Update premain fingerprint.
[openssl.git] / fips / fips_test_suite.c
1 /* ====================================================================
2  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
3  *
4  *
5  * This command is intended as a test driver for the FIPS-140 testing
6  * lab performing FIPS-140 validation.  It demonstrates the use of the
7  * OpenSSL library ito perform a variety of common cryptographic
8  * functions.  A power-up self test is demonstrated by deliberately
9  * pointing to an invalid executable hash
10  *
11  * Contributed by Steve Marquess.
12  *
13  */
14
15 #define OPENSSL_FIPSAPI
16
17 #include <stdio.h>
18 #include <assert.h>
19 #include <ctype.h>
20 #include <string.h>
21 #include <stdlib.h>
22 #include <openssl/evp.h>
23 #include <openssl/hmac.h>
24 #include <openssl/cmac.h>
25 #include <openssl/sha.h>
26 #include <openssl/err.h>
27
28 #include <openssl/bn.h>
29 #include <openssl/rand.h>
30
31 #ifndef OPENSSL_FIPS
32 int main(int argc, char *argv[])
33     {
34     printf("No FIPS support\n");
35     return(0);
36     }
37 #else
38
39 #define ERR_clear_error() while(0)
40
41 #include <openssl/rsa.h>
42 #include <openssl/dsa.h>
43 #include <openssl/dh.h>
44
45 #include <openssl/fips.h>
46 #include <openssl/fips_rand.h>
47 #include "fips_utl.h"
48
49 /* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
50 */
51 static int FIPS_aes_test(void)
52         {
53         int ret = 0;
54         unsigned char pltmp[16];
55         unsigned char citmp[16];
56         unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
57         unsigned char plaintext[16] = "etaonrishdlcu";
58         EVP_CIPHER_CTX ctx;
59         FIPS_cipher_ctx_init(&ctx);
60         if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 1) <= 0)
61                 goto err;
62         FIPS_cipher(&ctx, citmp, plaintext, 16);
63         if (FIPS_cipherinit(&ctx, EVP_aes_128_ecb(), key, NULL, 0) <= 0)
64                 goto err;
65         FIPS_cipher(&ctx, pltmp, citmp, 16);
66         if (memcmp(pltmp, plaintext, 16))
67                 goto err;
68         ret = 1;
69         err:
70         FIPS_cipher_ctx_cleanup(&ctx);
71         return ret;
72         }
73
74 static int FIPS_aes_gcm_test(void)
75         {
76         int ret = 0;
77         unsigned char pltmp[16];
78         unsigned char citmp[16];
79         unsigned char tagtmp[16];
80         unsigned char key[16] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
81         unsigned char iv[16] = {21,22,23,24,25,26,27,28,29,30,31,32};
82         unsigned char aad[] = "Some text AAD";
83         unsigned char plaintext[16] = "etaonrishdlcu";
84         EVP_CIPHER_CTX ctx;
85         FIPS_cipher_ctx_init(&ctx);
86         if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 1) <= 0)
87                 goto err;
88         FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
89         FIPS_cipher(&ctx, citmp, plaintext, 16);
90         FIPS_cipher(&ctx, NULL, NULL, 0);
91         if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, 16, tagtmp))
92                 goto err;
93
94         if (FIPS_cipherinit(&ctx, EVP_aes_128_gcm(), key, iv, 0) <= 0)
95                 goto err;
96         if (!FIPS_cipher_ctx_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, 16, tagtmp))
97                 goto err;
98
99         FIPS_cipher(&ctx, NULL, aad, sizeof(aad));
100
101         FIPS_cipher(&ctx, pltmp, citmp, 16);
102
103         if (FIPS_cipher(&ctx, NULL, NULL, 0) < 0)
104                 goto err;
105
106         if (memcmp(pltmp, plaintext, 16))
107                 goto err;
108
109         ret = 1;
110         err:
111         FIPS_cipher_ctx_cleanup(&ctx);
112         return ret;
113         }
114
115 static int FIPS_des3_test(void)
116         {
117         int ret = 0;
118         unsigned char pltmp[8];
119         unsigned char citmp[8];
120         unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
121                               19,20,21,22,23,24};
122         unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
123         EVP_CIPHER_CTX ctx;
124         FIPS_cipher_ctx_init(&ctx);
125         if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 1) <= 0)
126                 goto err;
127         FIPS_cipher(&ctx, citmp, plaintext, 8);
128         if (FIPS_cipherinit(&ctx, EVP_des_ede3_ecb(), key, NULL, 0) <= 0)
129                 goto err;
130         FIPS_cipher(&ctx, pltmp, citmp, 8);
131         if (memcmp(pltmp, plaintext, 8))
132                 goto err;
133         ret = 1;
134         err:
135         FIPS_cipher_ctx_cleanup(&ctx);
136         return ret;
137         }
138
139 /*
140  * DSA: generate keys and sign, verify input plaintext.
141  */
142 static int FIPS_dsa_test(int bad)
143     {
144     DSA *dsa = NULL;
145     unsigned char dgst[] = "etaonrishdlc";
146     int r = 0;
147     EVP_MD_CTX mctx;
148     DSA_SIG *sig = NULL;
149
150     ERR_clear_error();
151     FIPS_md_ctx_init(&mctx);
152     dsa = FIPS_dsa_new();
153     if (!dsa)
154         goto end;
155     if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
156         goto end;
157     if (!DSA_generate_key(dsa))
158         goto end;
159     if (bad)
160             BN_add_word(dsa->pub_key, 1);
161
162     if (!FIPS_digestinit(&mctx, EVP_sha256()))
163         goto end;
164     if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
165         goto end;
166     sig = FIPS_dsa_sign_ctx(dsa, &mctx);
167     if (!sig)
168         goto end;
169
170     if (!FIPS_digestinit(&mctx, EVP_sha256()))
171         goto end;
172     if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1))
173         goto end;
174     r = FIPS_dsa_verify_ctx(dsa, &mctx, sig);
175     end:
176     if (sig)
177         FIPS_dsa_sig_free(sig);
178     FIPS_md_ctx_cleanup(&mctx);
179     if (dsa)
180           FIPS_dsa_free(dsa);
181     if (r != 1)
182         return 0;
183     return 1;
184     }
185
186 /*
187  * RSA: generate keys and sign, verify input plaintext.
188  */
189 static int FIPS_rsa_test(int bad)
190     {
191     RSA *key;
192     unsigned char input_ptext[] = "etaonrishdlc";
193     unsigned char buf[256];
194     unsigned int slen;
195     BIGNUM *bn;
196     EVP_MD_CTX mctx;
197     int r = 0;
198
199     ERR_clear_error();
200     FIPS_md_ctx_init(&mctx);
201     key = FIPS_rsa_new();
202     bn = BN_new();
203     if (!key || !bn)
204         return 0;
205     BN_set_word(bn, 65537);
206     if (!RSA_generate_key_ex(key, 2048,bn,NULL))
207         return 0;
208     BN_free(bn);
209     if (bad)
210             BN_add_word(key->n, 1);
211
212     if (!FIPS_digestinit(&mctx, EVP_sha256()))
213         goto end;
214     if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
215         goto end;
216     if (!FIPS_rsa_sign_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, &slen))
217         goto end;
218
219     if (!FIPS_digestinit(&mctx, EVP_sha256()))
220         goto end;
221     if (!FIPS_digestupdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
222         goto end;
223     r = FIPS_rsa_verify_ctx(key, &mctx, RSA_PKCS1_PADDING, 0, NULL, buf, slen);
224     end:
225     FIPS_md_ctx_cleanup(&mctx);
226     if (key)
227           FIPS_rsa_free(key);
228     if (r != 1)
229         return 0;
230     return 1;
231     }
232
233 /* SHA1: generate hash of known digest value and compare to known
234    precomputed correct hash
235 */
236 static int FIPS_sha1_test()
237     {
238     unsigned char digest[SHA_DIGEST_LENGTH] =
239         { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
240     unsigned char str[] = "etaonrishd";
241
242     unsigned char md[SHA_DIGEST_LENGTH];
243
244     ERR_clear_error();
245     if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha1())) return 0;
246     if (memcmp(md,digest,sizeof(md)))
247         return 0;
248     return 1;
249     }
250
251 /* SHA256: generate hash of known digest value and compare to known
252    precomputed correct hash
253 */
254 static int FIPS_sha256_test()
255     {
256     unsigned char digest[SHA256_DIGEST_LENGTH] =
257         {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
258          0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
259     unsigned char str[] = "etaonrishd";
260
261     unsigned char md[SHA256_DIGEST_LENGTH];
262
263     ERR_clear_error();
264     if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha256())) return 0;
265     if (memcmp(md,digest,sizeof(md)))
266         return 0;
267     return 1;
268     }
269
270 /* SHA512: generate hash of known digest value and compare to known
271    precomputed correct hash
272 */
273 static int FIPS_sha512_test()
274     {
275     unsigned char digest[SHA512_DIGEST_LENGTH] =
276         {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
277          0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
278          0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
279          0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
280     unsigned char str[] = "etaonrishd";
281
282     unsigned char md[SHA512_DIGEST_LENGTH];
283
284     ERR_clear_error();
285     if (!FIPS_digest(str,sizeof(str) - 1,md, NULL, EVP_sha512())) return 0;
286     if (memcmp(md,digest,sizeof(md)))
287         return 0;
288     return 1;
289     }
290
291 /* HMAC-SHA1: generate hash of known digest value and compare to known
292    precomputed correct hash
293 */
294 static int FIPS_hmac_sha1_test()
295     {
296     unsigned char key[] = "etaonrishd";
297     unsigned char iv[] = "Sample text";
298     unsigned char kaval[EVP_MAX_MD_SIZE] =
299         {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
300          0xb2, 0xfb, 0xec, 0xc6};
301
302     unsigned char out[EVP_MAX_MD_SIZE];
303     unsigned int outlen;
304
305     ERR_clear_error();
306     if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
307     if (memcmp(out,kaval,outlen))
308         return 0;
309     return 1;
310     }
311
312 /* HMAC-SHA224: generate hash of known digest value and compare to known
313    precomputed correct hash
314 */
315 static int FIPS_hmac_sha224_test()
316     {
317     unsigned char key[] = "etaonrishd";
318     unsigned char iv[] = "Sample text";
319     unsigned char kaval[EVP_MAX_MD_SIZE] =
320         {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
321          0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
322
323     unsigned char out[EVP_MAX_MD_SIZE];
324     unsigned int outlen;
325
326     ERR_clear_error();
327     if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
328     if (memcmp(out,kaval,outlen))
329         return 0;
330     return 1;
331     }
332
333 /* HMAC-SHA256: generate hash of known digest value and compare to known
334    precomputed correct hash
335 */
336 static int FIPS_hmac_sha256_test()
337     {
338     unsigned char key[] = "etaonrishd";
339     unsigned char iv[] = "Sample text";
340     unsigned char kaval[EVP_MAX_MD_SIZE] =
341         {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
342          0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
343
344     unsigned char out[EVP_MAX_MD_SIZE];
345     unsigned int outlen;
346
347     ERR_clear_error();
348     if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
349     if (memcmp(out,kaval,outlen))
350         return 0;
351     return 1;
352     }
353
354 /* HMAC-SHA384: generate hash of known digest value and compare to known
355    precomputed correct hash
356 */
357 static int FIPS_hmac_sha384_test()
358     {
359     unsigned char key[] = "etaonrishd";
360     unsigned char iv[] = "Sample text";
361     unsigned char kaval[EVP_MAX_MD_SIZE] =
362         {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
363          0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
364          0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
365
366     unsigned char out[EVP_MAX_MD_SIZE];
367     unsigned int outlen;
368
369     ERR_clear_error();
370     if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
371     if (memcmp(out,kaval,outlen))
372         return 0;
373     return 1;
374     }
375
376 /* HMAC-SHA512: generate hash of known digest value and compare to known
377    precomputed correct hash
378 */
379 static int FIPS_hmac_sha512_test()
380     {
381     unsigned char key[] = "etaonrishd";
382     unsigned char iv[] = "Sample text";
383     unsigned char kaval[EVP_MAX_MD_SIZE] =
384         {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
385          0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
386          0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
387          0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
388
389     unsigned char out[EVP_MAX_MD_SIZE];
390     unsigned int outlen;
391
392     ERR_clear_error();
393     if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
394     if (memcmp(out,kaval,outlen))
395         return 0;
396     return 1;
397     }
398
399 /* CMAC-AES128: generate hash of known digest value and compare to known
400    precomputed correct hash
401 */
402 static int FIPS_cmac_aes128_test()
403     {
404     unsigned char key[16] = { 0x2b,0x7e,0x15,0x16, 0x28,0xae,0xd2,0xa6,
405                               0xab,0xf7,0x15,0x88, 0x09,0xcf,0x4f,0x3c, };
406     unsigned char data[] = "Sample text";
407     unsigned char kaval[EVP_MAX_MD_SIZE] =
408             { 0x16,0x83,0xfe,0xac, 0x52,0x9b,0xae,0x23,
409               0xd7,0xd5,0x66,0xf5, 0xd2,0x8d,0xbd,0x2a, };
410
411     unsigned char *out = NULL;
412     size_t outlen;
413     CMAC_CTX *ctx = CMAC_CTX_new();
414     int r = 0;
415
416     ERR_clear_error();
417
418     if (!ctx)
419             goto end;
420     if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_128_cbc(),NULL))
421             goto end;
422     if (!CMAC_Update(ctx,data,sizeof(data)-1))
423             goto end;
424     /* This should return 1.  If not, there's a programming error... */
425     if (!CMAC_Final(ctx, out, &outlen))
426             goto end;
427     out = OPENSSL_malloc(outlen);
428     if (!CMAC_Final(ctx, out, &outlen))
429             goto end;
430 #if 0
431     {
432     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
433     bin2hex(out, outlen, hexout);
434     printf("CMAC-AES128: res = %s\n", hexout);
435     OPENSSL_free(hexout);
436     }
437     r = 1;
438 #else
439     if (!memcmp(out,kaval,outlen))
440             r = 1;
441 #endif
442     end:
443     CMAC_CTX_free(ctx);
444     if (out)
445           OPENSSL_free(out);
446     return r;
447     }
448
449 /* CMAC-AES192: generate hash of known digest value and compare to known
450    precomputed correct hash
451 */
452 static int FIPS_cmac_aes192_test()
453     {
454     unsigned char key[] = { 0x8e,0x73,0xb0,0xf7, 0xda,0x0e,0x64,0x52,
455                             0xc8,0x10,0xf3,0x2b, 0x80,0x90,0x79,0xe5,
456                             0x62,0xf8,0xea,0xd2, 0x52,0x2c,0x6b,0x7b, };
457     unsigned char data[] = "Sample text";
458     unsigned char kaval[] =
459             { 0xd6,0x99,0x19,0x25, 0xe5,0x1d,0x95,0x48,
460               0xb1,0x4a,0x0b,0xf2, 0xc6,0x3c,0x47,0x1f, };
461
462     unsigned char *out = NULL;
463     size_t outlen;
464     CMAC_CTX *ctx = CMAC_CTX_new();
465     int r = 0;
466
467     ERR_clear_error();
468
469     if (!ctx)
470             goto end;
471     if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_192_cbc(),NULL))
472             goto end;
473     if (!CMAC_Update(ctx,data,sizeof(data)-1))
474             goto end;
475     /* This should return 1.  If not, there's a programming error... */
476     if (!CMAC_Final(ctx, out, &outlen))
477             goto end;
478     out = OPENSSL_malloc(outlen);
479     if (!CMAC_Final(ctx, out, &outlen))
480             goto end;
481 #if 0
482     {
483     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
484     bin2hex(out, outlen, hexout);
485     printf("CMAC-AES192: res = %s\n", hexout);
486     OPENSSL_free(hexout);
487     }
488     r = 1;
489 #else
490     if (!memcmp(out,kaval,outlen))
491             r = 1;
492 #endif
493     end:
494     CMAC_CTX_free(ctx);
495     if (out)
496           OPENSSL_free(out);
497     return r;
498     }
499
500 /* CMAC-AES256: generate hash of known digest value and compare to known
501    precomputed correct hash
502 */
503 static int FIPS_cmac_aes256_test()
504     {
505     unsigned char key[] = { 0x60,0x3d,0xeb,0x10, 0x15,0xca,0x71,0xbe,
506                             0x2b,0x73,0xae,0xf0, 0x85,0x7d,0x77,0x81,
507                             0x1f,0x35,0x2c,0x07, 0x3b,0x61,0x08,0xd7,
508                             0x2d,0x98,0x10,0xa3, 0x09,0x14,0xdf,0xf4, };
509     unsigned char data[] = "Sample text";
510     unsigned char kaval[] =
511             { 0xec,0xc2,0xcf,0x63, 0xc7,0xce,0xfc,0xa4,
512               0xb0,0x86,0x37,0x5f, 0x15,0x60,0xba,0x1f, };
513
514     unsigned char *out = NULL;
515     size_t outlen;
516     CMAC_CTX *ctx = CMAC_CTX_new();
517     int r = 0;
518
519     ERR_clear_error();
520
521     if (!ctx)
522             goto end;
523     if (!CMAC_Init(ctx,key,sizeof(key),EVP_aes_256_cbc(),NULL))
524             goto end;
525     if (!CMAC_Update(ctx,data,sizeof(data)-1))
526             goto end;
527     /* This should return 1.  If not, there's a programming error... */
528     if (!CMAC_Final(ctx, out, &outlen))
529             goto end;
530     out = OPENSSL_malloc(outlen);
531     if (!CMAC_Final(ctx, out, &outlen))
532             goto end;
533 #if 0
534     {
535     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
536     bin2hex(out, outlen, hexout);
537     printf("CMAC-AES256: res = %s\n", hexout);
538     OPENSSL_free(hexout);
539     }
540     r = 1;
541 #else
542     if (!memcmp(out,kaval,outlen))
543             r = 1;
544 #endif
545     end:
546     CMAC_CTX_free(ctx);
547     if (out)
548           OPENSSL_free(out);
549     return r;
550     }
551
552 /* CMAC-TDEA3: generate hash of known digest value and compare to known
553    precomputed correct hash
554 */
555 static int FIPS_cmac_tdea3_test()
556     {
557     unsigned char key[] = { 0x8a,0xa8,0x3b,0xf8, 0xcb,0xda,0x10,0x62,
558                             0x0b,0xc1,0xbf,0x19, 0xfb,0xb6,0xcd,0x58,
559                             0xbc,0x31,0x3d,0x4a, 0x37,0x1c,0xa8,0xb5, };
560     unsigned char data[] = "Sample text";
561     unsigned char kaval[EVP_MAX_MD_SIZE] =
562             { 0xb4,0x06,0x4e,0xbf, 0x59,0x89,0xba,0x68, };
563
564     unsigned char *out = NULL;
565     size_t outlen;
566     CMAC_CTX *ctx = CMAC_CTX_new();
567     int r = 0;
568
569     ERR_clear_error();
570
571     if (!ctx)
572             goto end;
573     if (!CMAC_Init(ctx,key,sizeof(key),EVP_des_ede3_cbc(),NULL))
574             goto end;
575     if (!CMAC_Update(ctx,data,sizeof(data)-1))
576             goto end;
577     /* This should return 1.  If not, there's a programming error... */
578     if (!CMAC_Final(ctx, out, &outlen))
579             goto end;
580     out = OPENSSL_malloc(outlen);
581     if (!CMAC_Final(ctx, out, &outlen))
582             goto end;
583 #if 0
584     {
585     char *hexout = OPENSSL_malloc(outlen * 2 + 1);
586     bin2hex(out, outlen, hexout);
587     printf("CMAC-TDEA3: res = %s\n", hexout);
588     OPENSSL_free(hexout);
589     }
590     r = 1;
591 #else
592     if (!memcmp(out,kaval,outlen))
593             r = 1;
594 #endif
595     end:
596     CMAC_CTX_free(ctx);
597     if (out)
598           OPENSSL_free(out);
599     return r;
600     }
601
602
603 /* DH: generate shared parameters
604 */
605 static int dh_test()
606     {
607     DH *dh;
608     ERR_clear_error();
609     dh = FIPS_dh_new();
610     if (!dh)
611         return 0;
612     if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
613         return 0;
614     FIPS_dh_free(dh);
615     return 1;
616     }
617
618 /* Zeroize
619 */
620 static int Zeroize()
621     {
622     RSA *key;
623     BIGNUM *bn;
624     unsigned char userkey[16] = 
625         { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
626     size_t i;
627     int n;
628
629     key = FIPS_rsa_new();
630     bn = BN_new();
631     if (!key || !bn)
632         return 0;
633     BN_set_word(bn, 65537);
634     if (!RSA_generate_key_ex(key, 1024,bn,NULL))
635         return 0;
636     BN_free(bn);
637     
638     n = BN_num_bytes(key->d);
639     printf(" Generated %d byte RSA private key\n", n);
640     printf("\tBN key before overwriting:\n");
641     do_bn_print(stdout, key->d);
642     BN_rand(key->d,n*8,-1,0);
643     printf("\tBN key after overwriting:\n");
644     do_bn_print(stdout, key->d);
645
646     printf("\tchar buffer key before overwriting: \n\t\t");
647     for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
648         printf("\n");
649     RAND_bytes(userkey, sizeof userkey);
650     printf("\tchar buffer key after overwriting: \n\t\t");
651     for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
652         printf("\n");
653
654     return 1;
655     }
656
657 /* Dummy Entropy for DRBG tests. WARNING: THIS IS TOTALLY BOGUS
658  * HAS ZERO SECURITY AND MUST NOT BE USED IN REAL APPLICATIONS.
659  */
660
661 static unsigned char dummy_drbg_entropy[1024];
662
663 static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
664                                 int entropy, size_t min_len, size_t max_len)
665         {
666         *pout = dummy_drbg_entropy;
667         /* Round up to multiple of block size */
668         return (min_len + 0xf) & ~0xf;
669         }
670
671 /* DRBG test: just generate lots of data and trigger health checks */
672
673 static int do_drbg_test(int type, int flags)
674     {
675     DRBG_CTX *dctx;
676     int rv = 0;
677     size_t i;
678     unsigned char randout[1024];
679     dctx = FIPS_drbg_new(type, flags);
680     if (!dctx)
681         return 0;
682     FIPS_drbg_set_callbacks(dctx, drbg_test_cb, 0, 0x10, drbg_test_cb, 0);
683     for (i = 0; i < sizeof(dummy_drbg_entropy); i++)
684         {
685         dummy_drbg_entropy[i] = i & 0xff;
686         }
687     if (!FIPS_drbg_instantiate(dctx, dummy_drbg_entropy, 10))
688         goto err;
689     FIPS_drbg_set_check_interval(dctx, 10);
690     for (i = 0; i < 32; i++)
691         {
692         if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, NULL, 0))
693                 goto err;
694         if (!FIPS_drbg_generate(dctx, randout, sizeof(randout), 0, dummy_drbg_entropy, 1))
695                 goto err;
696         }
697     rv = 1;
698     err:
699     FIPS_drbg_uninstantiate(dctx);
700     return rv;
701     }
702
703 typedef struct 
704     {
705     int type, flags;
706     } DRBG_LIST;
707
708 static int do_drbg_all(void)
709     {
710     static DRBG_LIST drbg_types[] =
711         {
712                 {NID_sha1, 0},
713                 {NID_sha224, 0},
714                 {NID_sha256, 0},
715                 {NID_sha384, 0},
716                 {NID_sha512, 0},
717                 {NID_hmacWithSHA1, 0},
718                 {NID_hmacWithSHA224, 0},
719                 {NID_hmacWithSHA256, 0},
720                 {NID_hmacWithSHA384, 0},
721                 {NID_hmacWithSHA512, 0},
722                 {NID_aes_128_ctr, 0},
723                 {NID_aes_192_ctr, 0},
724                 {NID_aes_256_ctr, 0},
725                 {NID_aes_128_ctr, DRBG_FLAG_CTR_USE_DF},
726                 {NID_aes_192_ctr, DRBG_FLAG_CTR_USE_DF},
727                 {NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF},
728                 {(NID_X9_62_prime256v1 << 16)|NID_sha1, 0},
729                 {(NID_X9_62_prime256v1 << 16)|NID_sha224, 0},
730                 {(NID_X9_62_prime256v1 << 16)|NID_sha256, 0},
731                 {(NID_X9_62_prime256v1 << 16)|NID_sha384, 0},
732                 {(NID_X9_62_prime256v1 << 16)|NID_sha512, 0},
733                 {(NID_secp384r1 << 16)|NID_sha224, 0},
734                 {(NID_secp384r1 << 16)|NID_sha256, 0},
735                 {(NID_secp384r1 << 16)|NID_sha384, 0},
736                 {(NID_secp384r1 << 16)|NID_sha512, 0},
737                 {(NID_secp521r1 << 16)|NID_sha256, 0},
738                 {(NID_secp521r1 << 16)|NID_sha384, 0},
739                 {(NID_secp521r1 << 16)|NID_sha512, 0},
740                 {0, 0}
741         };
742     DRBG_LIST *lst;
743     int rv = 1;
744     for (lst = drbg_types;; lst++)
745         {
746         if (lst->type == 0)
747                 break;
748         if (!do_drbg_test(lst->type, lst->flags))
749                 rv = 0;
750         }
751     return rv;
752     }
753
754 static int Error;
755 static const char * Fail(const char *msg)
756     {
757     Error++;
758     return msg; 
759     }
760
761 static void test_msg(const char *msg, int result)
762         {
763         printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
764         }
765
766 /* Table of IDs for POST translating between NIDs and names */
767
768 typedef struct 
769         {
770         int id;
771         const char *name;
772         } POST_ID;
773
774 POST_ID id_list[] = {
775         {NID_sha1, "SHA1"},
776         {NID_sha224, "SHA224"},
777         {NID_sha256, "SHA256"},
778         {NID_sha384, "SHA384"},
779         {NID_sha512, "SHA512"},
780         {NID_hmacWithSHA1, "HMAC-SHA1"},
781         {NID_hmacWithSHA224, "HMAC-SHA224"},
782         {NID_hmacWithSHA256, "HMAC-SHA256"},
783         {NID_hmacWithSHA384, "HMAC-SHA384"},
784         {NID_hmacWithSHA512, "HMAC-SHA512"},
785         {EVP_PKEY_RSA, "RSA"},
786         {EVP_PKEY_DSA, "DSA"},
787         {EVP_PKEY_EC, "ECDSA"},
788         {NID_aes_128_cbc, "AES-128-CBC"},
789         {NID_aes_192_cbc, "AES-192-CBC"},
790         {NID_aes_256_cbc, "AES-256-CBC"},
791         {NID_aes_128_ctr, "AES-128-CTR"},
792         {NID_aes_192_ctr, "AES-192-CTR"},
793         {NID_aes_256_ctr, "AES-256-CTR"},
794         {NID_aes_128_ecb, "AES-128-ECB"},
795         {NID_aes_128_xts, "AES-128-XTS"},
796         {NID_aes_256_xts, "AES-256-XTS"},
797         {NID_des_ede3_cbc, "DES-EDE3-CBC"},
798         {NID_des_ede3_ecb, "DES-EDE3-ECB"},
799         {NID_secp224r1, "P-224"},
800         {NID_sect233r1, "B-233"},
801         {NID_sect233k1, "K-233"},
802         {NID_X9_62_prime256v1, "P-256"},
803         {NID_secp384r1, "P-384"},
804         {NID_secp521r1, "P-521"},
805         {0, NULL}
806 };
807
808 static const char *lookup_id(int id)
809         {
810         POST_ID *n;
811         static char out[40];
812         for (n = id_list; n->name; n++)
813                 {
814                 if (n->id == id)
815                         return n->name;
816                 }
817         sprintf(out, "ID=%d", id);
818         return out;
819         }
820
821 static int fail_id = -1;
822 static int fail_sub = -1;
823 static int fail_key = -1;
824
825 static int post_cb(int op, int id, int subid, void *ex)
826         {
827         const char *idstr, *exstr = "";
828         char asctmp[20];
829         int keytype = -1;
830 #ifdef FIPS_POST_TIME
831         static struct timespec start, end, tstart, tend;
832 #endif
833         switch(id)
834                 {
835                 case FIPS_TEST_INTEGRITY:
836                 idstr = "Integrity";
837                 break;
838
839                 case FIPS_TEST_DIGEST:
840                 idstr = "Digest";
841                 exstr = lookup_id(subid);
842                 break;
843
844                 case FIPS_TEST_CIPHER:
845                 exstr = lookup_id(subid);
846                 idstr = "Cipher";
847                 break;
848
849                 case FIPS_TEST_SIGNATURE:
850                 if (ex)
851                         {
852                         EVP_PKEY *pkey = ex;
853                         keytype = pkey->type;
854                         if (keytype == EVP_PKEY_EC)
855                                 {
856                                 const EC_GROUP *grp;
857                                 int cnid;
858                                 grp = EC_KEY_get0_group(pkey->pkey.ec);
859                                 cnid = EC_GROUP_get_curve_name(grp);
860                                 sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
861                                 exstr = asctmp;
862                                 }
863                         else
864                                 exstr = lookup_id(keytype);
865                         }
866                 idstr = "Signature";
867                 break;
868
869                 case FIPS_TEST_HMAC:
870                 exstr = lookup_id(subid);
871                 idstr = "HMAC";
872                 break;
873
874                 case FIPS_TEST_CMAC:
875                 idstr = "CMAC";
876                 exstr = lookup_id(subid);
877                 break;
878
879                 case FIPS_TEST_GCM:
880                 idstr = "GCM";
881                 break;
882
883                 case FIPS_TEST_XTS:
884                 idstr = "XTS";
885                 exstr = lookup_id(subid);
886                 break;
887
888                 case FIPS_TEST_CCM:
889                 idstr = "CCM";
890                 break;
891
892                 case FIPS_TEST_X931:
893                 idstr = "X9.31 PRNG";
894                 sprintf(asctmp, "keylen=%d", subid);
895                 exstr = asctmp;
896                 break;
897
898                 case FIPS_TEST_DRBG:
899                 idstr = "DRBG";
900                 if (*(int *)ex & DRBG_FLAG_CTR_USE_DF)
901                         {
902                         sprintf(asctmp, "%s DF", lookup_id(subid));
903                         exstr = asctmp;
904                         }
905                 else if (subid >> 16)
906                         {
907                         sprintf(asctmp, "%s %s",
908                                         lookup_id(subid >> 16),
909                                         lookup_id(subid & 0xFFFF));
910                         exstr = asctmp;
911                         }
912                 else
913                         exstr = lookup_id(subid);
914                 break;
915
916                 case FIPS_TEST_PAIRWISE:
917                 if (ex)
918                         {
919                         EVP_PKEY *pkey = ex;
920                         keytype = pkey->type;
921                         exstr = lookup_id(keytype);
922                         }
923                 idstr = "Pairwise Consistency";
924                 break;
925
926                 case FIPS_TEST_CONTINUOUS:
927                 idstr = "Continuous PRNG";
928                 break;
929
930                 case FIPS_TEST_ECDH:
931                 idstr = "ECDH";
932                 exstr = lookup_id(subid);
933                 break;
934
935                 default:
936                 idstr = "Unknown";
937                 break;
938
939                 }
940
941         switch(op)
942                 {
943                 case FIPS_POST_BEGIN:
944 #ifdef FIPS_POST_TIME
945                 clock_getres(CLOCK_REALTIME, &tstart);
946                 printf("\tTimer resolution %ld s, %ld ns\n",
947                                 (long)tstart.tv_sec, (long)tstart.tv_nsec);
948                 clock_gettime(CLOCK_REALTIME, &tstart);
949 #endif
950                 printf("\tPOST started\n");
951                 break;
952
953                 case FIPS_POST_END:
954                 printf("\tPOST %s\n", id ? "Success" : "Failed");
955 #ifdef FIPS_POST_TIME
956                 clock_gettime(CLOCK_REALTIME, &tend);
957                 printf("\t\tTook %f seconds\n",
958                         (double)((tend.tv_sec+tend.tv_nsec*1e-9)
959                         - (tstart.tv_sec+tstart.tv_nsec*1e-9)));
960 #endif
961                 break;
962
963                 case FIPS_POST_STARTED:
964                 printf("\t\t%s %s test started\n", idstr, exstr);
965 #ifdef FIPS_POST_TIME
966                 clock_gettime(CLOCK_REALTIME, &start);
967 #endif
968                 break;
969
970                 case FIPS_POST_SUCCESS:
971                 printf("\t\t%s %s test OK\n", idstr, exstr);
972 #ifdef FIPS_POST_TIME
973                 clock_gettime(CLOCK_REALTIME, &end);
974                 printf("\t\t\tTook %f seconds\n",
975                         (double)((end.tv_sec+end.tv_nsec*1e-9)
976                         - (start.tv_sec+start.tv_nsec*1e-9)));
977 #endif
978                 break;
979
980                 case FIPS_POST_FAIL:
981                 printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
982                 break;
983
984                 case FIPS_POST_CORRUPT:
985                 if (fail_id == id
986                         && (fail_key == -1 || fail_key == keytype)
987                         && (fail_sub == -1 || fail_sub == subid))
988                         {
989                         printf("\t\t%s %s test failure induced\n", idstr, exstr);
990                         return 0;
991                         }
992                 break;
993
994                 }
995         return 1;
996         }
997
998 int main(int argc,char **argv)
999     {
1000     int bad_rsa = 0, bad_dsa = 0;
1001     int do_rng_stick = 0;
1002     int do_drbg_stick = 0;
1003     int no_exit = 0;
1004     int no_dh = 0;
1005
1006     FIPS_post_set_callback(post_cb);
1007
1008     printf("\tFIPS-mode test application\n");
1009
1010     printf("\t%s\n\n", FIPS_module_version_text());
1011
1012     if (argv[1]) {
1013         /* Corrupted KAT tests */
1014         if (!strcmp(argv[1], "integrity")) {
1015             fail_id = FIPS_TEST_INTEGRITY;
1016         } else if (!strcmp(argv[1], "aes")) {
1017             fail_id = FIPS_TEST_CIPHER;
1018             fail_sub = NID_aes_128_ecb; 
1019         } else if (!strcmp(argv[1], "aes-ccm")) {
1020             fail_id = FIPS_TEST_CCM;
1021         } else if (!strcmp(argv[1], "aes-gcm")) {
1022             fail_id = FIPS_TEST_GCM;
1023         } else if (!strcmp(argv[1], "aes-xts")) {
1024             fail_id = FIPS_TEST_XTS;
1025         } else if (!strcmp(argv[1], "des")) {
1026             fail_id = FIPS_TEST_CIPHER;
1027             fail_sub = NID_des_ede3_ecb;        
1028         } else if (!strcmp(argv[1], "dsa")) {
1029             fail_id = FIPS_TEST_SIGNATURE;
1030             fail_key = EVP_PKEY_DSA;    
1031         } else if (!strcmp(argv[1], "ecdh")) {
1032             fail_id = FIPS_TEST_ECDH;
1033         } else if (!strcmp(argv[1], "ecdsa")) {
1034             fail_id = FIPS_TEST_SIGNATURE;
1035             fail_key = EVP_PKEY_EC;     
1036         } else if (!strcmp(argv[1], "rsa")) {
1037             fail_id = FIPS_TEST_SIGNATURE;
1038             fail_key = EVP_PKEY_RSA;    
1039         } else if (!strcmp(argv[1], "rsakey")) {
1040             printf("RSA key generation and signature validation with corrupted key...\n");
1041             bad_rsa = 1;
1042             no_exit = 1;
1043         } else if (!strcmp(argv[1], "rsakeygen")) {
1044             fail_id = FIPS_TEST_PAIRWISE;
1045             fail_key = EVP_PKEY_RSA;
1046             no_exit = 1;
1047         } else if (!strcmp(argv[1], "dsakey")) {
1048             printf("DSA key generation and signature validation with corrupted key...\n");
1049             bad_dsa = 1;
1050             no_exit = 1;
1051         } else if (!strcmp(argv[1], "dsakeygen")) {
1052             fail_id = FIPS_TEST_PAIRWISE;
1053             fail_key = EVP_PKEY_DSA;
1054             no_exit = 1;
1055         } else if (!strcmp(argv[1], "sha1")) {
1056             fail_id = FIPS_TEST_DIGEST;
1057         } else if (!strcmp(argv[1], "hmac")) {
1058             fail_id = FIPS_TEST_HMAC;
1059         } else if (!strcmp(argv[1], "cmac")) {
1060             fail_id = FIPS_TEST_CMAC;
1061         } else if (!strcmp(argv[1], "drbg")) {
1062             fail_id = FIPS_TEST_DRBG;
1063         } else if (!strcmp(argv[1], "rng")) {
1064             fail_id = FIPS_TEST_X931;
1065         } else if (!strcmp(argv[1], "nodh")) {
1066             no_dh = 1;
1067             no_exit = 1;
1068         } else if (!strcmp(argv[1], "post")) {
1069             fail_id = -1;
1070         } else if (!strcmp(argv[1], "rngstick")) {
1071             do_rng_stick = 1;
1072             no_exit = 1;
1073             printf("RNG test with stuck continuous test...\n");
1074         } else if (!strcmp(argv[1], "drbgentstick")) {
1075                 do_entropy_stick();
1076         } else if (!strcmp(argv[1], "drbgstick")) {
1077             do_drbg_stick = 1;
1078             no_exit = 1;
1079             printf("DRBG test with stuck continuous test...\n");
1080         } else {
1081             printf("Bad argument \"%s\"\n", argv[1]);
1082             exit(1);
1083         }
1084         if (!no_exit) {
1085                 fips_algtest_init_nofips();
1086                 if (!FIPS_module_mode_set(1)) {
1087                     printf("Power-up self test failed\n");
1088                     exit(1);
1089                 }
1090                 printf("Power-up self test successful\n");
1091                 exit(0);
1092         }
1093     }
1094
1095     fips_algtest_init_nofips();
1096
1097     /* Non-Approved cryptographic operation
1098     */
1099     printf("1. Non-Approved cryptographic operation test...\n");
1100     if (no_dh)
1101         printf("\t D-H test skipped\n");
1102     else
1103         test_msg("\ta. Included algorithm (D-H)...", dh_test());
1104
1105     /* Power-up self test
1106     */
1107     ERR_clear_error();
1108     test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
1109     if (!FIPS_module_mode())
1110         exit(1);
1111     if (do_drbg_stick)
1112             FIPS_drbg_stick();
1113     if (do_rng_stick)
1114             FIPS_x931_stick();
1115
1116     /* AES encryption/decryption
1117     */
1118     test_msg("3a. AES encryption/decryption", FIPS_aes_test());
1119     /* AES GCM encryption/decryption
1120     */
1121     test_msg("3b. AES-GCM encryption/decryption", FIPS_aes_gcm_test());
1122
1123     /* RSA key generation and encryption/decryption
1124     */
1125     test_msg("4. RSA key generation and encryption/decryption",
1126                                                 FIPS_rsa_test(bad_rsa));
1127
1128     /* DES-CBC encryption/decryption
1129     */
1130     test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
1131
1132     /* DSA key generation and signature validation
1133     */
1134     test_msg("6. DSA key generation and signature validation",
1135                                                 FIPS_dsa_test(bad_dsa));
1136
1137     /* SHA-1 hash
1138     */
1139     test_msg("7a. SHA-1 hash", FIPS_sha1_test());
1140
1141     /* SHA-256 hash
1142     */
1143     test_msg("7b. SHA-256 hash", FIPS_sha256_test());
1144
1145     /* SHA-512 hash
1146     */
1147     test_msg("7c. SHA-512 hash", FIPS_sha512_test());
1148
1149     /* HMAC-SHA-1 hash
1150     */
1151     test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
1152
1153     /* HMAC-SHA-224 hash
1154     */
1155     test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
1156
1157     /* HMAC-SHA-256 hash
1158     */
1159     test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
1160
1161     /* HMAC-SHA-384 hash
1162     */
1163     test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
1164
1165     /* HMAC-SHA-512 hash
1166     */
1167     test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
1168
1169     /* CMAC-AES-128 hash
1170     */
1171     test_msg("8a. CMAC-AES-128 hash", FIPS_cmac_aes128_test());
1172
1173     /* CMAC-AES-192 hash
1174     */
1175     test_msg("8b. CMAC-AES-192 hash", FIPS_cmac_aes192_test());
1176
1177     /* CMAC-AES-256 hash
1178     */
1179     test_msg("8c. CMAC-AES-256 hash", FIPS_cmac_aes256_test());
1180
1181 # if 0                          /* Not a FIPS algorithm */
1182     /* CMAC-TDEA-2 hash
1183     */
1184     test_msg("8d. CMAC-TDEA-2 hash", FIPS_cmac_tdea2_test());
1185 #endif
1186
1187     /* CMAC-TDEA-3 hash
1188     */
1189     test_msg("8e. CMAC-TDEA-3 hash", FIPS_cmac_tdea3_test());
1190
1191     /* Non-Approved cryptographic operation
1192     */
1193     printf("9. Non-Approved cryptographic operation test...\n");
1194     printf("\ta. Included algorithm (D-H)...%s\n",
1195                 no_dh ? "skipped" :
1196                 dh_test() ? "successful as expected"
1197                                                 : Fail("failed INCORRECTLY!") );
1198
1199     /* Zeroization
1200     */
1201     printf("10. Zero-ization...\n\t%s\n",
1202                 Zeroize() ? "successful as expected"
1203                                         : Fail("failed INCORRECTLY!") );
1204
1205     printf("11. Complete DRBG health check...\n");
1206     printf("\t%s\n", FIPS_selftest_drbg_all() ? "successful as expected"
1207                                         : Fail("failed INCORRECTLY!") );
1208
1209     printf("12. DRBG generation check...\n");
1210     printf("\t%s\n", do_drbg_all() ? "successful as expected"
1211                                         : Fail("failed INCORRECTLY!") );
1212
1213     printf("\nAll tests completed with %d errors\n", Error);
1214     return Error ? 1 : 0;
1215     }
1216
1217 #endif