diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 403f4b74ca06f1b91143f704d64481018c260c3c..8b0ffafd70576c52c0fe6f234b6742e17b86e695 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -53,6 +53,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS static struct @@ -123,22 +124,23 @@ static const unsigned char gcm_tag[] = { 0x98,0xf7,0x7e,0x0c }; -static int corrupt_aes_gcm = 0; - -void FIPS_corrupt_aes_gcm(void) - { - corrupt_aes_gcm = 1; - } - int FIPS_selftest_aes_gcm(void) { - int ret = 0; + int ret = 0, do_corrupt = 0; unsigned char out[128], tag[16]; EVP_CIPHER_CTX ctx; FIPS_cipher_ctx_init(&ctx); - FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1); - FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, - sizeof(gcm_iv), NULL); + memset(out, 0, sizeof(out)); + memset(tag, 0, sizeof(tag)); + if (!fips_post_started(FIPS_TEST_GCM, 0, 0)) + return 1; + if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL)) + do_corrupt = 1; + if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1)) + goto err; + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, + sizeof(gcm_iv), NULL)) + goto err; if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1)) goto err; if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0) @@ -154,13 +156,17 @@ int FIPS_selftest_aes_gcm(void) if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16)) goto err; + memset(out, 0, sizeof(out)); + /* Modify expected tag value */ - if (corrupt_aes_gcm) + if (do_corrupt) tag[0]++; - FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0); - FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, - sizeof(gcm_iv), NULL); + if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0)) + goto err; + if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, + sizeof(gcm_iv), NULL)) + goto err; if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag)) goto err; if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0)) @@ -178,13 +184,17 @@ int FIPS_selftest_aes_gcm(void) ret = 1; err: + FIPS_cipher_ctx_cleanup(&ctx); if (ret == 0) + { + fips_post_failed(FIPS_TEST_GCM, 0, NULL); FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED); + return 0; + } + else + return fips_post_success(FIPS_TEST_GCM, 0, NULL); - FIPS_cipher_ctx_cleanup(&ctx); - - return ret; } #endif diff --git a/fips/cmac/fips_cmac_selftest.c b/fips/cmac/fips_cmac_selftest.c index 86646a2ff1f353faff052f8e2d460518e09d15c6..2550bc6364c55696343791197ad1fed4c22a891c 100644 --- a/fips/cmac/fips_cmac_selftest.c +++ b/fips/cmac/fips_cmac_selftest.c @@ -53,6 +53,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS typedef struct { @@ -107,29 +108,45 @@ static const CMAC_KAT vector[] = { }; int FIPS_selftest_cmac() - { - size_t n, outlen; - unsigned char out[32]; - const EVP_CIPHER *cipher; - CMAC_CTX *ctx = CMAC_CTX_new(); - const CMAC_KAT *t; - - for(n=0,t=vector; nalg)(); - CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); - CMAC_Update(ctx, t->msg, t->msgsize/8); - CMAC_Final(ctx, out, &outlen); - CMAC_CTX_cleanup(ctx); + size_t n, outlen; + unsigned char out[32]; + const EVP_CIPHER *cipher; + CMAC_CTX *ctx = CMAC_CTX_new(); + const CMAC_KAT *t; + int do_corrupt = 0, rv = 0; - if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) - { - FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); - return 0; - } - } + if (!fips_post_started(FIPS_TEST_CMAC, 0, 0)) + return 1; + if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL)) + + for(n=0,t=vector; nalg)(); + CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0); + CMAC_Update(ctx, t->msg, t->msgsize/8); + if (do_corrupt) + CMAC_Update(ctx, t->msg, 1); + CMAC_Final(ctx, out, &outlen); + CMAC_CTX_cleanup(ctx); + + if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); + goto err; + } + } - CMAC_CTX_free(ctx); - return 1; - } + rv = 1; + err: + CMAC_CTX_free(ctx); + + if (rv == 0) + { + fips_post_failed(FIPS_TEST_CMAC, 0, NULL); + return 0; + } + + return fips_post_success(FIPS_TEST_CMAC, 0, NULL); + } #endif diff --git a/fips/fips.h b/fips/fips.h index 1e4b109ed06616c66498e196cf60b0603ccefce2..1a35f73a11b8b42569a73ed4b55fc4e72d60a639 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -74,7 +74,6 @@ int FIPS_selftest_failed(void); void FIPS_selftest_check(void); int FIPS_selftest_sha1(void); int FIPS_selftest_aes_gcm(void); -void FIPS_corrupt_aes_gcm(void); int FIPS_selftest_aes(void); int FIPS_selftest_des(void); int FIPS_selftest_rsa(void); diff --git a/fips/fips_post.c b/fips/fips_post.c index 1ab156fb3f4f9487c02400341542f6990263a0a9..a6d0cfeae674f09242a97e9872722fd210d7264e 100644 --- a/fips/fips_post.c +++ b/fips/fips_post.c @@ -105,12 +105,14 @@ void fips_post_end(void) if (post_failure) { post_status = FIPS_POST_STATUS_FAILED; - fips_post_cb(FIPS_POST_END, 0, 0, NULL); + if(fips_post_cb) + fips_post_cb(FIPS_POST_END, 0, 0, NULL); } else { post_status = FIPS_POST_STATUS_OK; - fips_post_cb(FIPS_POST_END, 1, 0, NULL); + if (fips_post_cb) + fips_post_cb(FIPS_POST_END, 1, 0, NULL); } } diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 168db537118c6a059f26fb7d41d3c456916a73c2..40676ae66696e4c2a93bcc9e25e1334a7434053a 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -743,7 +743,7 @@ static int post_cb(int op, int id, int subid, void *ex) break; case FIPS_TEST_CMAC: - idstr = "HMAC"; + idstr = "CMAC"; break; case FIPS_TEST_GCM: @@ -845,8 +845,7 @@ int main(int argc,char **argv) fail_id = FIPS_TEST_CIPHER; fail_sub = NID_aes_128_ecb; } else if (!strcmp(argv[1], "aes-gcm")) { - FIPS_corrupt_aes_gcm(); - printf("AES-GCM encryption/decryption with corrupted KAT...\n"); + fail_id = FIPS_TEST_GCM; } else if (!strcmp(argv[1], "des")) { fail_id = FIPS_TEST_CIPHER; fail_sub = NID_des_ede3_ecb; @@ -877,7 +876,8 @@ int main(int argc,char **argv) no_exit = 1; } else if (!strcmp(argv[1], "sha1")) { fail_id = FIPS_TEST_DIGEST; - fail_sub = NID_sha1; + } else if (!strcmp(argv[1], "hmac")) { + fail_id = FIPS_TEST_HMAC; } else if (!strcmp(argv[1], "drbg")) { FIPS_corrupt_drbg(); } else if (!strcmp(argv[1], "rng")) { diff --git a/fips/hmac/fips_hmac_selftest.c b/fips/hmac/fips_hmac_selftest.c index a3967a4a777ee13faa575ec7af397b05df255859..fd8189040d12843f83fed03f1d25678257438477 100644 --- a/fips/hmac/fips_hmac_selftest.c +++ b/fips/hmac/fips_hmac_selftest.c @@ -53,6 +53,7 @@ #include #include #include +#include "fips_locl.h" #ifdef OPENSSL_FIPS typedef struct { @@ -112,26 +113,52 @@ static const HMAC_KAT vector[] = { }; int FIPS_selftest_hmac() - { - size_t n; - unsigned int outlen; - unsigned char out[EVP_MAX_MD_SIZE]; - const EVP_MD *md; - const HMAC_KAT *t; - - for(n=0,t=vector; nalg)(); - HMAC(md,t->key,strlen(t->key), - (const unsigned char *)t->iv,strlen(t->iv), - out,&outlen); + size_t n; + unsigned int outlen; + unsigned char out[EVP_MAX_MD_SIZE]; + const EVP_MD *md; + const HMAC_KAT *t; + int rv = 0, do_corrupt = 0; + HMAC_CTX c; + HMAC_CTX_init(&c); + + if (!fips_post_started(FIPS_TEST_HMAC, 0, 0)) + return 1; + if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL)) + do_corrupt = 1; + + for(n=0,t=vector; nalg)(); + if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL)) + goto err; + if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv))) + goto err; + if (do_corrupt) + { + if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1)) + goto err; + } + if (!HMAC_Final(&c, out, &outlen)) + goto err; + + if(memcmp(out,t->kaval,outlen)) + { + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); + goto err; + } + } + + rv = 1; - if(memcmp(out,t->kaval,outlen)) - { - FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); - return 0; - } + err: + HMAC_CTX_cleanup(&c); + if (rv == 0) + { + fips_post_failed(FIPS_TEST_HMAC, 0, NULL); + return 0; + } + return fips_post_success(FIPS_TEST_HMAC, 0, NULL); } - return 1; - } #endif