wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Revise fips_test_suite to use table of IDs for human readable strings.

Browse source 
Modify HMAC selftest callbacks to notify each digest type used.
This commit is contained in:
Dr. Stephen Henson 2011-04-14 16:14:41 +00:00
parent 8038511c27
commit 9338f290d1
3 changed files with 65 additions and 58 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
fips/aes/fips_aes_selftest.c
View file

@ -134,7 +134,7 @@ int FIPS_selftest_aes_gcm(void)
memset(tag, 0, sizeof(tag));
if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
goto err;

81
fips/fips_test_suite.c
View file

@ -665,42 +665,39 @@ static void test_msg(const char *msg, int result)
printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
}
static const char *post_get_sig(int id)
/* Table of IDs for POST translating between NIDs and names */
typedef struct
{
switch (id)
{
case EVP_PKEY_RSA:
return " (RSA)";
int id;
const char *name;
} POST_ID;
case EVP_PKEY_DSA:
return " (DSA)";
POST_ID id_list[] = {
{NID_sha1, "SHA1"},
{NID_sha224, "SHA224"},
{NID_sha256, "SHA256"},
{NID_sha384, "SHA384"},
{NID_sha512, "SHA512"},
{EVP_PKEY_RSA, "RSA"},
{EVP_PKEY_DSA, "DSA"},
{EVP_PKEY_EC, "ECDSA"},
{NID_aes_128_ecb, "AES-128-ECB"},
{NID_des_ede3_ecb, "DES-EDE3-ECB"},
{0, NULL}
};
case EVP_PKEY_EC:
return " (ECDSA)";
default:
return " (UNKNOWN)";
}
}
static const char *post_get_cipher(int id)
static const char *lookup_id(int id)
{
static char out[128];
switch(id)
POST_ID *n;
static char out[40];
for (n = id_list; n->name; n++)
{
case NID_aes_128_ecb:
return " (AES-128-ECB)";
case NID_des_ede3_ecb:
return " (DES-EDE3-ECB)";
default:
sprintf(out, " (NID=%d)", id);
return out;
if (n->id == id)
return n->name;
}
sprintf(out, "ID=%d\n", id);
return out;
}
static int fail_id = -1;
@ -719,12 +716,11 @@ static int post_cb(int op, int id, int subid, void *ex)
case FIPS_TEST_DIGEST:
idstr = "Digest";
if (subid == NID_sha1)
exstr = " (SHA1)";
exstr = lookup_id(subid);
break;
case FIPS_TEST_CIPHER:
exstr = post_get_cipher(subid);
exstr = lookup_id(subid);
idstr = "Cipher";
break;
@ -733,12 +729,13 @@ static int post_cb(int op, int id, int subid, void *ex)
{
EVP_PKEY *pkey = ex;
keytype = pkey->type;
exstr = post_get_sig(keytype);
exstr = lookup_id(keytype);
}
idstr = "Signature";
break;
case FIPS_TEST_HMAC:
exstr = lookup_id(subid);
idstr = "HMAC";
break;
@ -747,11 +744,11 @@ static int post_cb(int op, int id, int subid, void *ex)
break;
case FIPS_TEST_GCM:
idstr = "HMAC";
idstr = "GCM";
break;
case FIPS_TEST_CCM:
idstr = "HMAC";
idstr = "CCM";
break;
case FIPS_TEST_XTS:
@ -771,7 +768,7 @@ static int post_cb(int op, int id, int subid, void *ex)
{
EVP_PKEY *pkey = ex;
keytype = pkey->type;
exstr = post_get_sig(keytype);
exstr = lookup_id(keytype);
}
idstr = "Pairwise Consistency";
break;
@ -797,15 +794,15 @@ static int post_cb(int op, int id, int subid, void *ex)
break;
case FIPS_POST_STARTED:
printf("\t\t%s%s test started\n", idstr, exstr);
printf("\t\t%s %s test started\n", idstr, exstr);
break;
case FIPS_POST_SUCCESS:
printf("\t\t%s%s test OK\n", idstr, exstr);
printf("\t\t%s %s test OK\n", idstr, exstr);
break;
case FIPS_POST_FAIL:
printf("\t\t%s%s test FAILED!!\n", idstr, exstr);
printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
break;
case FIPS_POST_CORRUPT:
@ -813,7 +810,7 @@ static int post_cb(int op, int id, int subid, void *ex)
&& (fail_key == -1 || fail_key == keytype)
&& (fail_sub == -1 || fail_sub == subid))
{
printf("\t\t%s%s test failure induced\n", idstr, exstr);
printf("\t\t%s %s test failure induced\n", idstr, exstr);
return 0;
}
break;
@ -822,8 +819,6 @@ static int post_cb(int op, int id, int subid, void *ex)
return 1;
}
int main(int argc,char **argv)
{
int bad_rsa = 0, bad_dsa = 0;

40
fips/hmac/fips_hmac_selftest.c
View file

@ -1,5 +1,5 @@
/* ====================================================================
* Copyright (c) 2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -119,46 +119,58 @@ int FIPS_selftest_hmac()
unsigned char out[EVP_MAX_MD_SIZE];
const EVP_MD *md;
const HMAC_KAT *t;
int rv = 0, do_corrupt = 0;
int rv = 1, subid;
HMAC_CTX c;
HMAC_CTX_init(&c);
if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
return 1;
if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
do_corrupt = 1;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
md = (*t->alg)();
subid = M_EVP_MD_type(md);
if (!fips_post_started(FIPS_TEST_HMAC, subid, 0))
continue;
if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
{
rv = -1;
goto err;
}
if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
{
rv = -1;
goto err;
if (do_corrupt)
}
if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL))
{
if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
{
rv = -1;
goto err;
}
}
if (!HMAC_Final(&c, out, &outlen))
{
rv = -1;
goto err;
}
if(memcmp(out,t->kaval,outlen))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
goto err;
fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
rv = 0;
}
if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
goto err;
}
rv = 1;
err:
HMAC_CTX_cleanup(&c);
if (rv == 0)
if (rv == -1)
{
fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
return 0;
fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
rv = 0;
}
return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
return rv;
}
#endif