Hello community,

here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory 
checked in at 2017-07-07 10:15:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old)
 and      /work/SRC/openSUSE:Factory/.openssl-1_0_0.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openssl-1_0_0"

Fri Jul  7 10:15:17 2017 rev:4 rq:508256 version:1.0.2l

Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes      
2017-06-27 10:19:47.307778558 +0200
+++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1_0_0.changes 
2017-07-07 10:15:21.736206236 +0200
@@ -1,0 +2,36 @@
+Tue Jul  4 09:24:55 UTC 2017 - vci...@suse.com
+
+- Don't run FIPS power-up self-tests when the checksum files aren't
+  installed (bsc#1042392, boo#1038906)
+  * add openssl-fips-run_selftests_only_when_module_is_complete.patch
+- AES XTS key parts must not be identical in FIPS mode (bsc#1019637)
+  * add openssl-fips-xts_nonidentical_key_parts.patch
+- Allow runtime switching of s390x capabilities via OPENSSL_s390xcap
+  environmental variable (bsc#1028723)
+  * add openssl-fips-OPENSSL_s390xcap.patch
+
+-------------------------------------------------------------------
+Tue Jul  4 09:24:51 UTC 2017 - vci...@suse.com
+
+- remove DES-CBC3-SHA based ciphers from DEFAULT_SUSE (bsc#1027908)
+  * update patches:
+    openssl-1.0.1e-add-suse-default-cipher.patch
+    openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+- s_client sent empty client certificate (bsc#1028281)
+  Add back certificate initialization set_cert_key_stuff()
+  which was removed by openssl-1.0.2a-default-paths.patch
+  * modified openssl-1.0.2a-default-paths.patch
+
+-------------------------------------------------------------------
+Tue Jul  4 09:24:48 UTC 2017 - vci...@suse.com
+
+- package FIPS CAVS testing tools (bsc#1027688)
+  * add openssl-fips_add_cavs_tests.patch
+- FIPS CAVS: Add AES keywrap (KWVS) test tool (bsc#1044095)
+  * add openssl-fips_cavs_aes_keywrap.patch
+- Fix CAVS testing padding issue with RSA d values (bsc#1044107)
+  * add openssl-fips_cavs_pad_with_zeroes.patch from Pedro Monreal
+- FIPS CAVS: allow fips_* tools to run in FIPS mode (bnc#902364)
+  * added openssl-fips_cavs_helpers_run_in_fips_mode.patch
+
+-------------------------------------------------------------------

New:
----
  openssl-fips-OPENSSL_s390xcap.patch
  openssl-fips-run_selftests_only_when_module_is_complete.patch
  openssl-fips-xts_nonidentical_key_parts.patch
  openssl-fips_add_cavs_tests.patch
  openssl-fips_cavs_aes_keywrap.patch
  openssl-fips_cavs_helpers_run_in_fips_mode.patch
  openssl-fips_cavs_pad_with_zeroes.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openssl-1_0_0.spec ++++++
--- /var/tmp/diff_new_pack.EGDZw8/_old  2017-07-07 10:15:23.211997412 +0200
+++ /var/tmp/diff_new_pack.EGDZw8/_new  2017-07-07 10:15:23.215996847 +0200
@@ -83,6 +83,13 @@
 Patch59:        openssl-fips-dont-fall-back-to-default-digest.patch
 Patch61:        openssl-fipslocking.patch
 Patch63:        openssl-randfile_fread_interrupt.patch
+Patch70:        openssl-fips-xts_nonidentical_key_parts.patch
+Patch71:        openssl-fips_add_cavs_tests.patch
+Patch73:        openssl-fips-OPENSSL_s390xcap.patch
+Patch74:        openssl-fips_cavs_helpers_run_in_fips_mode.patch
+Patch75:        openssl-fips_cavs_pad_with_zeroes.patch
+Patch76:        openssl-fips_cavs_aes_keywrap.patch
+Patch77:        openssl-fips-run_selftests_only_when_module_is_complete.patch
 # steam patches
 Patch100:       openssl-fix-cpuid_setup.patch
 BuildRequires:  bc
@@ -231,6 +238,13 @@
 %patch59 -p1
 %patch61 -p1
 %patch63 -p1
+%patch70 -p1
+%patch71 -p1
+%patch73 -p1
+%patch74 -p1
+%patch75 -p1
+%patch76 -p1
+%patch77 -p1
 
 cp -p %{SOURCE10} .
 cp -p %{SOURCE11} .

++++++ openssl-1.0.1e-add-suse-default-cipher.patch ++++++
--- /var/tmp/diff_new_pack.EGDZw8/_old  2017-07-07 10:15:23.347978172 +0200
+++ /var/tmp/diff_new_pack.EGDZw8/_new  2017-07-07 10:15:23.347978172 +0200
@@ -31,7 +31,7 @@
 +
 +# define SSL_DEFAULT_SUSE_CIPHER_LIST 
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
 +    
"DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
-+    
"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
++    
"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA"
  /*
   * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
   * starts with a reasonable order, and all we have to do for DEFAULT is

++++++ openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ++++++
--- /var/tmp/diff_new_pack.EGDZw8/_old  2017-07-07 10:15:23.359976474 +0200
+++ /var/tmp/diff_new_pack.EGDZw8/_new  2017-07-07 10:15:23.363975907 +0200
@@ -17,7 +17,7 @@
 +done
 +
 +echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite"
-+../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep 
"MD5\|RC4\|DES-[^CBC3]" 
++../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep 
"MD5\|RC4\|DES"
 +
 +if [ $? -ne 1 ];then
 +    echo "weak ciphers are present on DEFAULT_SUSE cipher suite"

++++++ openssl-1.0.2a-default-paths.patch ++++++
--- /var/tmp/diff_new_pack.EGDZw8/_old  2017-07-07 10:15:23.375974210 +0200
+++ /var/tmp/diff_new_pack.EGDZw8/_new  2017-07-07 10:15:23.379973644 +0200
@@ -1,18 +1,3 @@
-Index: openssl-1.0.2b/apps/s_client.c
-===================================================================
---- openssl-1.0.2b.orig/apps/s_client.c        2015-06-11 17:28:32.039203737 
+0200
-+++ openssl-1.0.2b/apps/s_client.c     2015-06-11 17:39:40.138741521 +0200
-@@ -1346,10 +1346,6 @@ int MAIN(int argc, char **argv)
-         ERR_print_errors(bio_err);
-     }
- 
--    ssl_ctx_add_crls(ctx, crls, crl_download);
--    if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
--        goto end;
--
- #ifndef OPENSSL_NO_TLSEXT
-     if (servername != NULL) {
-         tlsextcbp.biodebug = bio_err;
 Index: openssl-1.0.2b/apps/s_server.c
 ===================================================================
 --- openssl-1.0.2b.orig/apps/s_server.c        2015-06-11 17:28:04.879854931 
+0200


++++++ openssl-fips-OPENSSL_s390xcap.patch ++++++
++++ 1312 lines (skipped)

++++++ openssl-fips-run_selftests_only_when_module_is_complete.patch ++++++
Index: openssl-1.0.2j/crypto/fips/fips.c
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/fips.c      2017-05-12 15:51:59.258797863 
+0200
+++ openssl-1.0.2j/crypto/fips/fips.c   2017-06-20 19:57:12.649510712 +0200
@@ -421,15 +421,15 @@ int FIPS_module_mode_set(int onoff, cons
         }
 # endif
 
-        if (!FIPS_selftest()) {
+        if (!verify_checksums()) {
+            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
+                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
         }
 
-        if (!verify_checksums()) {
-            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
-                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+        if (!FIPS_selftest()) {
             fips_selftest_fail = 1;
             ret = 0;
             goto end;
++++++ openssl-fips-xts_nonidentical_key_parts.patch ++++++
Index: openssl-1.0.2j/crypto/evp/e_aes.c
===================================================================
--- openssl-1.0.2j.orig/crypto/evp/e_aes.c      2017-02-16 17:20:41.647972394 
+0100
+++ openssl-1.0.2j/crypto/evp/e_aes.c   2017-02-17 17:05:29.251130889 +0100
@@ -177,6 +177,26 @@ void AES_xts_decrypt(const char *inp, ch
 #  define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
 # endif
 
+static int xts_check_key(const unsigned char *key, unsigned int key_len)
+{
+    /*
+     * key consists of two keys of equal size concatenated,
+     * therefore the length must be even
+     */
+    if (key_len % 2)
+        return 0;
+
+#  ifdef OPENSSL_FIPS
+    /* FIPS 140-2 IG A.9 mandates that the key parts mustn't match */
+    if (FIPS_module_mode() &&
+        CRYPTO_memcmp(key, key + (key_len / 2), key_len / 2) == 0) {
+        return 0;
+    }
+#  endif
+
+    return 1;
+}
+
 # if     defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
         ((defined(__i386)       || defined(__i386__)    || \
           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
@@ -387,6 +407,9 @@ static int aesni_xts_init_key(EVP_CIPHER
         return 1;
 
     if (key) {
+        if (xts_check_key(key, ctx->key_len) == 0)
+            return 0;
+
         /* key_len is two AES keys */
         if (enc) {
             aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks);
@@ -707,6 +730,9 @@ static int aes_t4_xts_init_key(EVP_CIPHE
         return 1;
 
     if (key) {
+        if (xts_check_key(key, ctx->key_len) == 0)
+            return 0;
+
         int bits = ctx->key_len * 4;
         xctx->stream = NULL;
         /* key_len is two AES keys */
@@ -1650,7 +1676,10 @@ static int aes_xts_init_key(EVP_CIPHER_C
     if (!iv && !key)
         return 1;
 
-    if (key)
+    if (key) {
+        if (xts_check_key(key, ctx->key_len) == 0)
+            return 0;
+
         do {
 # ifdef AES_XTS_ASM
             xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
@@ -1719,6 +1748,7 @@ static int aes_xts_init_key(EVP_CIPHER_C
 
             xctx->xts.key1 = &xctx->ks1;
         } while (0);
+    }
 
     if (iv) {
         xctx->xts.key2 = &xctx->ks2;
++++++ openssl-fips_add_cavs_tests.patch ++++++
++++ 10654 lines (skipped)

++++++ openssl-fips_cavs_aes_keywrap.patch ++++++
Index: openssl-1.0.2j/crypto/fips/fips_kwvs.c
===================================================================
--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ openssl-1.0.2j/crypto/fips/fips_kwvs.c      2017-05-12 14:14:26.561672018 
+0200
@@ -0,0 +1,137 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#include <openssl/bn.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/modes.h>
+#include <string.h>
+#include <ctype.h>
+
+#include "fips_utl.h"
+
+void die(char *mes)
+{
+    fprintf(stderr, mes);
+    exit(1);
+}
+
+void process(char *req, char *rsp)
+{
+    char buf[2048], lbuf[2048];
+    unsigned char result[2048];
+    unsigned char *K = NULL;
+    unsigned char *P = NULL;
+    unsigned char *C = NULL;
+    unsigned plaintext_len, ciphertext_len;
+    unsigned key_len;
+    char *end;
+    AES_KEY aes_key;
+    char *keyword, *value;
+    long l;
+    int length;
+    int inverse = 0;
+    block128_f f;
+
+    FILE *in = fopen(req, "r");
+    FILE *out = fopen(rsp, "w");
+
+    if (!in || !out) {
+        die("Can't open input or output file\n");
+    }
+
+    while(fgets(buf, sizeof(buf), in) != NULL)
+    {
+       fputs(buf,out);
+
+       if (!parse_line(&keyword, &value, lbuf, buf)) {
+            /* might be a header, check if inverse cipher function is 
requested */
+           if(strstr(buf, "inverse")) {
+                inverse = 1;
+            }
+            continue;
+        }
+
+       if(!strcmp(keyword, "[PLAINTEXT LENGTH"))
+        {
+            end = value + strlen(value) - 1;
+            /* remove trailing ] */
+            if (*end == ']')
+                *end = 0;
+           plaintext_len = atoi(value) / 8;
+            ciphertext_len = plaintext_len + 8;
+        }
+        /* key */
+       else if(!strcmp(keyword, "K"))
+        {
+           K = hex2bin_m(value, &l);
+            key_len = strlen(value) / 2;
+        }
+        /* plaintext */
+       else if(!strcmp(keyword, "P"))
+        {
+            /* Wrap, we have a key and a plaintext */
+           P = hex2bin_m(value, &l);
+            if (inverse) {
+                if (AES_set_decrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES decrypt key.\n");
+                f = (block128_f)AES_decrypt;
+            } else {
+                if (AES_set_encrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES encrypt key.\n");
+                f = (block128_f)AES_encrypt;
+            }
+            length = CRYPTO_128_wrap(&aes_key, NULL, result, P, plaintext_len, 
f);
+            if (!length)
+                die("Wrapping failed.\n");
+            OutputValue("C", result, length, out, 0);
+        }
+        /* ciphertext */
+       else if(!strcmp(keyword, "C"))
+       {
+            /* Unwrap, we have a key and a ciphertext */
+           C = hex2bin_m(value, &l);
+            if (inverse) {
+                if (AES_set_encrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES encrypt key.\n");
+                f = (block128_f)AES_encrypt;
+            } else {
+                if (AES_set_decrypt_key(K, key_len*8, &aes_key))
+                    die("Can't set AES decrypt key.\n");
+                f = (block128_f)AES_decrypt;
+            }
+            length = CRYPTO_128_unwrap(&aes_key, NULL, result, C, 
ciphertext_len, f);
+            if (!length) {
+                fprintf(out, "FAIL" RESP_EOL);
+            } else {
+                OutputValue("P", result, length, out, 0);
+            }
+        }
+    }
+}
+
+int main(int argc,char **argv)
+{
+    if(argc != 3)
+    {
+       fprintf(stderr,"%s Req Rsp\n",argv[0]);
+       exit(1);
+    }
+    if(!FIPS_mode_set(1))
+    {
+       do_print_errors();
+       exit(1);
+    }
+
+    process(argv[1], argv[2]);
+
+    return 0;
+}
Index: openssl-1.0.2j/crypto/fips/Makefile
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/Makefile    2017-05-11 16:56:02.495668727 
+0200
+++ openssl-1.0.2j/crypto/fips/Makefile 2017-05-11 16:56:02.531669302 +0200
@@ -19,15 +19,15 @@ APPS=
 PROGRAM= fips_standalone_hmac
 EXE= $(PROGRAM)$(EXE_EXT)
 
-CAVS_PROGRAMS= fips_aesavs fips_cmactest fips_desmovs fips_dhvs fips_drbgvs \
+CAVS_PROGRAMS= fips_kwvs fips_aesavs fips_cmactest fips_desmovs fips_dhvs 
fips_drbgvs \
 fips_ecdhvs fips_ecdsavs fips_rngvs fips_rsagtest fips_rsastest \
 fips_rsavtest fips_shatest fips_gcmtest fips_dssvs fips_tlsvs fips_hmactest
 
-CAVS_SRC= fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c 
fips_drbgvs.c fips_dssvs.c \
+CAVS_SRC= fips_kwvs.c fips_aesavs.c fips_cmactest.c fips_desmovs.c fips_dhvs.c 
fips_drbgvs.c fips_dssvs.c \
 fips_ecdhvs.c fips_ecdsavs.c fips_gcmtest.c fips_rngvs.c fips_rsagtest.c 
fips_rsastest.c \
 fips_rsavtest.c fips_shatest.c fips_tlsvs.c fips_hmactest.c
 
-CAVS_OBJ= fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o 
fips_drbgvs.o \
+CAVS_OBJ= fips_kwvs.o fips_aesavs.o fips_cmactest.o fips_desmovs.o fips_dhvs.o 
fips_drbgvs.o \
 fips_ecdhvs.o fips_ecdsavs.o fips_gcmtest.o fips_rngvs.o fips_rsagtest.o 
fips_rsastest.o \
 fips_rsavtest.o fips_shatest.o fips_dssvs.o fips_tlsvs.o fips_hmactest.o
 
@@ -454,6 +454,19 @@ fips_aesavs.o: ../../include/openssl/ope
 fips_aesavs.o: ../../include/openssl/ossl_typ.h
 fips_aesavs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 fips_aesavs.o: ../../include/openssl/symhacks.h fips_utl.h fips_aesavs.c
+fips_kwvs.o: ../../e_os.h ../../include/openssl/aes.h
+fips_kwvs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+fips_kwvs.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+fips_kwvs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+fips_kwvs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+fips_kwvs.o: ../../include/openssl/fips.h ../../include/openssl/fips_rand.h
+fips_kwvs.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+fips_kwvs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+fips_kwvs.o: ../../include/openssl/opensslconf.h
+fips_kwvs.o: ../../include/openssl/opensslv.h
+fips_kwvs.o: ../../include/openssl/ossl_typ.h
+fips_kwvs.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fips_kwvs.o: ../../include/openssl/symhacks.h fips_utl.h fips_kwvs.c
 fips_gcmtest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 fips_gcmtest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 fips_gcmtest.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
++++++ openssl-fips_cavs_helpers_run_in_fips_mode.patch ++++++
Index: openssl-1.0.2j/crypto/fips/fips_aesavs.c
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/fips_aesavs.c       2017-04-07 
12:01:35.335422766 +0200
+++ openssl-1.0.2j/crypto/fips/fips_aesavs.c    2017-04-07 12:11:35.876483996 
+0200
@@ -870,7 +870,11 @@ int main(int argc, char **argv)
     FILE *fp = NULL;
     char fn[250] = "", rfn[256] = "";
     int d_opt = 1;
-    fips_algtest_init();
+    fips_algtest_init_nofips();
+    if(!FIPS_mode_set(1)) {
+        fprintf(stderr, "Can't set FIPS mode\n");
+        exit(1);
+    }
 
     if (argc > 1)
        {
++++++ openssl-fips_cavs_pad_with_zeroes.patch ++++++
Index: openssl-1.0.2j/crypto/fips/fips_rsagtest.c
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/fips_rsagtest.c     2017-05-04 
20:57:44.099237241 +0200
+++ openssl-1.0.2j/crypto/fips/fips_rsagtest.c  2017-05-04 20:58:13.159687179 
+0200
@@ -585,7 +585,7 @@ int rsa_PrimeGen(FILE *out, FILE *in)
                                do_bn_print_name(out, "p", rsa->p);
                                do_bn_print_name(out, "q", rsa->q);
                                do_bn_print_name(out, "n", rsa->n);
-                               do_bn_print_name(out, "d", rsa->d);
+                               do_bn_print_name_pad(out, "d", rsa->d, mod);
                                FIPS_rsa_free(rsa);
                                rsa = NULL;
                                }
Index: openssl-1.0.2j/crypto/fips/fips_utl.h
===================================================================
--- openssl-1.0.2j.orig/crypto/fips/fips_utl.h  2017-05-04 20:57:44.099237241 
+0200
+++ openssl-1.0.2j/crypto/fips/fips_utl.h       2017-05-04 20:57:44.131237737 
+0200
@@ -74,7 +74,9 @@ int hex2bin(const char *in, unsigned cha
 unsigned char *hex2bin_m(const char *in, long *plen);
 int do_hex2bn(BIGNUM **pr, const char *in);
 int do_bn_print(FILE *out, const BIGNUM *bn);
+int do_bn_print_pad(FILE *out, const BIGNUM *bn, int padbits);
 int do_bn_print_name(FILE *out, const char *name, const BIGNUM *bn);
+int do_bn_print_name_pad(FILE *out, const char *name, const BIGNUM *bn, int 
padbits);
 int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
 int parse_line2(char **pkw, char **pval, char *linebuf, char *olinebuf, int 
eol);
 BIGNUM *hex2bn(const char *in);
@@ -291,6 +293,43 @@ int do_bn_print_name(FILE *out, const ch
        if (!r)
                return 0;
        fputs(RESP_EOL, out);
+       return 1;
+       }
+
+int do_bn_print_pad(FILE *out, const BIGNUM *bn, int padbits)
+       {
+       int len, i;
+       unsigned char *tmp;
+       len = BN_num_bytes(bn);
+       if (len == 0)
+               {
+               fputs("00", out);
+               return 1;
+               }
+
+       tmp = OPENSSL_malloc(len);
+       if (!tmp)
+               {
+               fprintf(stderr, "Memory allocation error\n");
+               return 0;
+               }
+       BN_bn2bin(bn, tmp);
+       for (i = 0; i < padbits/BN_BYTES - len; i++)
+               fprintf(out, "%02x", 0);
+       for (i = 0; i < len; i++)
+               fprintf(out, "%02x", tmp[i]);
+       OPENSSL_free(tmp);
+       return 1;
+       }
+
+int do_bn_print_name_pad(FILE *out, const char *name, const BIGNUM *bn, int 
padbits)
+       {
+       int r;
+       fprintf(out, "%s = ", name);
+       r = do_bn_print_pad(out, bn, padbits);
+       if (!r)
+               return 0;
+       fputs(RESP_EOL, out);
        return 1;
        }
 


Reply via email to