Revise fips_test_suite to use table of IDs for human readable strings.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 14 Apr 2011 16:14:41 +0000 (16:14 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 14 Apr 2011 16:14:41 +0000 (16:14 +0000)
Modify HMAC selftest callbacks to notify each digest type used.

fips/aes/fips_aes_selftest.c
fips/fips_test_suite.c
fips/hmac/fips_hmac_selftest.c

index 8b0ffaf..b84eda4 100644 (file)
@@ -134,7 +134,7 @@ int FIPS_selftest_aes_gcm(void)
        memset(tag, 0, sizeof(tag));
        if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
                return 1;
-       if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
+       if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
                do_corrupt = 1;
        if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
                goto err;
index 40676ae..c14ecb3 100644 (file)
@@ -665,42 +665,39 @@ static void test_msg(const char *msg, int result)
        printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
        }
 
-static const char *post_get_sig(int id)
-       {
-       switch (id)
-               {
-               case EVP_PKEY_RSA:
-               return " (RSA)";
-
-               case EVP_PKEY_DSA:
-               return " (DSA)";
-
-               case EVP_PKEY_EC:
-               return " (ECDSA)";
-
-               default:
-               return " (UNKNOWN)";
+/* Table of IDs for POST translating between NIDs and names */
 
-               }
-       }
-
-static const char *post_get_cipher(int id)
+typedef struct 
        {
-       static char out[128];
-       switch(id)
+       int id;
+       const char *name;
+       } POST_ID;
+
+POST_ID id_list[] = {
+       {NID_sha1, "SHA1"},
+       {NID_sha224, "SHA224"},
+       {NID_sha256, "SHA256"},
+       {NID_sha384, "SHA384"},
+       {NID_sha512, "SHA512"},
+       {EVP_PKEY_RSA, "RSA"},
+       {EVP_PKEY_DSA, "DSA"},
+       {EVP_PKEY_EC, "ECDSA"},
+       {NID_aes_128_ecb, "AES-128-ECB"},
+       {NID_des_ede3_ecb, "DES-EDE3-ECB"},
+       {0, NULL}
+};
+
+static const char *lookup_id(int id)
+       {
+       POST_ID *n;
+       static char out[40];
+       for (n = id_list; n->name; n++)
                {
-
-               case NID_aes_128_ecb:
-               return " (AES-128-ECB)";
-
-               case NID_des_ede3_ecb:
-               return " (DES-EDE3-ECB)";
-               
-               default:
-               sprintf(out, " (NID=%d)", id);
-               return out;
-
+               if (n->id == id)
+                       return n->name;
                }
+       sprintf(out, "ID=%d\n", id);
+       return out;
        }
 
 static int fail_id = -1;
@@ -719,12 +716,11 @@ static int post_cb(int op, int id, int subid, void *ex)
 
                case FIPS_TEST_DIGEST:
                idstr = "Digest";
-               if (subid == NID_sha1)
-                       exstr = " (SHA1)";
+               exstr = lookup_id(subid);
                break;
 
                case FIPS_TEST_CIPHER:
-               exstr = post_get_cipher(subid);
+               exstr = lookup_id(subid);
                idstr = "Cipher";
                break;
 
@@ -733,12 +729,13 @@ static int post_cb(int op, int id, int subid, void *ex)
                        {
                        EVP_PKEY *pkey = ex;
                        keytype = pkey->type;
-                       exstr = post_get_sig(keytype);
+                       exstr = lookup_id(keytype);
                        }
                idstr = "Signature";
                break;
 
                case FIPS_TEST_HMAC:
+               exstr = lookup_id(subid);
                idstr = "HMAC";
                break;
 
@@ -747,11 +744,11 @@ static int post_cb(int op, int id, int subid, void *ex)
                break;
 
                case FIPS_TEST_GCM:
-               idstr = "HMAC";
+               idstr = "GCM";
                break;
 
                case FIPS_TEST_CCM:
-               idstr = "HMAC";
+               idstr = "CCM";
                break;
 
                case FIPS_TEST_XTS:
@@ -771,7 +768,7 @@ static int post_cb(int op, int id, int subid, void *ex)
                        {
                        EVP_PKEY *pkey = ex;
                        keytype = pkey->type;
-                       exstr = post_get_sig(keytype);
+                       exstr = lookup_id(keytype);
                        }
                idstr = "Pairwise Consistency";
                break;
@@ -797,15 +794,15 @@ static int post_cb(int op, int id, int subid, void *ex)
                break;
 
                case FIPS_POST_STARTED:
-               printf("\t\t%s%s test started\n", idstr, exstr);
+               printf("\t\t%s %s test started\n", idstr, exstr);
                break;
 
                case FIPS_POST_SUCCESS:
-               printf("\t\t%s%s test OK\n", idstr, exstr);
+               printf("\t\t%s %s test OK\n", idstr, exstr);
                break;
 
                case FIPS_POST_FAIL:
-               printf("\t\t%s%s test FAILED!!\n", idstr, exstr);
+               printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
                break;
 
                case FIPS_POST_CORRUPT:
@@ -813,7 +810,7 @@ static int post_cb(int op, int id, int subid, void *ex)
                        && (fail_key == -1 || fail_key == keytype)
                        && (fail_sub == -1 || fail_sub == subid))
                        {
-                       printf("\t\t%s%s test failure induced\n", idstr, exstr);
+                       printf("\t\t%s %s test failure induced\n", idstr, exstr);
                        return 0;
                        }
                break;
@@ -822,8 +819,6 @@ static int post_cb(int op, int id, int subid, void *ex)
        return 1;
        }
 
-
-
 int main(int argc,char **argv)
     {
     int bad_rsa = 0, bad_dsa = 0;
index fd81890..34ac247 100644 (file)
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -119,46 +119,58 @@ int FIPS_selftest_hmac()
        unsigned char   out[EVP_MAX_MD_SIZE];
        const EVP_MD   *md;
        const HMAC_KAT *t;
-       int rv = 0, do_corrupt = 0;
+       int rv = 1, subid;
        HMAC_CTX c;
        HMAC_CTX_init(&c);
 
-       if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
-               return 1;
-       if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
-               do_corrupt = 1;
 
        for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
                {
                md = (*t->alg)();
+               subid = M_EVP_MD_type(md);
+               if (!fips_post_started(FIPS_TEST_HMAC, subid, 0))
+                       continue;
                if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
+                       {
+                       rv = -1;
                        goto err;
+                       }
                if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
+                       {
+                       rv = -1;
                        goto err;
-               if (do_corrupt)
+                       }
+               if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL))
                        {
                        if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
+                               {
+                               rv = -1;
                                goto err;
+                               }
                        }
                if (!HMAC_Final(&c, out, &outlen))
+                       {
+                       rv = -1;
                        goto err;
+                       }
 
                if(memcmp(out,t->kaval,outlen))
                        {
                        FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
-                       goto err;
+                       fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
+                       rv = 0;
                        }
+               if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
+                       goto err;
                }
 
-       rv = 1;
-
        err:
        HMAC_CTX_cleanup(&c);
-       if (rv == 0)
+       if (rv == -1)
                {
-               fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
-               return 0;
+               fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
+               rv = 0;
                }
-       return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
+       return rv;
        }
 #endif