Check for selftest failure in various places.

[openssl.git] / fips / fips_test_suite.c

diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c
index c768de75ebb21f46f5e1048fa05474ddfac09549..b7aea4e9cda1e630d1835660288bffa92288b1dc 100644 (file)
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -798,6 +798,7 @@ POST_ID id_list[] = {
        {NID_des_ede3_ecb, "DES-EDE3-ECB"},
        {NID_secp224r1, "P-224"},
        {NID_sect233r1, "B-233"},
+       {NID_sect233k1, "K-233"},
        {NID_X9_62_prime256v1, "P-256"},
        {NID_secp384r1, "P-384"},
        {NID_secp521r1, "P-521"},
@@ -850,7 +851,17 @@ static int post_cb(int op, int id, int subid, void *ex)
                        {
                        EVP_PKEY *pkey = ex;
                        keytype = pkey->type;
-                       exstr = lookup_id(keytype);
+                       if (keytype == EVP_PKEY_EC)
+                               {
+                               const EC_GROUP *grp;
+                               int cnid;
+                               grp = EC_KEY_get0_group(pkey->pkey.ec);
+                               cnid = EC_GROUP_get_curve_name(grp);
+                               sprintf(asctmp, "ECDSA %s", lookup_id(cnid));
+                               exstr = asctmp;
+                               }
+                       else
+                               exstr = lookup_id(keytype);
                        }
                idstr = "Signature";
                break;
@@ -991,6 +1002,7 @@ int main(int argc,char **argv)
     int do_drbg_stick = 0;
     int no_exit = 0;
     int no_dh = 0;
+    char *pass = FIPS_AUTH_USER_PASS;
 
     FIPS_post_set_callback(post_cb);
 
@@ -1017,6 +1029,8 @@ int main(int argc,char **argv)
         } else if (!strcmp(argv[1], "dsa")) {
            fail_id = FIPS_TEST_SIGNATURE;
            fail_key = EVP_PKEY_DSA;    
+        } else if (!strcmp(argv[1], "ecdh")) {
+           fail_id = FIPS_TEST_ECDH;
         } else if (!strcmp(argv[1], "ecdsa")) {
            fail_id = FIPS_TEST_SIGNATURE;
            fail_key = EVP_PKEY_EC;     
@@ -1064,13 +1078,21 @@ int main(int argc,char **argv)
            do_drbg_stick = 1;
            no_exit = 1;
            printf("DRBG test with stuck continuous test...\n");
+       } else if (!strcmp(argv[1], "user")) {
+               pass = FIPS_AUTH_USER_PASS;
+       } else if (!strcmp(argv[1], "officer")) {
+               pass = FIPS_AUTH_OFFICER_PASS;
+       } else if (!strcmp(argv[1], "badpass")) {
+               pass = "bad invalid password";
+       } else if (!strcmp(argv[1], "nopass")) {
+               pass = "";
         } else {
             printf("Bad argument \"%s\"\n", argv[1]);
             exit(1);
         }
        if (!no_exit) {
                fips_algtest_init_nofips();
-               if (!FIPS_module_mode_set(1)) {
+               if (!FIPS_module_mode_set(1, pass)) {
                    printf("Power-up self test failed\n");
                    exit(1);
                }
@@ -1092,7 +1114,7 @@ int main(int argc,char **argv)
     /* Power-up self test
     */
     ERR_clear_error();
-    test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1));
+    test_msg("2. Automatic power-up self test", FIPS_module_mode_set(1, pass));
     if (!FIPS_module_mode())
        exit(1);
     if (do_drbg_stick)