Add extensive DRBG selftest data and option to corrupt it in fips_test_suite.

crypto/fips_err.h

@@ -84,6 +84,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT),	"FIPS_CIPHERINIT"},
 {ERR_FUNC(FIPS_F_FIPS_DIGESTINIT),	"FIPS_DIGESTINIT"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE),	"FIPS_drbg_generate"},
+{ERR_FUNC(FIPS_F_FIPS_DRBG_INIT),	"FIPS_drbg_init"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE),	"FIPS_drbg_instantiate"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),	"FIPS_drbg_new"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED),	"FIPS_drbg_reseed"},

fips/fips.c

@@ -315,6 +315,13 @@ int FIPS_mode_set(int onoff)
 	    goto end;
 	    }
 
+	if (!FIPS_selftest_drbg())
+	    {
+	    fips_selftest_fail = 1;
+	    ret = 0;
+	    goto end;
+	    }
+
 	/* Perform RNG KAT before seeding */
 	if (!FIPS_selftest_rng())
 	    {

fips/fips.h

@@ -90,9 +90,11 @@ int FIPS_selftest_ecdsa(void);
 void FIPS_corrupt_ecdsa(void);
 void FIPS_corrupt_ec_keygen(void);
 void FIPS_corrupt_rng(void);
+void FIPS_corrupt_drbg(void);
 void FIPS_rng_stick(void);
 int FIPS_selftest_rng(void);
 int FIPS_selftest_hmac(void);
+int FIPS_selftest_drbg(void);
 
 unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
 int FIPS_check_incore_fingerprint(void);
@@ -192,6 +194,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_CIPHERINIT				 128
 #define FIPS_F_FIPS_DIGESTINIT				 127
 #define FIPS_F_FIPS_DRBG_GENERATE			 132
+#define FIPS_F_FIPS_DRBG_INIT				 136
 #define FIPS_F_FIPS_DRBG_INSTANTIATE			 133
 #define FIPS_F_FIPS_DRBG_NEW				 134
 #define FIPS_F_FIPS_DRBG_RESEED				 135

fips/fips_test_suite.c

@@ -515,6 +515,8 @@ int main(int argc,char **argv)
         } else if (!strcmp(argv[1], "sha1")) {
             FIPS_corrupt_sha1();
             printf("SHA-1 hash with corrupted KAT...\n");
+	} else if (!strcmp(argv[1], "drbg")) {
+	    FIPS_corrupt_drbg();
 	} else if (!strcmp(argv[1], "rng")) {
 	    FIPS_corrupt_rng();
 	} else if (!strcmp(argv[1], "rngstick")) {

fips/rand/Makefile

@@ -23,9 +23,9 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	fips_rand.c fips_rand_selftest.c \
-	fips_drbg_lib.c fips_drbg_hash.c fips_drbg_ctr.c
+	fips_drbg_lib.c fips_drbg_hash.c fips_drbg_ctr.c fips_drbg_selftest.c
 LIBOBJ=	fips_rand.o fips_rand_selftest.o \
-	fips_drbg_lib.o fips_drbg_hash.o fips_drbg_ctr.o
+	fips_drbg_lib.o fips_drbg_hash.o fips_drbg_ctr.o fips_drbg_selftest.o
 
 SRC= $(LIBSRC)
 

fips/rand/fips_drbg_lib.c

@@ -63,7 +63,7 @@
 
 /* Support framework for SP800-90 DRBGs */
 
-static int fips_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
 	{
 	int rv;
 	memset(dctx, 0, sizeof(DRBG_CTX));
@@ -76,6 +76,14 @@ static int fips_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
 	if (rv == -2)
 		rv = fips_drbg_ctr_init(dctx);
 
+	if (rv <= 0)
+		{
+		if (rv == -2)
+			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_UNSUPPORTED_DRBG_TYPE);
+		else
+			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_ERROR_INITIALISING_DRBG);
+		}
+
 	return rv;
 	}
 
@@ -89,18 +97,16 @@ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
 		FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
 		return NULL;
 		}
-	rv = fips_drbg_init(dctx, type, flags);
+	if (type == 0)
+		return dctx;
+	rv = FIPS_drbg_init(dctx, type, flags);
 
-	if (rv <= 0)
+	if (FIPS_drbg_init(dctx, type, flags) <= 0)
 		{
-		if (rv == -2)
-			FIPSerr(FIPS_F_FIPS_DRBG_NEW, FIPS_R_UNSUPPORTED_DRBG_TYPE);
-		else
-			FIPSerr(FIPS_F_FIPS_DRBG_NEW, FIPS_R_ERROR_INITIALISING_DRBG);
-
 		OPENSSL_free(dctx);
 		return NULL;
 		}
+		
 	return dctx;
 	}
 
@@ -331,9 +337,7 @@ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
 	rv = dctx->uninstantiate(dctx);
 	OPENSSL_cleanse(dctx, sizeof(DRBG_CTX));
 	/* If method has problems uninstantiating, return error */
-	if (rv <= 0)
-		return rv;
-	return fips_drbg_init(dctx, save_type, save_flags);
+	return rv;
 	}
 
 int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,

fips/rand/fips_rand.h

@@ -76,6 +76,7 @@ typedef struct drbg_ctx_st DRBG_CTX;
 #define	DRBG_FLAG_CTR_USE_DF		0x1
 
 DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
+int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
 int FIPS_drbg_instantiate(DRBG_CTX *dctx, int strength,
 				const unsigned char *pers, size_t perslen);
 int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);

fips/rand/fips_rand_lcl.h

@@ -170,3 +170,4 @@ struct drbg_ctx_st
 
 int fips_drbg_ctr_init(DRBG_CTX *dctx);
 int fips_drbg_hash_init(DRBG_CTX *dctx);
+int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags);