projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add continuous RNG test to entropy source. Entropy callbacks now need
[openssl.git]
/
fips
/
fips_test_suite.c
diff --git
a/fips/fips_test_suite.c
b/fips/fips_test_suite.c
index e07b6d61626f4b790aadea355bc43dc77f25ead7..8192eb2cc87a9e3a1268f0ea2987e769cbc35536 100644
(file)
--- a/
fips/fips_test_suite.c
+++ b/
fips/fips_test_suite.c
@@
-685,6
+685,9
@@
POST_ID id_list[] = {
{NID_aes_128_cbc, "AES-128-CBC"},
{NID_aes_192_cbc, "AES-192-CBC"},
{NID_aes_256_cbc, "AES-256-CBC"},
{NID_aes_128_cbc, "AES-128-CBC"},
{NID_aes_192_cbc, "AES-192-CBC"},
{NID_aes_256_cbc, "AES-256-CBC"},
+ {NID_aes_128_ctr, "AES-128-CTR"},
+ {NID_aes_192_ctr, "AES-192-CTR"},
+ {NID_aes_256_ctr, "AES-256-CTR"},
{NID_aes_128_ecb, "AES-128-ECB"},
{NID_aes_128_xts, "AES-128-XTS"},
{NID_aes_256_xts, "AES-256-XTS"},
{NID_aes_128_ecb, "AES-128-ECB"},
{NID_aes_128_xts, "AES-128-XTS"},
{NID_aes_256_xts, "AES-256-XTS"},
@@
-772,6
+775,13
@@
static int post_cb(int op, int id, int subid, void *ex)
case FIPS_TEST_DRBG:
idstr = "DRBG";
case FIPS_TEST_DRBG:
idstr = "DRBG";
+ if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
+ {
+ sprintf(asctmp, "%s DF", lookup_id(subid));
+ exstr = asctmp;
+ }
+ else
+ exstr = lookup_id(subid);
break;
case FIPS_TEST_PAIRWISE:
break;
case FIPS_TEST_PAIRWISE:
@@
-837,7
+847,6
@@
int main(int argc,char **argv)
int do_drbg_stick = 0;
int no_exit = 0;
int do_drbg_stick = 0;
int no_exit = 0;
- fips_algtest_init_nofips();
FIPS_post_set_callback(post_cb);
FIPS_post_set_callback(post_cb);
@@
-850,6
+859,8
@@
int main(int argc,char **argv)
} else if (!strcmp(argv[1], "aes")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb;
} else if (!strcmp(argv[1], "aes")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb;
+ } else if (!strcmp(argv[1], "aes-ccm")) {
+ fail_id = FIPS_TEST_CCM;
} else if (!strcmp(argv[1], "aes-gcm")) {
fail_id = FIPS_TEST_GCM;
} else if (!strcmp(argv[1], "aes-xts")) {
} else if (!strcmp(argv[1], "aes-gcm")) {
fail_id = FIPS_TEST_GCM;
} else if (!strcmp(argv[1], "aes-xts")) {
@@
-889,13
+900,17
@@
int main(int argc,char **argv)
} else if (!strcmp(argv[1], "cmac")) {
fail_id = FIPS_TEST_CMAC;
} else if (!strcmp(argv[1], "drbg")) {
} else if (!strcmp(argv[1], "cmac")) {
fail_id = FIPS_TEST_CMAC;
} else if (!strcmp(argv[1], "drbg")) {
-
FIPS_corrupt_drbg()
;
+
fail_id = FIPS_TEST_DRBG
;
} else if (!strcmp(argv[1], "rng")) {
fail_id = FIPS_TEST_X931;
} else if (!strcmp(argv[1], "rng")) {
fail_id = FIPS_TEST_X931;
+ } else if (!strcmp(argv[1], "post")) {
+ fail_id = -1;
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
printf("RNG test with stuck continuous test...\n");
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
printf("RNG test with stuck continuous test...\n");
+ } else if (!strcmp(argv[1], "drbgentstick")) {
+ do_entropy_stick();
} else if (!strcmp(argv[1], "drbgstick")) {
do_drbg_stick = 1;
no_exit = 1;
} else if (!strcmp(argv[1], "drbgstick")) {
do_drbg_stick = 1;
no_exit = 1;
@@
-905,6
+920,7
@@
int main(int argc,char **argv)
exit(1);
}
if (!no_exit) {
exit(1);
}
if (!no_exit) {
+ fips_algtest_init_nofips();
if (!FIPS_mode_set(1)) {
printf("Power-up self test failed\n");
exit(1);
if (!FIPS_mode_set(1)) {
printf("Power-up self test failed\n");
exit(1);
@@
-914,6
+930,8
@@
int main(int argc,char **argv)
}
}
}
}
+ fips_algtest_init_nofips();
+
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");
/* Non-Approved cryptographic operation
*/
printf("1. Non-Approved cryptographic operation test...\n");