summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/gcrypt.texi11
-rw-r--r--random/ChangeLog1
-rw-r--r--random/random-fips.c8
-rw-r--r--tests/ChangeLog3
-rw-r--r--tests/fipsrngdrv.c44
5 files changed, 45 insertions, 22 deletions
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index d4ee49d9..11c97cc9 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3442,10 +3442,11 @@ this is the hashed data is highly confidential.
@item GCRY_MD_FLAG_HMAC
Turn the algorithm into a HMAC message authentication algorithm. This
-only works if just one algorithm is enabled for the handle. Note that the function
-@code{gcry_md_setkey} must be used to set the MAC key. If you want CBC
-message authentication codes based on a cipher, see @xref{Working with
-cipher handles}.
+only works if just one algorithm is enabled for the handle. Note that
+the function @code{gcry_md_setkey} must be used to set the MAC key.
+The size of the MAC is equal to the message digest of the underlying
+hash algorithm. If you want CBC message authentication codes based on
+a cipher, see @xref{Working with cipher handles}.
@end table
@c begin table of hash flags
@@ -3472,7 +3473,7 @@ be set using the function:
@deftypefun gcry_error_t gcry_md_setkey (gcry_md_hd_t @var{h}, const void *@var{key}, size_t @var{keylen})
For use with the HMAC feature, set the MAC key to the value of @var{key}
-of length @var{keylen}.
+of length @var{keylen}. There is no restriction on the length of the key.
@end deftypefun
diff --git a/random/ChangeLog b/random/ChangeLog
index 60702eba..c22ea2ea 100644
--- a/random/ChangeLog
+++ b/random/ChangeLog
@@ -1,6 +1,7 @@
2008-09-16 Werner Koch <wk@g10code.com>
* random-fips.c (x931_aes_driver): No re-seeding with test contexts.
+ (_gcry_rngfips_init_external_test): Fix setting of test_dt_ptr.
2008-09-15 Werner Koch <wk@g10code.com>
diff --git a/random/random-fips.c b/random/random-fips.c
index eb1706fc..2fc9596e 100644
--- a/random/random-fips.c
+++ b/random/random-fips.c
@@ -37,7 +37,7 @@
caller requested less bits, the extra bits are not used. The key
for each generator is only set once at the first time a generator
is used. The seed value is set with the key and again after 1000
- (SEED_TTL) output blocks.
+ (SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
keyed and seeded from the /dev/random device. Thus these
@@ -1043,9 +1043,9 @@ _gcry_rngfips_init_external_test (void **r_context,
/* Setup a DT value. Because our context structure only stores a
pointer we copy the DT value to the extra space we allocated in
- the test_ctx and set the pointer to tehre. */
- memcpy ((char*)test_ctx + sizeof *test_ctx, dt, dtlen);
- test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof test_ctx;
+ the test_ctx and set the pointer to that address. */
+ memcpy ((unsigned char*)test_ctx + sizeof *test_ctx, dt, dtlen);
+ test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx;
test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24)
|(test_ctx->test_dt_ptr[13] << 16)
|(test_ctx->test_dt_ptr[14] << 8)
diff --git a/tests/ChangeLog b/tests/ChangeLog
index 23da9a91..c24fb5b1 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,6 +1,7 @@
2008-09-16 Werner Koch <wk@g10code.com>
- * fipsrngdrv.c: Bail out on write error.
+ * fipsrngdrv.c (main): Bail out on write error. Implement verbose
+ option.
2008-09-15 Werner Koch <wk@g10code.com>
diff --git a/tests/fipsrngdrv.c b/tests/fipsrngdrv.c
index bda0bde4..dfcea7c1 100644
--- a/tests/fipsrngdrv.c
+++ b/tests/fipsrngdrv.c
@@ -63,7 +63,7 @@ die (const char *format, ...)
exactly to LENGTH bytes. The string is delimited by either end of
string or a white space character. The function returns -1 on
error or the length of the parsed string. */
-int
+static int
hex2bin (const char *string, void *buffer, size_t length)
{
int i;
@@ -149,9 +149,16 @@ main (int argc, char **argv)
argc--; argv++;
break;
}
+ else if (!strcmp (*argv, "--help"))
+ {
+ fputs ("usage: " PGM
+ " [--verbose] [--binary] [--loop] [--progress] KEY V DT\n",
+ stdout);
+ exit (0);
+ }
else if (!strcmp (*argv, "--verbose"))
{
- verbose = 2;
+ verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--binary"))
@@ -185,13 +192,16 @@ main (int argc, char **argv)
die ("args are not 32 hex digits each\n");
}
else
- die ("invalid usage\n");
+ die ("invalid usage (try --help)\n");
#ifndef HAVE_W32_SYSTEM
if (loop)
signal (SIGPIPE, SIG_IGN);
#endif
+ if (verbose)
+ fputs (PGM ": started\n", stderr);
+
gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose);
gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
if (!gcry_check_version ("1.4.3"))
@@ -205,26 +215,33 @@ main (int argc, char **argv)
do
{
+ int writerr = 0;
+
err = run_external_test (context, buffer, sizeof buffer);
if (err)
die ("run external test failed: %s\n", gpg_strerror (err));
if (binary)
{
if (fwrite (buffer, 16, 1, stdout) != 1)
- {
-#ifndef HAVE_W32_SYSTEM
- if (loop && errno == EPIPE)
- break;
-#endif
- die ("writing output failed: %s\n", strerror (errno));
- }
- fflush (stdout);
+ writerr = 1;
+ else
+ fflush (stdout);
}
else
{
print_buffer (buffer, sizeof buffer);
- putchar ('\n');
+ if (putchar ('\n') == EOF)
+ writerr = 1;
}
+ if (writerr)
+ {
+#ifndef HAVE_W32_SYSTEM
+ if (loop && errno == EPIPE)
+ break;
+#endif
+ die ("writing output failed: %s\n", strerror (errno));
+ }
+
if (progress)
{
putc ('.', stderr);
@@ -238,6 +255,9 @@ main (int argc, char **argv)
deinit_external_test (context);
+ if (verbose)
+ fputs (PGM ": ready\n", stderr);
+
return 0;
}