Add new POST support to X9.31 PRNG.

author Dr. Stephen Henson <steve@openssl.org>

Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)
diff --git a/fips/fips.h b/fips/fips.h

index 1a35f73a11b8b42569a73ed4b55fc4e72d60a639..ab16134a40509b4dedf9a976c327c4637f92035e 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -79,7 +79,6 @@ int FIPS_selftest_des(void);
  int FIPS_selftest_rsa(void);
  int FIPS_selftest_dsa(void);
  int FIPS_selftest_ecdsa(void);
-void FIPS_corrupt_x931(void);
  void FIPS_corrupt_drbg(void);
  void FIPS_x931_stick(void);
  void FIPS_drbg_stick(void);
diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c

index 6b2cdc7bf96dc14c6c97dd53ad3e7ea193a47e81..e71a6930bca13fed2f259da329846c96f4be30a2 100644 (file)
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -711,6 +711,7 @@ static int fail_key = -1;
  static int post_cb(int op, int id, int subid, void *ex)
         {
         const char *idstr, *exstr = "";
+       char asctmp[20];
         int keytype = -1;
         switch(id)
                 {
@@ -762,6 +763,8 @@ static int post_cb(int op, int id, int subid, void *ex)
  
                 case FIPS_TEST_X931:
                 idstr = "X9.31 PRNG";
+               sprintf(asctmp, "keylen=%d", subid);
+               exstr = asctmp;
                 break;
  
                 case FIPS_TEST_DRBG:
@@ -883,7 +886,7 @@ int main(int argc,char **argv)
         } else if (!strcmp(argv[1], "drbg")) {
             FIPS_corrupt_drbg();
         } else if (!strcmp(argv[1], "rng")) {
-           FIPS_corrupt_x931();
+           fail_id = FIPS_TEST_X931;
         } else if (!strcmp(argv[1], "rngstick")) {
             do_rng_stick = 1;
             no_exit = 1;
diff --git a/fips/rand/fips_rand_selftest.c b/fips/rand/fips_rand_selftest.c

index afab1fa40bce17e0519ff4b9f24402f9441485fd..ff5780abe0e9accde6d368b3b7bf0ca5a832b42f 100644 (file)
--- a/fips/rand/fips_rand_selftest.c
+++ b/fips/rand/fips_rand_selftest.c
@@ -54,6 +54,7 @@
  #include <openssl/fips.h>
  #include <openssl/rand.h>
  #include <openssl/fips_rand.h>
+#include "fips_locl.h"
  
  #ifdef OPENSSL_FIPS
  
@@ -324,11 +325,6 @@ static AES_PRNG_TV aes_256_tv[] = {
  };
  
  
-void FIPS_corrupt_x931()
-    {
-    aes_192_tv[0].V[0]++;
-    }
-
  #define fips_x931_test(key, tv) \
         do_x931_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
  
@@ -336,38 +332,48 @@ static int do_x931_test(unsigned char *key, int keylen,
                         AES_PRNG_TV *tv, int ntv)
         {
         unsigned char R[16];
-       int i;
+       int i, rv = 1;
         if (!FIPS_x931_set_key(key, keylen))
                 return 0;
         for (i = 0; i < ntv; i++)
                 {
+               if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
+                       return 1;
+               if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
+                       tv[i].V[0]++;
                 FIPS_x931_seed(tv[i].V, 16);
                 FIPS_x931_set_dt(tv[i].DT);
                 FIPS_x931_bytes(R, 16);
                 if (memcmp(R, tv[i].R, 16))
+                       {
+                       fips_post_failed(FIPS_TEST_X931, keylen, NULL);
+                       rv = 0;
+                       }
+               else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
                         return 0;
                 }
-       return 1;
+       return rv;
         }
-       
  
  int FIPS_selftest_x931()
         {
+       int rv = 1;
         FIPS_x931_reset();
         if (!FIPS_x931_test_mode())
                 {
                 FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
                 return 0;
                 }
-       if (!fips_x931_test(aes_128_key,aes_128_tv)
-               || !fips_x931_test(aes_192_key, aes_192_tv)
-               || !fips_x931_test(aes_256_key, aes_256_tv))
-               {
-               FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
-               return 0;
-               }
+       if (!fips_x931_test(aes_128_key,aes_128_tv))
+               rv = 0;
+       if (!fips_x931_test(aes_192_key, aes_192_tv))
+               rv = 0;
+       if (!fips_x931_test(aes_256_key, aes_256_tv))
+               rv = 0;
         FIPS_x931_reset();
-       return 1;
+       if (!rv)
+               FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
+       return rv;
         }
  
  #endif
author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 14 Apr 2011 18:29:49 +0000 (18:29 +0000)
fips/fips.h		patch \| blob \| history
fips/fips_test_suite.c		patch \| blob \| history
fips/rand/fips_rand_selftest.c		patch \| blob \| history