[svn] gcry - r1336 - in trunk: doc random tests
svn author wk
cvs at cvs.gnupg.org
Tue Sep 16 16:28:17 CEST 2008
Author: wk
Date: 2008-09-16 16:28:17 +0200 (Tue, 16 Sep 2008)
New Revision: 1336
Modified:
trunk/doc/gcrypt.texi
trunk/random/ChangeLog
trunk/random/random-fips.c
trunk/tests/ChangeLog
trunk/tests/fipsrngdrv.c
Log:
Make fipsrngdriv more pretty.
Fix a problem in the RNG test code.
Minor doc update.
Modified: trunk/random/ChangeLog
===================================================================
--- trunk/random/ChangeLog 2008-09-16 07:48:25 UTC (rev 1335)
+++ trunk/random/ChangeLog 2008-09-16 14:28:17 UTC (rev 1336)
@@ -1,6 +1,7 @@
2008-09-16 Werner Koch <wk at g10code.com>
* random-fips.c (x931_aes_driver): No re-seeding with test contexts.
+ (_gcry_rngfips_init_external_test): Fix setting of test_dt_ptr.
2008-09-15 Werner Koch <wk at g10code.com>
Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog 2008-09-16 07:48:25 UTC (rev 1335)
+++ trunk/tests/ChangeLog 2008-09-16 14:28:17 UTC (rev 1336)
@@ -1,6 +1,7 @@
2008-09-16 Werner Koch <wk at g10code.com>
- * fipsrngdrv.c: Bail out on write error.
+ * fipsrngdrv.c (main): Bail out on write error. Implement verbose
+ option.
2008-09-15 Werner Koch <wk at g10code.com>
Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi 2008-09-16 07:48:25 UTC (rev 1335)
+++ trunk/doc/gcrypt.texi 2008-09-16 14:28:17 UTC (rev 1336)
@@ -3442,10 +3442,11 @@
@item GCRY_MD_FLAG_HMAC
Turn the algorithm into a HMAC message authentication algorithm. This
-only works if just one algorithm is enabled for the handle. Note that the function
- at code{gcry_md_setkey} must be used to set the MAC key. If you want CBC
-message authentication codes based on a cipher, see @xref{Working with
-cipher handles}.
+only works if just one algorithm is enabled for the handle. Note that
+the function @code{gcry_md_setkey} must be used to set the MAC key.
+The size of the MAC is equal to the message digest of the underlying
+hash algorithm. If you want CBC message authentication codes based on
+a cipher, see @xref{Working with cipher handles}.
@end table
@c begin table of hash flags
@@ -3472,7 +3473,7 @@
@deftypefun gcry_error_t gcry_md_setkey (gcry_md_hd_t @var{h}, const void *@var{key}, size_t @var{keylen})
For use with the HMAC feature, set the MAC key to the value of @var{key}
-of length @var{keylen}.
+of length @var{keylen}. There is no restriction on the length of the key.
@end deftypefun
Modified: trunk/random/random-fips.c
===================================================================
--- trunk/random/random-fips.c 2008-09-16 07:48:25 UTC (rev 1335)
+++ trunk/random/random-fips.c 2008-09-16 14:28:17 UTC (rev 1336)
@@ -37,7 +37,7 @@
caller requested less bits, the extra bits are not used. The key
for each generator is only set once at the first time a generator
is used. The seed value is set with the key and again after 1000
- (SEED_TTL) output blocks.
+ (SEED_TTL) output blocks; the re-seeding is disabled in test mode.
The GCRY_VERY_STRONG_RANDOM and GCRY_STRONG_RANDOM generators are
keyed and seeded from the /dev/random device. Thus these
@@ -1043,9 +1043,9 @@
/* Setup a DT value. Because our context structure only stores a
pointer we copy the DT value to the extra space we allocated in
- the test_ctx and set the pointer to tehre. */
- memcpy ((char*)test_ctx + sizeof *test_ctx, dt, dtlen);
- test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof test_ctx;
+ the test_ctx and set the pointer to that address. */
+ memcpy ((unsigned char*)test_ctx + sizeof *test_ctx, dt, dtlen);
+ test_ctx->test_dt_ptr = (unsigned char*)test_ctx + sizeof *test_ctx;
test_ctx->test_dt_counter = ( (test_ctx->test_dt_ptr[12] << 24)
|(test_ctx->test_dt_ptr[13] << 16)
|(test_ctx->test_dt_ptr[14] << 8)
Modified: trunk/tests/fipsrngdrv.c
===================================================================
--- trunk/tests/fipsrngdrv.c 2008-09-16 07:48:25 UTC (rev 1335)
+++ trunk/tests/fipsrngdrv.c 2008-09-16 14:28:17 UTC (rev 1336)
@@ -63,7 +63,7 @@
exactly to LENGTH bytes. The string is delimited by either end of
string or a white space character. The function returns -1 on
error or the length of the parsed string. */
-int
+static int
hex2bin (const char *string, void *buffer, size_t length)
{
int i;
@@ -149,9 +149,16 @@
argc--; argv++;
break;
}
+ else if (!strcmp (*argv, "--help"))
+ {
+ fputs ("usage: " PGM
+ " [--verbose] [--binary] [--loop] [--progress] KEY V DT\n",
+ stdout);
+ exit (0);
+ }
else if (!strcmp (*argv, "--verbose"))
{
- verbose = 2;
+ verbose++;
argc--; argv++;
}
else if (!strcmp (*argv, "--binary"))
@@ -185,13 +192,16 @@
die ("args are not 32 hex digits each\n");
}
else
- die ("invalid usage\n");
+ die ("invalid usage (try --help)\n");
#ifndef HAVE_W32_SYSTEM
if (loop)
signal (SIGPIPE, SIG_IGN);
#endif
+ if (verbose)
+ fputs (PGM ": started\n", stderr);
+
gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose);
gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
if (!gcry_check_version ("1.4.3"))
@@ -205,26 +215,33 @@
do
{
+ int writerr = 0;
+
err = run_external_test (context, buffer, sizeof buffer);
if (err)
die ("run external test failed: %s\n", gpg_strerror (err));
if (binary)
{
if (fwrite (buffer, 16, 1, stdout) != 1)
- {
-#ifndef HAVE_W32_SYSTEM
- if (loop && errno == EPIPE)
- break;
-#endif
- die ("writing output failed: %s\n", strerror (errno));
- }
- fflush (stdout);
+ writerr = 1;
+ else
+ fflush (stdout);
}
else
{
print_buffer (buffer, sizeof buffer);
- putchar ('\n');
+ if (putchar ('\n') == EOF)
+ writerr = 1;
}
+ if (writerr)
+ {
+#ifndef HAVE_W32_SYSTEM
+ if (loop && errno == EPIPE)
+ break;
+#endif
+ die ("writing output failed: %s\n", strerror (errno));
+ }
+
if (progress)
{
putc ('.', stderr);
@@ -238,6 +255,9 @@
deinit_external_test (context);
+ if (verbose)
+ fputs (PGM ": ready\n", stderr);
+
return 0;
}
More information about the Gnupg-commits
mailing list