From 9338f290d193bd7497c66d37702cff21ebad8695 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 14 Apr 2011 16:14:41 +0000 Subject: [PATCH] Revise fips_test_suite to use table of IDs for human readable strings. Modify HMAC selftest callbacks to notify each digest type used. --- fips/aes/fips_aes_selftest.c | 2 +- fips/fips_test_suite.c | 85 ++++++++++++++++------------------ fips/hmac/fips_hmac_selftest.c | 40 ++++++++++------ 3 files changed, 67 insertions(+), 60 deletions(-) diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 8b0ffafd70..b84eda4a27 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -134,7 +134,7 @@ int FIPS_selftest_aes_gcm(void) memset(tag, 0, sizeof(tag)); if (!fips_post_started(FIPS_TEST_GCM, 0, 0)) return 1; - if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL)) + if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL)) do_corrupt = 1; if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1)) goto err; diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index 40676ae666..c14ecb3058 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -665,42 +665,39 @@ static void test_msg(const char *msg, int result) printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!")); } -static const char *post_get_sig(int id) - { - switch (id) - { - case EVP_PKEY_RSA: - return " (RSA)"; - - case EVP_PKEY_DSA: - return " (DSA)"; - - case EVP_PKEY_EC: - return " (ECDSA)"; - - default: - return " (UNKNOWN)"; +/* Table of IDs for POST translating between NIDs and names */ - } - } - -static const char *post_get_cipher(int id) +typedef struct { - static char out[128]; - switch(id) + int id; + const char *name; + } POST_ID; + +POST_ID id_list[] = { + {NID_sha1, "SHA1"}, + {NID_sha224, "SHA224"}, + {NID_sha256, "SHA256"}, + {NID_sha384, "SHA384"}, + {NID_sha512, "SHA512"}, + {EVP_PKEY_RSA, "RSA"}, + {EVP_PKEY_DSA, "DSA"}, + {EVP_PKEY_EC, "ECDSA"}, + {NID_aes_128_ecb, "AES-128-ECB"}, + {NID_des_ede3_ecb, "DES-EDE3-ECB"}, + {0, NULL} +}; + +static const char *lookup_id(int id) + { + POST_ID *n; + static char out[40]; + for (n = id_list; n->name; n++) { - - case NID_aes_128_ecb: - return " (AES-128-ECB)"; - - case NID_des_ede3_ecb: - return " (DES-EDE3-ECB)"; - - default: - sprintf(out, " (NID=%d)", id); - return out; - + if (n->id == id) + return n->name; } + sprintf(out, "ID=%d\n", id); + return out; } static int fail_id = -1; @@ -719,12 +716,11 @@ static int post_cb(int op, int id, int subid, void *ex) case FIPS_TEST_DIGEST: idstr = "Digest"; - if (subid == NID_sha1) - exstr = " (SHA1)"; + exstr = lookup_id(subid); break; case FIPS_TEST_CIPHER: - exstr = post_get_cipher(subid); + exstr = lookup_id(subid); idstr = "Cipher"; break; @@ -733,12 +729,13 @@ static int post_cb(int op, int id, int subid, void *ex) { EVP_PKEY *pkey = ex; keytype = pkey->type; - exstr = post_get_sig(keytype); + exstr = lookup_id(keytype); } idstr = "Signature"; break; case FIPS_TEST_HMAC: + exstr = lookup_id(subid); idstr = "HMAC"; break; @@ -747,11 +744,11 @@ static int post_cb(int op, int id, int subid, void *ex) break; case FIPS_TEST_GCM: - idstr = "HMAC"; + idstr = "GCM"; break; case FIPS_TEST_CCM: - idstr = "HMAC"; + idstr = "CCM"; break; case FIPS_TEST_XTS: @@ -771,7 +768,7 @@ static int post_cb(int op, int id, int subid, void *ex) { EVP_PKEY *pkey = ex; keytype = pkey->type; - exstr = post_get_sig(keytype); + exstr = lookup_id(keytype); } idstr = "Pairwise Consistency"; break; @@ -797,15 +794,15 @@ static int post_cb(int op, int id, int subid, void *ex) break; case FIPS_POST_STARTED: - printf("\t\t%s%s test started\n", idstr, exstr); + printf("\t\t%s %s test started\n", idstr, exstr); break; case FIPS_POST_SUCCESS: - printf("\t\t%s%s test OK\n", idstr, exstr); + printf("\t\t%s %s test OK\n", idstr, exstr); break; case FIPS_POST_FAIL: - printf("\t\t%s%s test FAILED!!\n", idstr, exstr); + printf("\t\t%s %s test FAILED!!\n", idstr, exstr); break; case FIPS_POST_CORRUPT: @@ -813,7 +810,7 @@ static int post_cb(int op, int id, int subid, void *ex) && (fail_key == -1 || fail_key == keytype) && (fail_sub == -1 || fail_sub == subid)) { - printf("\t\t%s%s test failure induced\n", idstr, exstr); + printf("\t\t%s %s test failure induced\n", idstr, exstr); return 0; } break; @@ -822,8 +819,6 @@ static int post_cb(int op, int id, int subid, void *ex) return 1; } - - int main(int argc,char **argv) { int bad_rsa = 0, bad_dsa = 0; diff --git a/fips/hmac/fips_hmac_selftest.c b/fips/hmac/fips_hmac_selftest.c index fd8189040d..34ac2472db 100644 --- a/fips/hmac/fips_hmac_selftest.c +++ b/fips/hmac/fips_hmac_selftest.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,46 +119,58 @@ int FIPS_selftest_hmac() unsigned char out[EVP_MAX_MD_SIZE]; const EVP_MD *md; const HMAC_KAT *t; - int rv = 0, do_corrupt = 0; + int rv = 1, subid; HMAC_CTX c; HMAC_CTX_init(&c); - if (!fips_post_started(FIPS_TEST_HMAC, 0, 0)) - return 1; - if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL)) - do_corrupt = 1; for(n=0,t=vector; nalg)(); + subid = M_EVP_MD_type(md); + if (!fips_post_started(FIPS_TEST_HMAC, subid, 0)) + continue; if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL)) + { + rv = -1; goto err; + } if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv))) + { + rv = -1; goto err; - if (do_corrupt) + } + if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL)) { if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1)) + { + rv = -1; goto err; + } } if (!HMAC_Final(&c, out, &outlen)) + { + rv = -1; goto err; + } if(memcmp(out,t->kaval,outlen)) { FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); - goto err; + fips_post_failed(FIPS_TEST_HMAC, subid, NULL); + rv = 0; } + if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL)) + goto err; } - rv = 1; - err: HMAC_CTX_cleanup(&c); - if (rv == 0) + if (rv == -1) { - fips_post_failed(FIPS_TEST_HMAC, 0, NULL); - return 0; + fips_post_failed(FIPS_TEST_HMAC, subid, NULL); + rv = 0; } - return fips_post_success(FIPS_TEST_HMAC, 0, NULL); + return rv; } #endif -- GitLab