From cd22dfbf0109ae42f650c0d0b1d0e956fe9a1574 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 25 Mar 2011 16:36:46 +0000 Subject: [PATCH] Have all algorithm test programs call fips_algtest_init() at startup: this will perform all standalone operations such as setting error callbacks, entering FIPS mode etc. --- fips/aes/fips_aesavs.c | 6 +----- fips/aes/fips_gcmtest.c | 4 +--- fips/cmac/fips_cmactest.c | 4 +--- fips/des/fips_desmovs.c | 6 +----- fips/dh/fips_dhvs.c | 4 +--- fips/dsa/fips_dsatest.c | 4 +--- fips/dsa/fips_dssvs.c | 4 +--- fips/ecdh/fips_ecdhvs.c | 4 +--- fips/ecdsa/fips_ecdsavs.c | 4 +--- fips/fips_utl.h | 11 +++++++++++ fips/hmac/fips_hmactest.c | 4 +--- fips/rand/fips_drbgvs.c | 2 +- fips/rand/fips_randtest.c | 2 +- fips/rand/fips_rngvs.c | 4 +--- fips/rsa/fips_rsagtest.c | 4 +--- fips/rsa/fips_rsastest.c | 4 +--- fips/rsa/fips_rsavtest.c | 4 +--- fips/sha/fips_shatest.c | 4 +--- 18 files changed, 28 insertions(+), 51 deletions(-) diff --git a/fips/aes/fips_aesavs.c b/fips/aes/fips_aesavs.c index c9e2ce3b94..72c2d0967c 100644 --- a/fips/aes/fips_aesavs.c +++ b/fips/aes/fips_aesavs.c @@ -867,12 +867,8 @@ int main(int argc, char **argv) FILE *fp = NULL; char fn[250] = "", rfn[256] = ""; int f_opt = 0, d_opt = 1; - fips_set_error_print(); + fips_algtest_init(); -#ifdef OPENSSL_FIPS - if(!FIPS_mode_set(1)) - EXIT(1); -#endif if (argc > 1) { if (strcasecmp(argv[1], "-d") == 0) diff --git a/fips/aes/fips_gcmtest.c b/fips/aes/fips_gcmtest.c index 5eb7e7f967..7c9efe7d6d 100644 --- a/fips/aes/fips_gcmtest.c +++ b/fips/aes/fips_gcmtest.c @@ -292,9 +292,7 @@ int main(int argc,char **argv) fprintf(stderr,"%s [-encrypt|-decrypt]\n",argv[0]); exit(1); } - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if(!strcmp(argv[1],"-encrypt")) encrypt = 1; else if(!strcmp(argv[1],"-encryptIVext")) diff --git a/fips/cmac/fips_cmactest.c b/fips/cmac/fips_cmactest.c index cc07265370..c2da660c67 100644 --- a/fips/cmac/fips_cmactest.c +++ b/fips/cmac/fips_cmactest.c @@ -102,9 +102,7 @@ int main(int argc, char **argv) int known_keylen = 0; /* Only set when Klen_counts_keys = 1 */ const EVP_CIPHER *cipher = 0; int ret = 1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - goto end; + fips_algtest_init(); while (argc > 1 && argv[1][0] == '-') { diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 16b8dc1936..88c306370f 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -633,11 +633,7 @@ int main(int argc, char **argv) char fn[250] = "", rfn[256] = ""; int f_opt = 0, d_opt = 1; -#ifdef OPENSSL_FIPS - fips_set_error_print(); - if(!FIPS_mode_set(1)) - EXIT(1); -#endif + fips_algtest_init(); if (argc > 1) { if (strcasecmp(argv[1], "-d") == 0) diff --git a/fips/dh/fips_dhvs.c b/fips/dh/fips_dhvs.c index dc6a95ca40..ad760c8aaa 100644 --- a/fips/dh/fips_dhvs.c +++ b/fips/dh/fips_dhvs.c @@ -160,9 +160,7 @@ int main(int argc,char **argv) char *keyword = NULL, *value = NULL; int do_verify = -1, exout = 0; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if (argn && !strcmp(*args, "dhver")) { diff --git a/fips/dsa/fips_dsatest.c b/fips/dsa/fips_dsatest.c index 678e089a42..c5dd088fe5 100644 --- a/fips/dsa/fips_dsatest.c +++ b/fips/dsa/fips_dsatest.c @@ -156,9 +156,7 @@ int main(int argc, char **argv) BN_GENCB_set(&cb, dsa_cb, stderr); FIPS_md_ctx_init(&mctx); - fips_set_error_print(); - if(!FIPS_mode_set(1)) - EXIT(1); + fips_algtest_init(); fprintf(stderr,"test generation of DSA parameters\n"); diff --git a/fips/dsa/fips_dssvs.c b/fips/dsa/fips_dssvs.c index ff97808ee2..c5a5805071 100644 --- a/fips/dsa/fips_dssvs.c +++ b/fips/dsa/fips_dssvs.c @@ -626,9 +626,7 @@ int main(int argc,char **argv) fprintf(stderr,"%s [prime|pqg|pqgver|keypair|keyver|siggen|sigver]\n",argv[0]); exit(1); } - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if(!strcmp(argv[1],"prime")) primes(in, out); else if(!strcmp(argv[1],"pqg")) diff --git a/fips/ecdh/fips_ecdhvs.c b/fips/ecdh/fips_ecdhvs.c index 38178f5eea..c3ee174369 100644 --- a/fips/ecdh/fips_ecdhvs.c +++ b/fips/ecdh/fips_ecdhvs.c @@ -291,9 +291,7 @@ int main(int argc,char **argv) int curve_nids[5] = {0,0,0,0,0}; int param_set = -1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if (argn && !strcmp(*args, "ecdhver")) { diff --git a/fips/ecdsa/fips_ecdsavs.c b/fips/ecdsa/fips_ecdsavs.c index 2492ee42c0..1245f854e7 100644 --- a/fips/ecdsa/fips_ecdsavs.c +++ b/fips/ecdsa/fips_ecdsavs.c @@ -463,9 +463,7 @@ int main(int argc, char **argv) FILE *in = NULL, *out = NULL; const char *cmd = argv[1]; int rv = 0; - fips_set_error_print(); - if (!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); if (argc == 4) { diff --git a/fips/fips_utl.h b/fips/fips_utl.h index 71147a2a31..3deb406cf4 100644 --- a/fips/fips_utl.h +++ b/fips/fips_utl.h @@ -63,6 +63,7 @@ int bint2bin(const char *in, int len, unsigned char *out); int bin2bint(const unsigned char *in,int len,char *out); void PrintValue(char *tag, unsigned char *val, int len); void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode); +void fips_algtest_init(void); static int no_err; @@ -97,6 +98,16 @@ static void fips_set_error_print(void) FIPS_set_error_callbacks(put_err_cb, add_err_cb); } +void fips_algtest_init(void) + { + fips_set_error_print(); + if (!FIPS_mode_set(1)) + { + fprintf(stderr, "Error entering FIPS mode\n"); + exit(1); + } + } + int hex2bin(const char *in, unsigned char *out) { int n1, n2, isodd = 0; diff --git a/fips/hmac/fips_hmactest.c b/fips/hmac/fips_hmactest.c index d1f0b4c1ca..58e4a35a5b 100644 --- a/fips/hmac/fips_hmactest.c +++ b/fips/hmac/fips_hmactest.c @@ -90,9 +90,7 @@ int main(int argc, char **argv) FILE *in = NULL, *out = NULL; int ret = 1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - goto end; + fips_algtest_init(); if (argc == 1) in = stdin; diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c index 53d4439342..d3b47a0954 100644 --- a/fips/rand/fips_drbgvs.c +++ b/fips/rand/fips_drbgvs.c @@ -172,7 +172,7 @@ int main(int argc,char **argv) int gen = 0; - fips_set_error_print(); + fips_algtest_init(); if (argc == 3) { diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c index b211a039c0..3465bc3029 100644 --- a/fips/rand/fips_randtest.c +++ b/fips/rand/fips_randtest.c @@ -241,7 +241,7 @@ static void run_test(unsigned char *key, int keylen, AES_PRNG_MCT *tv) int main() { - fips_set_error_print(); + fips_algtest_init(); run_test(aes_128_mct_key, 16, &aes_128_mct_tv); printf("FIPS PRNG test 1 done\n"); run_test(aes_192_mct_key, 24, &aes_192_mct_tv); diff --git a/fips/rand/fips_rngvs.c b/fips/rand/fips_rngvs.c index 786f5420b4..f858b6d2e9 100644 --- a/fips/rand/fips_rngvs.c +++ b/fips/rand/fips_rngvs.c @@ -226,9 +226,7 @@ int main(int argc,char **argv) fprintf(stderr,"%s [mct|vst]\n",argv[0]); exit(1); } - fips_set_error_print(); - if(!FIPS_mode_set(1)) - exit(1); + fips_algtest_init(); FIPS_rand_reset(); if (!FIPS_rand_test_mode()) { diff --git a/fips/rsa/fips_rsagtest.c b/fips/rsa/fips_rsagtest.c index 434d332b92..78b4531398 100644 --- a/fips/rsa/fips_rsagtest.c +++ b/fips/rsa/fips_rsagtest.c @@ -94,9 +94,7 @@ int main(int argc, char **argv) int ret = 1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - goto end; + fips_algtest_init(); if (argc == 1) in = stdin; diff --git a/fips/rsa/fips_rsastest.c b/fips/rsa/fips_rsastest.c index 2d66d92116..7a3dd31cbb 100644 --- a/fips/rsa/fips_rsastest.c +++ b/fips/rsa/fips_rsastest.c @@ -91,9 +91,7 @@ int main(int argc, char **argv) int ret = 1, Saltlen = -1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - goto end; + fips_algtest_init(); if ((argc > 2) && !strcmp("-saltlen", argv[1])) { diff --git a/fips/rsa/fips_rsavtest.c b/fips/rsa/fips_rsavtest.c index 5886a19b03..dbf73bee88 100644 --- a/fips/rsa/fips_rsavtest.c +++ b/fips/rsa/fips_rsavtest.c @@ -96,9 +96,7 @@ int main(int argc, char **argv) int ret = 1; int Saltlen = -1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - goto end; + fips_algtest_init(); if ((argc > 2) && !strcmp("-saltlen", argv[1])) { diff --git a/fips/sha/fips_shatest.c b/fips/sha/fips_shatest.c index e6d1a9519a..cdbf7193b6 100644 --- a/fips/sha/fips_shatest.c +++ b/fips/sha/fips_shatest.c @@ -91,9 +91,7 @@ int main(int argc, char **argv) FILE *in = NULL, *out = NULL; int ret = 1; - fips_set_error_print(); - if(!FIPS_mode_set(1)) - goto end; + fips_algtest_init(); if (argc == 1) in = stdin; -- 2.40.0