generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updates from fips2 branch: close streams in test utilities, use cofactor ECDH

Browse Source 
add new key and signature generation tests to fips_test_suite.
This commit is contained in:
Dr. Stephen Henson 2011-12-10 13:38:34 +00:00
parent a3a2e3a43d
commit 4fa35e7336
5 changed files with 89 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fips/dh/fips_dhvs.c
View File

@ -279,6 +279,10 @@ int main(int argc, char **argv)
rhash, rhashlen); rhash, rhashlen);
} }
} }
if (in && in != stdin)
fclose(in);
if (out && out != stdout)
fclose(out);
return 0; return 0;
parse_error: parse_error:
fprintf(stderr, "Error Parsing request file\n"); fprintf(stderr, "Error Parsing request file\n");

2
fips/ecdh/fips_ecdh_selftest.c
View File

@ -166,6 +166,7 @@ int FIPS_selftest_ecdh(void)
rv = -1; rv = -1;
goto err; goto err;
} }
EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y)) if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
{ {
@ -194,6 +195,7 @@ int FIPS_selftest_ecdh(void)
rv = -1; rv = -1;
goto err; goto err;
} }
EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y)) if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
{ {

10
fips/ecdh/fips_ecdhvs.c
View File

@ -261,6 +261,7 @@ static void ec_output_Zhash(FILE *out, int exout, EC_GROUP *group,
unsigned char chash[EVP_MAX_MD_SIZE]; unsigned char chash[EVP_MAX_MD_SIZE];
int Zlen; int Zlen;
ec = EC_KEY_new(); ec = EC_KEY_new();
EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
EC_KEY_set_group(ec, group); EC_KEY_set_group(ec, group);
peerkey = make_peer(group, cx, cy); peerkey = make_peer(group, cx, cy);
if (rhash == NULL) if (rhash == NULL)
@ -413,6 +414,11 @@ int main(int argc, char **argv)
if (group) if (group)
EC_GROUP_free(group); EC_GROUP_free(group);
group = EC_GROUP_new_by_curve_name(nid); group = EC_GROUP_new_by_curve_name(nid);
if (!group)
{
fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
return 1;
}
} }
if (strlen(buf) > 6 && !strncmp(buf, "[E", 2)) if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
@ -478,6 +484,10 @@ int main(int argc, char **argv)
BN_free(cy); BN_free(cy);
if (group) if (group)
EC_GROUP_free(group); EC_GROUP_free(group);
if (in && in != stdin)
fclose(in);
if (out && out != stdout)
fclose(out);
if (rv) if (rv)
fprintf(stderr, "Error Parsing request file\n"); fprintf(stderr, "Error Parsing request file\n");
return rv; return rv;

69
fips/fips_test_suite.c
View File

@ -650,6 +650,13 @@ static size_t drbg_test_cb(DRBG_CTX *ctx, unsigned char **pout,
return (min_len + 0xf) & ~0xf; return (min_len + 0xf) & ~0xf;
} }
/* Callback which returns 0 to indicate entropy source failure */
static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
return 0;
}
/* DRBG test: just generate lots of data and trigger health checks */ /* DRBG test: just generate lots of data and trigger health checks */
static int do_drbg_test(int type, int flags) static int do_drbg_test(int type, int flags)
@ -1036,7 +1043,7 @@ static int do_fail_all(int fullpost, int fullerr)
size_t i; size_t i;
RSA *rsa = NULL; RSA *rsa = NULL;
DSA *dsa = NULL; DSA *dsa = NULL;
DRBG_CTX *dctx = NULL; DRBG_CTX *dctx = NULL, *defctx = NULL;
EC_KEY *ec = NULL; EC_KEY *ec = NULL;
BIGNUM *bn = NULL; BIGNUM *bn = NULL;
unsigned char out[10]; unsigned char out[10];
@ -1133,6 +1140,9 @@ static int do_fail_all(int fullpost, int fullerr)
else else
printf("\tECDSA key generation failed as expected.\n"); printf("\tECDSA key generation failed as expected.\n");
FIPS_ec_key_free(ec);
ec = NULL;
fail_id = -1; fail_id = -1;
fail_sub = -1; fail_sub = -1;
fail_key = -1; fail_key = -1;
@ -1241,6 +1251,63 @@ static int do_fail_all(int fullpost, int fullerr)
printf("\tX9.31 continuous PRNG failed as expected\n"); printf("\tX9.31 continuous PRNG failed as expected\n");
FIPS_x931_stick(0); FIPS_x931_stick(0);
/* Leave FIPS mode to clear error */
FIPS_module_mode_set(0, NULL);
/* Enter FIPS mode successfully */
if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
{
printf("\tError entering FIPS mode\n");
st_err++;
}
printf(" Testing operation failure with DRBG entropy failure\n");
/* Generate DSA key for later use */
if (DSA_generate_key(dsa))
printf("\tDSA key generated OK as expected.\n");
else
{
printf("\tDSA key generation FAILED!!\n");
st_err++;
}
/* Initialise default DRBG context */
defctx = FIPS_get_default_drbg();
if (!defctx)
return 0;
if (!FIPS_drbg_init(defctx, NID_sha512, 0))
return 0;
/* Set entropy failure callback */
FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
{
printf("\tDRBG entropy fail OK incorrectly!!\n");
st_err++;
}
else
printf("\tDRBG entropy fail failed as expected\n");
if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
{
printf("\tDSA signing OK incorrectly!!\n");
st_err++;
}
else
printf("\tDSA signing failed as expected\n");
ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (!ec)
return 0;
if (EC_KEY_generate_key(ec))
{
printf("\tECDSA key generated OK incorrectly!!\n");
st_err++;
}
else
printf("\tECDSA key generation failed as expected.\n");
printf(" Induced failure test completed with %d errors\n", st_err); printf(" Induced failure test completed with %d errors\n", st_err);
post_quiet = 0; post_quiet = 0;
no_err = 0; no_err = 0;

6
fips/rand/fips_drbgvs.c
View File

@ -176,7 +176,7 @@ int fips_drbgvs_main(int argc,char **argv)
int main(int argc,char **argv) int main(int argc,char **argv)
#endif #endif
{ {
FILE *in, *out; FILE *in = NULL, *out = NULL;
DRBG_CTX *dctx = NULL; DRBG_CTX *dctx = NULL;
TEST_ENT t; TEST_ENT t;
int r, nid = 0; int r, nid = 0;
@ -406,6 +406,10 @@ int main(int argc,char **argv)
} }
} }
if (in && in != stdin)
fclose(in);
if (out && out != stdout)
fclose(out);
return 0; return 0;
} }