|
 |
cf4299 |
diff -up M2Crypto-0.20.2/SWIG/_evp.i.fips M2Crypto-0.20.2/SWIG/_evp.i
|
|
|
cf4299 |
--- M2Crypto-0.20.2/SWIG/_evp.i.fips 2010-05-19 07:06:44.029090567 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/SWIG/_evp.i 2010-05-19 07:06:44.049115516 +0200
|
|
|
cf4299 |
@@ -250,7 +250,10 @@ PyObject *hmac_init(HMAC_CTX *ctx, PyObj
|
|
|
cf4299 |
if (m2_PyObject_AsReadBufferInt(key, &kbuf, &klen) == -1)
|
|
|
cf4299 |
return NULL;
|
|
|
cf4299 |
|
|
|
cf4299 |
- HMAC_Init(ctx, kbuf, klen, md);
|
|
|
cf4299 |
+ if (!HMAC_Init(ctx, kbuf, klen, md)) {
|
|
|
cf4299 |
+ PyErr_SetString(_evp_err, "HMAC_Init failed");
|
|
|
cf4299 |
+ return NULL;
|
|
|
cf4299 |
+ }
|
|
|
cf4299 |
Py_INCREF(Py_None);
|
|
|
cf4299 |
return Py_None;
|
|
|
cf4299 |
}
|
|
|
cf4299 |
@@ -262,7 +265,10 @@ PyObject *hmac_update(HMAC_CTX *ctx, PyO
|
|
|
cf4299 |
if (PyObject_AsReadBuffer(blob, &buf, &len) == -1)
|
|
|
cf4299 |
return NULL;
|
|
|
cf4299 |
|
|
|
cf4299 |
- HMAC_Update(ctx, buf, len);
|
|
|
cf4299 |
+ if (!HMAC_Update(ctx, buf, len)) {
|
|
|
cf4299 |
+ PyErr_SetString(_evp_err, "HMAC_Update failed");
|
|
|
cf4299 |
+ return NULL;
|
|
|
cf4299 |
+ }
|
|
|
cf4299 |
Py_INCREF(Py_None);
|
|
|
cf4299 |
return Py_None;
|
|
|
cf4299 |
}
|
|
|
cf4299 |
@@ -276,7 +282,10 @@ PyObject *hmac_final(HMAC_CTX *ctx) {
|
|
|
cf4299 |
PyErr_SetString(PyExc_MemoryError, "hmac_final");
|
|
|
cf4299 |
return NULL;
|
|
|
cf4299 |
}
|
|
|
cf4299 |
- HMAC_Final(ctx, blob, (unsigned int *)&blen);
|
|
|
cf4299 |
+ if (!HMAC_Final(ctx, blob, (unsigned int *)&blen)) {
|
|
|
cf4299 |
+ PyErr_SetString(_evp_err, "HMAC_Final failed");
|
|
|
cf4299 |
+ return NULL;
|
|
|
cf4299 |
+ }
|
|
|
cf4299 |
ret = PyString_FromStringAndSize(blob, blen);
|
|
|
cf4299 |
PyMem_Free(blob);
|
|
|
cf4299 |
return ret;
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/SWIG/_rsa.i.fips M2Crypto-0.20.2/SWIG/_rsa.i
|
|
|
cf4299 |
--- M2Crypto-0.20.2/SWIG/_rsa.i.fips 2010-05-19 07:06:44.030090773 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/SWIG/_rsa.i 2010-05-19 07:06:44.038095292 +0200
|
|
|
cf4299 |
@@ -423,15 +423,17 @@ void genrsa_callback(int p, int n, void
|
|
|
cf4299 |
Py_XDECREF(ret);
|
|
|
cf4299 |
}
|
|
|
cf4299 |
|
|
|
cf4299 |
-RSA *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) {
|
|
|
cf4299 |
+PyObject *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) {
|
|
|
cf4299 |
RSA *rsa;
|
|
|
cf4299 |
|
|
|
cf4299 |
Py_INCREF(pyfunc);
|
|
|
cf4299 |
rsa = RSA_generate_key(bits, e, genrsa_callback, (void *)pyfunc);
|
|
|
cf4299 |
Py_DECREF(pyfunc);
|
|
|
cf4299 |
- if (!rsa)
|
|
|
cf4299 |
+ if (!rsa) {
|
|
|
cf4299 |
PyErr_SetString(_rsa_err, ERR_reason_error_string(ERR_get_error()));
|
|
|
cf4299 |
- return rsa;
|
|
|
cf4299 |
+ return NULL;
|
|
|
cf4299 |
+ }
|
|
|
cf4299 |
+ return SWIG_NewPointerObj((void *)rsa, SWIGTYPE_p_RSA, 0);
|
|
|
cf4299 |
}
|
|
|
cf4299 |
|
|
|
cf4299 |
int rsa_type_check(RSA *rsa) {
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/tests/test_evp.py.fips M2Crypto-0.20.2/tests/test_evp.py
|
|
|
cf4299 |
--- M2Crypto-0.20.2/tests/test_evp.py.fips 2009-10-07 06:24:44.000000000 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/tests/test_evp.py 2010-05-19 07:06:44.039121270 +0200
|
|
|
cf4299 |
@@ -97,7 +97,7 @@ class EVPTestCase(unittest.TestCase):
|
|
|
cf4299 |
"""
|
|
|
cf4299 |
Testing retrieving the RSA key from the PKey instance.
|
|
|
cf4299 |
"""
|
|
|
cf4299 |
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
|
|
|
cf4299 |
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
|
|
|
cf4299 |
assert isinstance(rsa, RSA.RSA)
|
|
|
cf4299 |
pkey = EVP.PKey()
|
|
|
cf4299 |
pkey.assign_rsa(rsa)
|
|
|
cf4299 |
@@ -130,7 +130,7 @@ class EVPTestCase(unittest.TestCase):
|
|
|
cf4299 |
pkey = EVP.PKey()
|
|
|
cf4299 |
self.assertRaises(ValueError, pkey.get_modulus)
|
|
|
cf4299 |
|
|
|
cf4299 |
- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
|
|
|
cf4299 |
+ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
|
|
|
cf4299 |
pkey.assign_rsa(rsa)
|
|
|
cf4299 |
mod = pkey.get_modulus()
|
|
|
cf4299 |
assert len(mod) > 0, mod
|
|
|
cf4299 |
@@ -373,21 +373,21 @@ class PBKDF2TestCase(unittest.TestCase):
|
|
|
cf4299 |
|
|
|
cf4299 |
class HMACTestCase(unittest.TestCase):
|
|
|
cf4299 |
data1=['', 'More text test vectors to stuff up EBCDIC machines :-)', \
|
|
|
cf4299 |
- h2b("e9139d1e6ee064ef8cf514fc7dc83e86")]
|
|
|
cf4299 |
+ h2b("b760e92d6662d351eb3801057695ac0346295356")]
|
|
|
cf4299 |
|
|
|
cf4299 |
data2=[h2b('0b'*16), "Hi There", \
|
|
|
cf4299 |
- h2b("9294727a3638bb1c13f48ef8158bfc9d")]
|
|
|
cf4299 |
+ h2b("675b0b3a1b4ddf4e124872da6c2f632bfed957e9")]
|
|
|
cf4299 |
|
|
|
cf4299 |
data3=['Jefe', "what do ya want for nothing?", \
|
|
|
cf4299 |
- h2b("750c783e6ab0b503eaa86e310a5db738")]
|
|
|
cf4299 |
+ h2b("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")]
|
|
|
cf4299 |
|
|
|
cf4299 |
data4=[h2b('aa'*16), h2b('dd'*50), \
|
|
|
cf4299 |
- h2b("0x56be34521d144c88dbb8c733f0e8b3f6")]
|
|
|
cf4299 |
+ h2b("d730594d167e35d5956fd8003d0db3d3f46dc7bb")]
|
|
|
cf4299 |
|
|
|
cf4299 |
data=[data1, data2, data3, data4]
|
|
|
cf4299 |
|
|
|
cf4299 |
def test_simple(self):
|
|
|
cf4299 |
- algo = 'md5'
|
|
|
cf4299 |
+ algo = 'sha1'
|
|
|
cf4299 |
for d in self.data:
|
|
|
cf4299 |
h = EVP.HMAC(d[0], algo)
|
|
|
cf4299 |
h.update(d[1])
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/tests/test_rc4.py.fips M2Crypto-0.20.2/tests/test_rc4.py
|
|
|
cf4299 |
--- M2Crypto-0.20.2/tests/test_rc4.py.fips 2009-10-07 06:24:39.000000000 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/tests/test_rc4.py 2010-05-19 07:08:10.754839354 +0200
|
|
|
cf4299 |
@@ -8,12 +8,16 @@ import unittest
|
|
|
cf4299 |
from binascii import hexlify
|
|
|
cf4299 |
from M2Crypto import RC4
|
|
|
cf4299 |
|
|
|
cf4299 |
+from fips import fips_mode
|
|
|
cf4299 |
+
|
|
|
cf4299 |
class RC4TestCase(unittest.TestCase):
|
|
|
cf4299 |
|
|
|
cf4299 |
def test_vectors(self):
|
|
|
cf4299 |
"""
|
|
|
cf4299 |
Test with test vectors from Wikipedia: http://en.wikipedia.org/wiki/Rc4
|
|
|
cf4299 |
"""
|
|
|
cf4299 |
+ if fips_mode:
|
|
|
cf4299 |
+ return
|
|
|
cf4299 |
vectors = (('Key', 'Plaintext', 'BBF316E8D940AF0AD3'),
|
|
|
cf4299 |
('Wiki', 'pedia', '1021BF0420'),
|
|
|
cf4299 |
('Secret', 'Attack at dawn', '45A01F645FC35B383552544B9BF5'))
|
|
|
cf4299 |
@@ -26,6 +30,8 @@ class RC4TestCase(unittest.TestCase):
|
|
|
cf4299 |
self.assertEqual(rc4.final(), '')
|
|
|
cf4299 |
|
|
|
cf4299 |
def test_bad(self):
|
|
|
cf4299 |
+ if fips_mode:
|
|
|
cf4299 |
+ return
|
|
|
cf4299 |
rc4 = RC4.RC4('foo')
|
|
|
cf4299 |
self.assertNotEqual(hexlify(rc4.update('bar')).upper(), '45678')
|
|
|
cf4299 |
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/tests/test_rsa.py.fips M2Crypto-0.20.2/tests/test_rsa.py
|
|
|
cf4299 |
--- M2Crypto-0.20.2/tests/test_rsa.py.fips 2009-10-07 06:26:42.000000000 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/tests/test_rsa.py 2010-05-19 07:06:44.039121270 +0200
|
|
|
cf4299 |
@@ -8,6 +8,8 @@ import unittest
|
|
|
cf4299 |
import sha, md5, os, sys
|
|
|
cf4299 |
from M2Crypto import RSA, BIO, Rand, m2, EVP, X509
|
|
|
cf4299 |
|
|
|
cf4299 |
+from fips import fips_mode
|
|
|
cf4299 |
+
|
|
|
cf4299 |
class RSATestCase(unittest.TestCase):
|
|
|
cf4299 |
|
|
|
cf4299 |
errkey = 'tests/dsa.priv.pem'
|
|
|
cf4299 |
@@ -187,9 +189,10 @@ class RSATestCase(unittest.TestCase):
|
|
|
cf4299 |
|
|
|
cf4299 |
else:
|
|
|
cf4299 |
import hashlib
|
|
|
cf4299 |
- algos = {'sha1': 43,
|
|
|
cf4299 |
- 'ripemd160': 43,
|
|
|
cf4299 |
- 'md5': 47}
|
|
|
cf4299 |
+ algos = {'sha1': 43}
|
|
|
cf4299 |
+ if not fips_mode:
|
|
|
cf4299 |
+ algos['md5'] = 47
|
|
|
cf4299 |
+ algos['ripemd160'] = 43
|
|
|
cf4299 |
|
|
|
cf4299 |
if m2.OPENSSL_VERSION_NUMBER >= 0x90800F:
|
|
|
cf4299 |
algos['sha224'] = 35
|
|
|
cf4299 |
@@ -217,7 +220,7 @@ class RSATestCase(unittest.TestCase):
|
|
|
cf4299 |
"""
|
|
|
cf4299 |
rsa = RSA.load_key(self.privkey)
|
|
|
cf4299 |
message = "This is the message string"
|
|
|
cf4299 |
- digest = md5.md5(message).digest()
|
|
|
cf4299 |
+ digest = 'a' * 16
|
|
|
cf4299 |
self.assertRaises(ValueError, rsa.sign,
|
|
|
cf4299 |
digest, 'bad_digest_method')
|
|
|
cf4299 |
|
|
|
cf4299 |
@@ -227,7 +230,7 @@ class RSATestCase(unittest.TestCase):
|
|
|
cf4299 |
"""
|
|
|
cf4299 |
rsa = RSA.load_key(self.privkey)
|
|
|
cf4299 |
message = "This is the message string"
|
|
|
cf4299 |
- digest = md5.md5(message).digest()
|
|
|
cf4299 |
+ digest = 'a' * 16
|
|
|
cf4299 |
signature = rsa.sign(digest, 'sha1')
|
|
|
cf4299 |
self.assertRaises(ValueError, rsa.verify,
|
|
|
cf4299 |
digest, signature, 'bad_digest_method')
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/tests/test_smime.py.fips M2Crypto-0.20.2/tests/test_smime.py
|
|
|
cf4299 |
--- M2Crypto-0.20.2/tests/test_smime.py.fips 2010-05-19 07:06:44.035105357 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/tests/test_smime.py 2010-05-19 07:06:44.040120779 +0200
|
|
|
cf4299 |
@@ -219,7 +219,7 @@ class WriteLoadTestCase(unittest.TestCas
|
|
|
cf4299 |
buf = BIO.MemoryBuffer()
|
|
|
cf4299 |
assert SMIME.load_pkcs7(self.filename).write_der(buf) == 1
|
|
|
cf4299 |
s = buf.read()
|
|
|
cf4299 |
- assert len(s) in (1204, 1243), len(s)
|
|
|
cf4299 |
+ assert len(s) in (1188, 1204, 1243), len(s)
|
|
|
cf4299 |
|
|
|
cf4299 |
def test_load_pkcs7(self):
|
|
|
cf4299 |
assert SMIME.load_pkcs7(self.filename).type() == SMIME.PKCS7_SIGNED
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/tests/test_ssl.py.fips M2Crypto-0.20.2/tests/test_ssl.py
|
|
|
cf4299 |
--- M2Crypto-0.20.2/tests/test_ssl.py.fips 2010-05-19 07:06:44.019113781 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/tests/test_ssl.py 2010-05-19 07:06:44.040120779 +0200
|
|
|
cf4299 |
@@ -51,7 +51,7 @@ class VerifyCB:
|
|
|
cf4299 |
def __call__(self, ok, store):
|
|
|
cf4299 |
return verify_cb_new_function(ok, store)
|
|
|
cf4299 |
|
|
|
cf4299 |
-sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 0.5))
|
|
|
cf4299 |
+sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 1.5))
|
|
|
cf4299 |
|
|
|
cf4299 |
def find_openssl():
|
|
|
cf4299 |
if os.name == 'nt' or sys.platform == 'cygwin':
|
|
|
cf4299 |
diff -up M2Crypto-0.20.2/tests/test_x509.py.fips M2Crypto-0.20.2/tests/test_x509.py
|
|
|
cf4299 |
--- M2Crypto-0.20.2/tests/test_x509.py.fips 2010-05-19 07:06:44.019113781 +0200
|
|
|
cf4299 |
+++ M2Crypto-0.20.2/tests/test_x509.py 2010-05-19 07:06:44.040120779 +0200
|
|
|
cf4299 |
@@ -394,7 +394,7 @@ class X509TestCase(unittest.TestCase):
|
|
|
cf4299 |
return
|
|
|
cf4299 |
|
|
|
cf4299 |
def test_load_request_bio(self):
|
|
|
cf4299 |
- (req, _) = self.mkreq(512)
|
|
|
cf4299 |
+ (req, _) = self.mkreq(1024)
|
|
|
cf4299 |
|
|
|
cf4299 |
r1 = X509.load_request_der_string(req.as_der())
|
|
|
cf4299 |
r2 = X509.load_request_string(req.as_der(), X509.FORMAT_DER)
|