Selftests.

2003-09-04 07:17:43 +00:00 · 2003-09-04 07:17:43 +00:00 · 1f1bd3a51a
commit 1f1bd3a51a
parent b2293a6cc6
14 changed files with 44 additions and 16 deletions
--- a/fips/aes/Makefile.ssl
+++ b/fips/aes/Makefile.ssl
@ -23,8 +23,8 @@ TEST=fips_aesavs.c fips_aes_data
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_aes_core.c
-LIBOBJ=fips_aes_core.o
+LIBSRC=fips_aes_core.c fips_aes_selftest.c
+LIBOBJ=fips_aes_core.o fips_aes_selftest.o

 SRC= $(LIBSRC)

--- a/fips/aes/fingerprint.sha1
+++ b/fips/aes/fingerprint.sha1
@ -1,2 +1,3 @@
 SHA1(fips_aes_core.c)= 5298df7807877eed470a1ee5f8331fc0876689da
+SHA1(fips_aes_selftest.c)= fb848010c088adbbfaf719ca77c91e8ae0932ce0
 SHA1(fips_aes_locl.h)= a3c01d9a4f9d5211e9e785852f6f1a2febfd73b6
--- a/fips/des/Makefile.ssl
+++ b/fips/des/Makefile.ssl
@ -23,8 +23,8 @@ TEST= fips_desmovs.c
 APPS=

 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_des_enc.c
-LIBOBJ=fips_des_enc.o
+LIBSRC=fips_des_enc.c fips_des_selftest.c
+LIBOBJ=fips_des_enc.o fips_des_selftest.o

 SRC= $(LIBSRC)

--- a/fips/des/fingerprint.sha1
+++ b/fips/des/fingerprint.sha1
@ -1,2 +1,3 @@
 SHA1(fips_des_enc.c)= a4b88bb16782604a298d74de04a8b3bc3a204c5a
+SHA1(fips_des_selftest.c)= 5638ae4d50be6110d9efbaa5e7e19c7e04c9940d
 SHA1(fips_des_locl.h)= 5e5128f074485e72d6fdee00d22d46a694bd5abe
--- a/fips/des/fips_desmovs.c
+++ b/fips/des/fips_desmovs.c
@ -667,7 +667,11 @@ int main(int argc, char **argv)
    int f_opt = 0, d_opt = 1;

 #ifdef FIPS
-    FIPS_mode_set(1);
+    if(!FIPS_mode_set(1))
+	{
+	fprintf(stderr,"Failed to enter FIPS mode.\n");
+	exit(1);
+	}
 #endif
    ERR_load_crypto_strings();
    if (argc > 1)
--- a/fips/dsa/.cvsignore
+++ b/fips/dsa/.cvsignore
@ -1,2 +1,3 @@
 Makefile.save
 lib
+fips_dssvs
--- a/fips/fingerprint.sha1
+++ b/fips/fingerprint.sha1
@ -1,4 +1,4 @@
-SHA1(fips.c)= 39f2919005cb5c8d3b806b52d81a9247804dbe64
+SHA1(fips.c)= dfb2a82fcff1ee84b7674d84a0e0bf191cb759f3
 SHA1(fips_err_wrapper.c)= 0cbe881739f6e7d91308e2e74b92032e69007528
-SHA1(fips.h)= 53ce62539f2b69141693d427af9a4c4abc822cd0
-SHA1(fips_err.c)= 197ccc595c33079de87ae02da868808a9ca60648
+SHA1(fips.h)= 5dc66fb941513cb732c51eeca6f44018d4acd7ae
+SHA1(fips_err.c)= 672c470bf38e01ba2a1fa2d52492bc31330dd974
--- a/fips/fips.c
+++ b/fips/fips.c
@ -53,16 +53,26 @@

 #ifdef FIPS

-void FIPS_mode_set(int onoff)
+int FIPS_selftest()
+    {
+    return FIPS_selftest_sha1()
+	&& FIPS_selftest_aes()
+	&& FIPS_selftest_des();
+    }
+
+int FIPS_mode_set(int onoff)
    {
    FIPS_mode=onoff;
    if(onoff)
 	{
 	FIPS_rand_check=&rand_fips_meth;
 	RAND_set_rand_method(&rand_fips_meth);
+	return FIPS_selftest();
 	}
+    return 1;
    }

+
 #if 0
 /* here just to cause error codes to exist */
 static void dummy()
--- a/fips/fips.h
+++ b/fips/fips.h
@ -55,8 +55,11 @@ extern int FIPS_mode;
 extern void *FIPS_rand_check;
 struct dsa_st;

-void FIPS_mode_set(int onoff);
+int FIPS_mode_set(int onoff);
 int FIPS_dsa_check(struct dsa_st *dsa);
+int FIPS_selftest_sha1(void);
+int FIPS_selftest_aes(void);
+int FIPS_selftest_des(void);

 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@ -73,11 +76,14 @@ void ERR_load_FIPS_strings(void);

 /* Function codes. */
 #define FIPS_F_FIPS_DSA_CHECK				 102
+#define FIPS_F_FIPS_SELFTEST_AES			 104
+#define FIPS_F_FIPS_SELFTEST_SHA1			 103
 #define FIPS_F_HASH_FINAL				 100
 #define FIPS_F_SSLEAY_RAND_BYTES			 101

 /* Reason codes. */
 #define FIPS_R_NON_FIPS_METHOD				 100
+#define FIPS_R_SELFTEST_FAILED				 101

 #ifdef  __cplusplus
 }
--- a/fips/fips_err.c
+++ b/fips/fips_err.c
@ -1,6 +1,6 @@
 /* fips/fips_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -67,6 +67,8 @@
 static ERR_STRING_DATA FIPS_str_functs[]=
 	{
 {ERR_PACK(0,FIPS_F_FIPS_DSA_CHECK,0),	"FIPS_dsa_check"},
+{ERR_PACK(0,FIPS_F_FIPS_SELFTEST_AES,0),	"FIPS_selftest_aes"},
+{ERR_PACK(0,FIPS_F_FIPS_SELFTEST_SHA1,0),	"FIPS_selftest_sha1"},
 {ERR_PACK(0,FIPS_F_HASH_FINAL,0),	"HASH_FINAL"},
 {ERR_PACK(0,FIPS_F_SSLEAY_RAND_BYTES,0),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
@ -75,6 +77,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 static ERR_STRING_DATA FIPS_str_reasons[]=
 	{
 {FIPS_R_NON_FIPS_METHOD                  ,"non fips method"},
+{FIPS_R_SELFTEST_FAILED                  ,"selftest failed"},
 {0,NULL}
 	};

--- a/fips/fips_make_sha1
+++ b/fips/fips_make_sha1
@ -12,13 +12,13 @@ cd rand
 $S fips_rand.c fips_rand.h > fingerprint.sha1

 cd ../sha1
-$S fips_sha1dgst.c fips_sha_locl.h fips_md32_common.h > fingerprint.sha1
+$S fips_sha1dgst.c fips_sha1_selftest.c fips_sha_locl.h fips_md32_common.h > fingerprint.sha1

 cd ../aes
-$S fips_aes_core.c fips_aes_locl.h > fingerprint.sha1
+$S fips_aes_core.c fips_aes_selftest.c fips_aes_locl.h > fingerprint.sha1

 cd ../dsa
 $S fips_dsa_ossl.c fips_dsa_gen.c > fingerprint.sha1

 cd ../des
-$S fips_des_enc.c fips_des_locl.h > fingerprint.sha1
+$S fips_des_enc.c fips_des_selftest.c fips_des_locl.h > fingerprint.sha1
--- a/fips/sha1/.cvsignore
+++ b/fips/sha1/.cvsignore
@ -1,3 +1,4 @@
 Makefile.save
 lib
 fips_standalone_sha1
+fips_sha1test
--- a/fips/sha1/Makefile.ssl
+++ b/fips/sha1/Makefile.ssl
@ -24,8 +24,8 @@ APPS=
 EXE= fips_standalone_sha1

 LIB=$(TOP)/libcrypto.a
-LIBSRC=fips_sha1dgst.c
-LIBOBJ=fips_sha1dgst.o
+LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c
+LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o

 SRC= $(LIBSRC) fips_standalone_sha1.c

--- a/fips/sha1/fingerprint.sha1
+++ b/fips/sha1/fingerprint.sha1
@ -1,3 +1,4 @@
 SHA1(fips_sha1dgst.c)= 609e2cbf5d3cdcf318ec10238a0e82b93b78e6b5
+SHA1(fips_sha1_selftest.c)= d1becdceec9f08d2cd9ab22238a3f5941a98dd01
 SHA1(fips_sha_locl.h)= 677427c495b571991f013939ea7e5dea87828f8c
 SHA1(fips_md32_common.h)= 4f41bcde24750b3b8c99a06bcba2fe06ff8db4d0