X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Frecipes%2F03-test_fipsinstall.t;h=71e8db10e428884eb0fdbc03e4d2282eadbbb0d1;hp=6f7c38a1249fbbf9310c245d2156d73989c80ee2;hb=980a880ee5a85b94caac3049c7d3be0b765d97d3;hpb=95214b434fe969e9508b6b9f38d0ea931d7e6415

diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index 6f7c38a124..71e8db10e4 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -24,24 +24,24 @@ use platform;
 
 plan skip_all => "Test only supported in a fips build" if disabled("fips");
 
-plan tests => 6;
+plan tests => 10;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));
 $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
 
-#fail if no module name
+# fail if no module name
 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module',
              '-provider_name', 'fips',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install'])),
-   "fipinstall fail");
+   "fipsinstall fail");
 
-# fail to Verify if the configuration file is missing
+# fail to verify if the configuration file is missing
 ok(!run(app(['openssl', 'fipsinstall', '-in', 'dummy.tmp', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-verify'])),
-   "fipinstall verify fail");
+   "fipsinstall verify fail");
 
 
 # output a fips.conf file containing mac data
@@ -49,25 +49,53 @@ ok(run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install'])),
-   "fipinstall");
+   "fipsinstall");
 
-# Verify the fips.conf file
+# verify the fips.conf file
 ok(run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
             '-provider_name', 'fips', '-mac_name', 'HMAC',
             '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
             '-section_name', 'fips_install', '-verify'])),
-   "fipinstall verify");
+   "fipsinstall verify");
 
-# Fail to Verify the fips.conf file if a different key is used
+# fail to verify the fips.conf file if a different key is used
 ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA256', '-macopt', 'hexkey:01',
              '-section_name', 'fips_install', '-verify'])),
-   "fipinstall verify fail bad key");
+   "fipsinstall verify fail bad key");
 
-# Fail to Verify the fips.conf file if a different mac digest is used
+# fail to verify the fips.conf file if a different mac digest is used
 ok(!run(app(['openssl', 'fipsinstall', '-in', 'fips.conf', '-module', $infile,
              '-provider_name', 'fips', '-mac_name', 'HMAC',
              '-macopt', 'digest:SHA512', '-macopt', 'hexkey:00',
              '-section_name', 'fips_install', '-verify'])),
-   "fipinstall verify fail incorrect digest");
+   "fipsinstall verify fail incorrect digest");
+
+# corrupt the module hmac
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_install', '-corrupt_desc', 'HMAC'])),
+   "fipsinstall fails when the module integrity is corrupted");
+
+# corrupt the first digest
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_install', '-corrupt_desc', 'SHA1'])),
+   "fipsinstall fails when the digest result is corrupted");
+
+# corrupt another digest
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_install', '-corrupt_desc', 'SHA3'])),
+   "fipsinstall fails when the digest result is corrupted");
+
+# corrupt DRBG
+ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.conf', '-module', $infile,
+            '-provider_name', 'fips', '-mac_name', 'HMAC',
+            '-macopt', 'digest:SHA256', '-macopt', 'hexkey:00',
+            '-section_name', 'fips_install', '-corrupt_desc', 'CTR'])),
+   "fipsinstall fails when the DRBG CTR result is corrupted");