X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Frand%2Ffips_drbgvs.c;h=db05d4048450c3d30ea306cd4908c176f952c21b;hp=c60b80bf2f1a2bcad6dc3535e35fe6e8fa6ad03a;hb=7fdcb45745c01b90b256fe97e87eae31453e11e6;hpb=1b76fac5ae55d2d307f635af4775a7c9149c8551 diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c index c60b80bf2f..db05d40484 100644 --- a/fips/rand/fips_drbgvs.c +++ b/fips/rand/fips_drbgvs.c @@ -100,6 +100,27 @@ static int parse_md(char *str) return NID_undef; } +static int parse_ec(char *str) + { + int curve_nid, md_nid; + char *md; + md = strchr(str, ' '); + if (!md) + return NID_undef; + if (!strncmp(str, "[P-256", 6)) + curve_nid = NID_X9_62_prime256v1; + else if (!strncmp(str, "[P-384", 6)) + curve_nid = NID_secp384r1; + else if (!strncmp(str, "[P-521", 6)) + curve_nid = NID_secp521r1; + else + return NID_undef; + md_nid = parse_md(md); + if (md_nid == NID_undef) + return NID_undef; + return (curve_nid << 16) | md_nid; + } + static int parse_aes(char *str, int *pdf) { @@ -123,8 +144,6 @@ static int parse_aes(char *str, int *pdf) return NID_undef; } - - return NID_undef; } typedef struct @@ -135,19 +154,19 @@ typedef struct size_t noncelen; } TEST_ENT; -static size_t test_entropy(DRBG_CTX *dctx, unsigned char *out, +static size_t test_entropy(DRBG_CTX *dctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { TEST_ENT *t = FIPS_drbg_get_app_data(dctx); - memcpy(out, t->ent, t->entlen); + *pout = (unsigned char *)t->ent; return t->entlen; } -static size_t test_nonce(DRBG_CTX *dctx, unsigned char *out, +static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { TEST_ENT *t = FIPS_drbg_get_app_data(dctx); - memcpy(out, t->nonce, t->noncelen); + *pout = (unsigned char *)t->nonce; return t->noncelen; } @@ -156,9 +175,9 @@ static size_t test_nonce(DRBG_CTX *dctx, unsigned char *out, int main(int argc,char **argv) { FILE *in, *out; - DRBG_CTX *dctx; + DRBG_CTX *dctx = NULL; TEST_ENT t; - int r, nid; + int r, nid = 0; int pr = 0; char buf[2048], lbuf[2048]; unsigned char randout[2048]; @@ -166,13 +185,16 @@ int main(int argc,char **argv) unsigned char *ent = NULL, *nonce = NULL, *pers = NULL, *adin = NULL; long entlen, noncelen, perslen, adinlen; - int df; + int df = 0; + + enum dtype { DRBG_NONE, DRBG_CTR, DRBG_HASH, DRBG_HMAC, DRBG_DUAL_EC } + drbg_type = DRBG_NONE; int randoutlen = 0; int gen = 0; - fips_set_error_print(); + fips_algtest_init(); if (argc == 3) { @@ -203,11 +225,52 @@ int main(int argc,char **argv) while (fgets(buf, sizeof(buf), in) != NULL) { fputs(buf, out); + if (drbg_type == DRBG_NONE) + { + if (strstr(buf, "CTR_DRBG")) + drbg_type = DRBG_CTR; + else if (strstr(buf, "Hash_DRBG")) + drbg_type = DRBG_HASH; + else if (strstr(buf, "HMAC_DRBG")) + drbg_type = DRBG_HMAC; + else if (strstr(buf, "Dual_EC_DRBG")) + drbg_type = DRBG_DUAL_EC; + else + continue; + } if (strlen(buf) > 4 && !strncmp(buf, "[SHA-", 5)) { nid = parse_md(buf); if (nid == NID_undef) exit(1); + if (drbg_type == DRBG_HMAC) + { + switch (nid) + { + case NID_sha1: + nid = NID_hmacWithSHA1; + break; + + case NID_sha224: + nid = NID_hmacWithSHA224; + break; + + case NID_sha256: + nid = NID_hmacWithSHA256; + break; + + case NID_sha384: + nid = NID_hmacWithSHA384; + break; + + case NID_sha512: + nid = NID_hmacWithSHA512; + break; + + default: + exit(1); + } + } } if (strlen(buf) > 12 && !strncmp(buf, "[AES-", 5)) { @@ -215,6 +278,12 @@ int main(int argc,char **argv) if (nid == NID_undef) exit(1); } + if (strlen(buf) > 12 && !strncmp(buf, "[P-", 3)) + { + nid = parse_ec(buf); + if (nid == NID_undef) + exit(1); + } if (!parse_line(&keyword, &value, lbuf, buf)) continue; @@ -245,13 +314,14 @@ int main(int argc,char **argv) if (!strcmp(keyword, "PersonalizationString")) { pers = hex2bin_m(value, &perslen); - dctx = FIPS_drbg_new(nid, df); + dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST); if (!dctx) exit (1); - FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce); + FIPS_drbg_set_callbacks(dctx, test_entropy, 0, 0, + test_nonce, 0); FIPS_drbg_set_app_data(dctx, &t); randoutlen = (int)FIPS_drbg_get_blocklength(dctx); - r = FIPS_drbg_instantiate(dctx, 0, pers, perslen); + r = FIPS_drbg_instantiate(dctx, pers, perslen); if (!r) { fprintf(stderr, "Error instantiating DRBG\n");