000000 -0800
@@ -53,14 +53,16 @@
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+ifeq ("$(EXHEADER)", "")
install:
- @if test -n "$(EXHEADER)"; then \
- for i in $(EXHEADER) ; \
+else
+install:
+ @for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done; \
- fi
+ done
+endif
tags:
ctags $(SRC)
--- OpenSSL-0.9.7/fips/dsa/Makefile.ori 2004-07-31 23:36:42.000000000 -0800
+++ OpenSSL-0.9.7/fips/dsa/Makefile 2004-08-01 12:52:48.000000000 -0800
@@ -53,14 +53,16 @@
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+ifeq ("$(EXHEADER)", "")
install:
- @if test -n "$(EXHEADER)"; then \
- for i in $(EXHEADER) ; \
+else
+install:
+ @for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done; \
- fi
+ done
+endif
tags:
ctags $(SRC)
--- OpenSSL-0.9.7/fips/rsa/Makefile.ori 2004-07-31 23:36:44.000000000 -0800
+++ OpenSSL-0.9.7/fips/rsa/Makefile 2004-08-01 12:56:02.000000000 -0800
@@ -53,14 +53,16 @@
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+ifeq ("$(EXHEADER)", "")
install:
- @if test -n "$(EXHEADER)"; then \
- for i in $(EXHEADER) ; \
+else
+install:
+ @for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done; \
- fi
+ done
+endif
tags:
ctags $(SRC)
--- OpenSSL-0.9.7/fips/sha1/Makefile.ori 2004-07-31 23:36:36.000000000 -0800
+++ OpenSSL-0.9.7/fips/sha1/Makefile 2004-08-01 12:42:16.000000000 -0800
@@ -63,14 +63,16 @@
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/test $(TESTDATA)
@$(PERL) $(TOP)/util/mklink.pl $(TOP)/apps $(APPS)
+ifeq ("$(EXHEADER)", "")
install:
- @if test -n "$(EXHEADER)"; then \
- for i in $(EXHEADER) ; \
- do \
+else
+install:
+ @for i in $(EXHEADER) ; \
+ do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done; \
- fi
+ done
+endif
tags:
ctags $(SRC)
--- OpenSSL-0.9.7/fips/sha1/fips_sha1test.c.ori 2004-08-01 17:33:16.000000000 -0800
+++ OpenSSL-0.9.7/fips/sha1/fips_sha1test.c 2004-08-03 23:56:22.000000000 -0800
@@ -6,6 +6,11 @@
#include <openssl/sha.h>
#include <openssl/err.h>
#include <openssl/fips.h>
+#ifdef __DJGPP__
+#include <io.h>
+#include <fcntl.h>
+#include <unistd.h>
+#endif
#ifndef OPENSSL_FIPS
int main(int argc, char *argv[])
@@ -64,6 +69,11 @@
FILE *fp;
int phase;
+#ifdef __DJGPP__
+ _fmode=O_BINARY;
+ if (!isatty(fileno(stdout)))
+ setmode(fileno(stdout), O_BINARY);
+#endif
if(argc != 2)
{
fprintf(stderr,"%s <test vector file>\n",argv[0]);
--- OpenSSL-0.9.7/test/Makefile.ori 2004-08-01 17:37:06.000000000 -0800
+++ OpenSSL-0.9.7/test/Makefile 2004-08-01 18:34:44.000000000 -0800
@@ -320,7 +320,7 @@
$(CC) -o $(FIPS_AESTEST)$(EXE_EXT) $(CFLAGS) $(FIPS_AESTEST).o $(PEX_LIBS)
$(LIBCRYPTO) $(EX_LIBS) ; \
fi
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h >
/dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_AESTEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_AESTEST)$(EXE_EXT); \
fi
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
@@ -394,7 +394,7 @@
$(CC) -o $(FIPS_SHA1TEST)$(EXE_EXT) $(CFLAGS) $(FIPS_SHA1TEST).o $(PEX_LIBS)
$(LIBCRYPTO) $(EX_LIBS) ; \
fi
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h >
/dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_SHA1TEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_SHA1TEST)$(EXE_EXT); \
fi
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
@@ -493,7 +493,7 @@
$(CC) -o $(FIPS_DESTEST)$(EXE_EXT) $(CFLAGS) $(FIPS_DESTEST).o $(PEX_LIBS)
$(LIBCRYPTO) $(EX_LIBS) ; \
fi
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h >
/dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_DESTEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_DESTEST)$(EXE_EXT); \
fi
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
@@ -511,7 +511,7 @@
$(CC) -o $(FIPS_RANDTEST)$(EXE_EXT) $(CFLAGS) $(FIPS_RANDTEST).o $(PEX_LIBS)
$(LIBCRYPTO) $(EX_LIBS) ; \
fi
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h >
/dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_RANDTEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_RANDTEST)$(EXE_EXT); \
fi
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
@@ -537,7 +537,7 @@
$(CC) -o $(FIPS_DSATEST)$(EXE_EXT) $(CFLAGS) $(FIPS_DSATEST).o $(PEX_LIBS)
$(LIBCRYPTO) $(EX_LIBS) ; \
fi
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h >
/dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_DSATEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(FIPS_DSATEST)$(EXE_EXT); \
fi
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
@@ -556,7 +556,7 @@
$(CC) -o $(SSLTEST)$(EXE_EXT) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL)
$(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
fi
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h >
/dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(SSLTEST); \
+ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a
$(SSLTEST)$(EXE_EXT); \
fi
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
if egrep 'define OPENSSL_FIPS' ../include/openssl/opensslconf.h > /dev/null; then \
OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH";
DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH";
SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "DJGPP"
= "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH
DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./fips_randtest; \
fi
WARNING!!! PRNG IN TEST MODE!!!
WARNING!!! PRNG IN TEST MODE!!!
...
WARNING!!! PRNG IN TEST MODE!!!
...
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
ERROR in SERVER
1:error:2A064064:lib(42):HASH_FINAL:non fips method:../md32_common.h:565:
[00:31:40] 3 file=digest.c, line=202, thread=1, number=100, address=001A99B4
[00:31:40] 4 file=digest.c, line=278, thread=1, number=100, address=001A9A7C
[00:31:40] 2 file=digest.c, line=202, thread=1, number=100, address=001A98EC
300 bytes leaked in 3 chunks
SSLv3, cipher (NONE) (NONE)
test ssl2 is forbidden in FIPS mode
*** IN FIPS MODE ***
ERROR in CLIENT
1:error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available:s2_clnt.c:592:
[00:31:42] 3 file=digest.c, line=202, thread=1, number=100, address=001A99B4
[00:31:42] 4 file=digest.c, line=278, thread=1, number=100, address=001A9A7C
[00:31:42] 2 file=digest.c, line=202, thread=1, number=100, address=001A98EC
300 bytes leaked in 3 chunks
SSLv2, cipher (NONE) (NONE)
test tls1
*** IN FIPS MODE ***
[00:31:43] 3 file=digest.c, line=202, thread=1, number=100, address=001A99B4
[00:31:43] 4 file=digest.c, line=278, thread=1, number=100, address=001A9A7C
[00:31:43] 2 file=digest.c, line=202, thread=1, number=100, address=001A98EC
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 with server authentication
*** IN FIPS MODE ***
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:45] 3 file=digest.c, line=202, thread=1, number=100, address=001A9AB4
[00:31:45] 4 file=digest.c, line=278, thread=1, number=100, address=001A9B7C
[00:31:45] 2 file=digest.c, line=202, thread=1, number=100, address=001A99EC
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 with client authentication
*** IN FIPS MODE ***
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:46] 3 file=digest.c, line=202, thread=1, number=100, address=001A9AB4
[00:31:46] 4 file=digest.c, line=278, thread=1, number=100, address=001A9B7C
[00:31:46] 2 file=digest.c, line=202, thread=1, number=100, address=001A99EC
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 with both client and server authentication
*** IN FIPS MODE ***
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:48] 3 file=digest.c, line=202, thread=1, number=100, address=001A9B14
[00:31:48] 4 file=digest.c, line=278, thread=1, number=100, address=001A9BDC
[00:31:48] 2 file=digest.c, line=202, thread=1, number=100, address=001A9A4C
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 via BIO pair
*** IN FIPS MODE ***
[00:31:49] 3 file=digest.c, line=202, thread=1, number=100, address=001A9A14
[00:31:49] 4 file=digest.c, line=278, thread=1, number=100, address=001A9ADC
[00:31:49] 2 file=digest.c, line=202, thread=1, number=100, address=001A994C
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 with server authentication via BIO pair
*** IN FIPS MODE ***
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:51] 3 file=digest.c, line=202, thread=1, number=100, address=001A9B14
[00:31:51] 4 file=digest.c, line=278, thread=1, number=100, address=001A9BDC
[00:31:51] 2 file=digest.c, line=202, thread=1, number=100, address=001A9A4C
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 with client authentication via BIO pair
*** IN FIPS MODE ***
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:52] 3 file=digest.c, line=202, thread=1, number=100, address=001A9B14
[00:31:52] 4 file=digest.c, line=278, thread=1, number=100, address=001A9BDC
[00:31:52] 2 file=digest.c, line=202, thread=1, number=100, address=001A9A4C
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test tls1 with both client and server authentication via BIO pair
*** IN FIPS MODE ***
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:54] 3 file=digest.c, line=202, thread=1, number=100, address=001A9B74
[00:31:54] 4 file=digest.c, line=278, thread=1, number=100, address=001A9C3C
[00:31:54] 2 file=digest.c, line=202, thread=1, number=100, address=001A9AAC
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test sslv2/sslv3 w/o DHE via BIO pair
*** IN FIPS MODE ***
[00:31:55] 3 file=digest.c, line=202, thread=1, number=100, address=001A9A14
[00:31:55] 4 file=digest.c, line=278, thread=1, number=100, address=001A9ADC
[00:31:55] 2 file=digest.c, line=202, thread=1, number=100, address=001A994C
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 AES256-SHA, 512 bit RSA
test sslv2/sslv3 with 1024bit DHE via BIO pair
*** IN FIPS MODE ***
[00:31:57] 3 file=digest.c, line=202, thread=1, number=100, address=001A9A74
[00:31:57] 4 file=digest.c, line=278, thread=1, number=100, address=001A9B3C
[00:31:57] 2 file=digest.c, line=202, thread=1, number=100, address=001A99AC
300 bytes leaked in 3 chunks
DONE via BIO pair: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test sslv2/sslv3 with server authentication
*** IN FIPS MODE ***
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:31:58] 4 file=digest.c, line=278, thread=1, number=100, address=001A9B9C
[00:31:58] 2 file=digest.c, line=202, thread=1, number=100, address=001A9A0C
[00:31:58] 3 file=digest.c, line=202, thread=1, number=100, address=001A9AD4
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test sslv2/sslv3 with client authentication via BIO pair
*** IN FIPS MODE ***
client authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:32:00] 4 file=digest.c, line=278, thread=1, number=100, address=001A9B9C
[00:32:00] 2 file=digest.c, line=202, thread=1, number=100, address=001A9A0C
[00:32:00] 3 file=digest.c, line=202, thread=1, number=100, address=001A9AD4
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test sslv2/sslv3 with both client and server authentication via BIO pair
*** IN FIPS MODE ***
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:32:02] 3 file=digest.c, line=202, thread=1, number=100, address=001A9B14
[00:32:02] 4 file=digest.c, line=278, thread=1, number=100, address=001A9BDC
[00:32:02] 2 file=digest.c, line=202, thread=1, number=100, address=001A9A4C
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
*** IN FIPS MODE ***
client authentication
server authentication
depth=1 /C=AU/O=Dodgy Brothers/CN=Dodgy CA
depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
In app_verify_callback, allowing cert. Arg is: Test Callback Argument
Finished printing do we have a context? 0x1a54e0 a cert? 0x20d35c
cert depth=0 /C=AU/O=Dodgy Brothers/CN=Brother 1/CN=Brother 2
[00:32:03] 3 file=digest.c, line=202, thread=1, number=100, address=001A9B74
[00:32:03] 4 file=digest.c, line=278, thread=1, number=100, address=001A9C3C
[00:32:03] 2 file=digest.c, line=202, thread=1, number=100, address=001A9AAC
300 bytes leaked in 3 chunks
TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA
dh
test tls1 with 1024bit anonymous DH, multiple handshakes
*** IN FIPS MODE ***
[00:32:05] 3 file=digest.c, line=202, thread=1, number=100, address=001A9C74
[00:32:05] 4 file=digest.c, line=278, thread=1, number=100, address=001A9D3C
[00:32:05] 2 file=digest.c, line=202, thread=1, number=100, address=001A9BAC
300 bytes leaked in 3 chunks
...
make.exe[1]: Leaving directory
`d:/djgpp/ssl97-0725/openssl-0.9.7-stable-SNAP-20040725/test'
OpenSSL 0.9.7e-fips-dev XX xxx XXXX
built on: Wed Aug 4 00:17:28 PST 2004
platform: DJGPP
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -DOPENSSL_SYSNAME_MSDOS -DOPENSSL_NO_KRB5 -DOPENSSL_NO_IDEA
-DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN
-fomit-frame-pointer -fno-strict-aliasing -O2 -Wall
OPENSSLDIR: "/dev/env/DJDIR/ssl"
