Fix crash if callback not set.
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/evp.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
static struct
0x98,0xf7,0x7e,0x0c
};
-static int corrupt_aes_gcm = 0;
-
-void FIPS_corrupt_aes_gcm(void)
- {
- corrupt_aes_gcm = 1;
- }
-
int FIPS_selftest_aes_gcm(void)
{
- int ret = 0;
+ int ret = 0, do_corrupt = 0;
unsigned char out[128], tag[16];
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
- FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
- sizeof(gcm_iv), NULL);
+ memset(out, 0, sizeof(out));
+ memset(tag, 0, sizeof(tag));
+ if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
+ return 1;
+ if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
+ do_corrupt = 1;
+ if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
+ sizeof(gcm_iv), NULL))
+ goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 1))
goto err;
if (FIPS_cipher(&ctx, NULL, gcm_aad, sizeof(gcm_aad)) < 0)
if (memcmp(tag, gcm_tag, 16) || memcmp(out, gcm_ct, 16))
goto err;
+ memset(out, 0, sizeof(out));
+
/* Modify expected tag value */
- if (corrupt_aes_gcm)
+ if (do_corrupt)
tag[0]++;
- FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
- FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
- sizeof(gcm_iv), NULL);
+ if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 0))
+ goto err;
+ if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN,
+ sizeof(gcm_iv), NULL))
+ goto err;
if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
goto err;
if (!FIPS_cipherinit(&ctx, NULL, gcm_key, gcm_iv, 0))
ret = 1;
err:
+ FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
+ {
+ fips_post_failed(FIPS_TEST_GCM, 0, NULL);
FIPSerr(FIPS_F_FIPS_SELFTEST_AES_GCM,FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ else
+ return fips_post_success(FIPS_TEST_GCM, 0, NULL);
- FIPS_cipher_ctx_cleanup(&ctx);
-
- return ret;
}
#endif
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/cmac.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
};
int FIPS_selftest_cmac()
- {
- size_t n, outlen;
- unsigned char out[32];
- const EVP_CIPHER *cipher;
- CMAC_CTX *ctx = CMAC_CTX_new();
- const CMAC_KAT *t;
-
- for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
- cipher = (*t->alg)();
- CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
- CMAC_Update(ctx, t->msg, t->msgsize/8);
- CMAC_Final(ctx, out, &outlen);
- CMAC_CTX_cleanup(ctx);
+ size_t n, outlen;
+ unsigned char out[32];
+ const EVP_CIPHER *cipher;
+ CMAC_CTX *ctx = CMAC_CTX_new();
+ const CMAC_KAT *t;
+ int do_corrupt = 0, rv = 0;
- if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- }
+ if (!fips_post_started(FIPS_TEST_CMAC, 0, 0))
+ return 1;
+ if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL))
+
+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+ {
+ cipher = (*t->alg)();
+ CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
+ CMAC_Update(ctx, t->msg, t->msgsize/8);
+ if (do_corrupt)
+ CMAC_Update(ctx, t->msg, 1);
+ CMAC_Final(ctx, out, &outlen);
+ CMAC_CTX_cleanup(ctx);
+
+ if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
+ goto err;
+ }
+ }
- CMAC_CTX_free(ctx);
- return 1;
- }
+ rv = 1;
+ err:
+ CMAC_CTX_free(ctx);
+
+ if (rv == 0)
+ {
+ fips_post_failed(FIPS_TEST_CMAC, 0, NULL);
+ return 0;
+ }
+
+ return fips_post_success(FIPS_TEST_CMAC, 0, NULL);
+ }
#endif
void FIPS_selftest_check(void);
int FIPS_selftest_sha1(void);
int FIPS_selftest_aes_gcm(void);
-void FIPS_corrupt_aes_gcm(void);
int FIPS_selftest_aes(void);
int FIPS_selftest_des(void);
int FIPS_selftest_rsa(void);
if (post_failure)
{
post_status = FIPS_POST_STATUS_FAILED;
- fips_post_cb(FIPS_POST_END, 0, 0, NULL);
+ if(fips_post_cb)
+ fips_post_cb(FIPS_POST_END, 0, 0, NULL);
}
else
{
post_status = FIPS_POST_STATUS_OK;
- fips_post_cb(FIPS_POST_END, 1, 0, NULL);
+ if (fips_post_cb)
+ fips_post_cb(FIPS_POST_END, 1, 0, NULL);
}
}
break;
case FIPS_TEST_CMAC:
- idstr = "HMAC";
+ idstr = "CMAC";
break;
case FIPS_TEST_GCM:
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_aes_128_ecb;
} else if (!strcmp(argv[1], "aes-gcm")) {
- FIPS_corrupt_aes_gcm();
- printf("AES-GCM encryption/decryption with corrupted KAT...\n");
+ fail_id = FIPS_TEST_GCM;
} else if (!strcmp(argv[1], "des")) {
fail_id = FIPS_TEST_CIPHER;
fail_sub = NID_des_ede3_ecb;
no_exit = 1;
} else if (!strcmp(argv[1], "sha1")) {
fail_id = FIPS_TEST_DIGEST;
- fail_sub = NID_sha1;
+ } else if (!strcmp(argv[1], "hmac")) {
+ fail_id = FIPS_TEST_HMAC;
} else if (!strcmp(argv[1], "drbg")) {
FIPS_corrupt_drbg();
} else if (!strcmp(argv[1], "rng")) {
#include <openssl/err.h>
#include <openssl/fips.h>
#include <openssl/hmac.h>
+#include "fips_locl.h"
#ifdef OPENSSL_FIPS
typedef struct {
};
int FIPS_selftest_hmac()
- {
- size_t n;
- unsigned int outlen;
- unsigned char out[EVP_MAX_MD_SIZE];
- const EVP_MD *md;
- const HMAC_KAT *t;
-
- for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
- md = (*t->alg)();
- HMAC(md,t->key,strlen(t->key),
- (const unsigned char *)t->iv,strlen(t->iv),
- out,&outlen);
+ size_t n;
+ unsigned int outlen;
+ unsigned char out[EVP_MAX_MD_SIZE];
+ const EVP_MD *md;
+ const HMAC_KAT *t;
+ int rv = 0, do_corrupt = 0;
+ HMAC_CTX c;
+ HMAC_CTX_init(&c);
+
+ if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
+ return 1;
+ if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
+ do_corrupt = 1;
+
+ for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
+ {
+ md = (*t->alg)();
+ if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
+ goto err;
+ if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
+ goto err;
+ if (do_corrupt)
+ {
+ if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
+ goto err;
+ }
+ if (!HMAC_Final(&c, out, &outlen))
+ goto err;
+
+ if(memcmp(out,t->kaval,outlen))
+ {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
+ goto err;
+ }
+ }
+
+ rv = 1;
- if(memcmp(out,t->kaval,outlen))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
+ err:
+ HMAC_CTX_cleanup(&c);
+ if (rv == 0)
+ {
+ fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
+ return 0;
+ }
+ return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
}
- return 1;
- }
#endif
projects / openssl.git / commitdiff