generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add new POST support to X9.31 PRNG.

Browse Source
This commit is contained in:
Dr. Stephen Henson
2011-04-14 18:29:49 +00:00
parent 8f331999f5
commit 706735aea3
3 changed files with 26 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
fips/fips.h
View File

@@ -79,7 +79,6 @@ int FIPS_selftest_des(void);
int FIPS_selftest_rsa(void); int FIPS_selftest_rsa(void);
int FIPS_selftest_dsa(void); int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void); int FIPS_selftest_ecdsa(void);
void FIPS_corrupt_x931(void);
void FIPS_corrupt_drbg(void); void FIPS_corrupt_drbg(void);
void FIPS_x931_stick(void); void FIPS_x931_stick(void);
void FIPS_drbg_stick(void); void FIPS_drbg_stick(void);

5
fips/fips_test_suite.c
View File

@@ -711,6 +711,7 @@ static int fail_key = -1;
static int post_cb(int op, int id, int subid, void *ex) static int post_cb(int op, int id, int subid, void *ex)
{ {
const char *idstr, *exstr = ""; const char *idstr, *exstr = "";
char asctmp[20];
int keytype = -1; int keytype = -1;
switch(id) switch(id)
{ {
@@ -762,6 +763,8 @@ static int post_cb(int op, int id, int subid, void *ex)
case FIPS_TEST_X931: case FIPS_TEST_X931:
idstr = "X9.31 PRNG"; idstr = "X9.31 PRNG";
sprintf(asctmp, "keylen=%d", subid);
exstr = asctmp;
break; break;
case FIPS_TEST_DRBG: case FIPS_TEST_DRBG:
@@ -883,7 +886,7 @@ int main(int argc,char **argv)
} else if (!strcmp(argv[1], "drbg")) { } else if (!strcmp(argv[1], "drbg")) {
FIPS_corrupt_drbg(); FIPS_corrupt_drbg();
} else if (!strcmp(argv[1], "rng")) { } else if (!strcmp(argv[1], "rng")) {
FIPS_corrupt_x931(); fail_id = FIPS_TEST_X931;
} else if (!strcmp(argv[1], "rngstick")) { } else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1; do_rng_stick = 1;
no_exit = 1; no_exit = 1;

38
fips/rand/fips_rand_selftest.c
View File

@@ -54,6 +54,7 @@
#include <openssl/fips.h> #include <openssl/fips.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/fips_rand.h> #include <openssl/fips_rand.h>
#include "fips_locl.h"
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
@@ -324,11 +325,6 @@ static AES_PRNG_TV aes_256_tv[] = {
}; };
void FIPS_corrupt_x931()
{
aes_192_tv[0].V[0]++;
}
#define fips_x931_test(key, tv) \ #define fips_x931_test(key, tv) \
do_x931_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV)) do_x931_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
@@ -336,38 +332,48 @@ static int do_x931_test(unsigned char *key, int keylen,
AES_PRNG_TV *tv, int ntv) AES_PRNG_TV *tv, int ntv)
{ {
unsigned char R[16]; unsigned char R[16];
int i; int i, rv = 1;
if (!FIPS_x931_set_key(key, keylen)) if (!FIPS_x931_set_key(key, keylen))
return 0; return 0;
for (i = 0; i < ntv; i++) for (i = 0; i < ntv; i++)
{ {
if (!fips_post_started(FIPS_TEST_X931, keylen, NULL))
return 1;
if (!fips_post_corrupt(FIPS_TEST_X931, keylen, NULL))
tv[i].V[0]++;
FIPS_x931_seed(tv[i].V, 16); FIPS_x931_seed(tv[i].V, 16);
FIPS_x931_set_dt(tv[i].DT); FIPS_x931_set_dt(tv[i].DT);
FIPS_x931_bytes(R, 16); FIPS_x931_bytes(R, 16);
if (memcmp(R, tv[i].R, 16)) if (memcmp(R, tv[i].R, 16))
{
fips_post_failed(FIPS_TEST_X931, keylen, NULL);
rv = 0;
}
else if (!fips_post_success(FIPS_TEST_X931, keylen, NULL))
return 0; return 0;
} }
return 1; return rv;
} }
int FIPS_selftest_x931() int FIPS_selftest_x931()
{ {
int rv = 1;
FIPS_x931_reset(); FIPS_x931_reset();
if (!FIPS_x931_test_mode()) if (!FIPS_x931_test_mode())
{ {
FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED); FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
return 0; return 0;
} }
if (!fips_x931_test(aes_128_key,aes_128_tv) if (!fips_x931_test(aes_128_key,aes_128_tv))
|| !fips_x931_test(aes_192_key, aes_192_tv) rv = 0;
|| !fips_x931_test(aes_256_key, aes_256_tv)) if (!fips_x931_test(aes_192_key, aes_192_tv))
{ rv = 0;
FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED); if (!fips_x931_test(aes_256_key, aes_256_tv))
return 0; rv = 0;
}
FIPS_x931_reset(); FIPS_x931_reset();
return 1; if (!rv)
FIPSerr(FIPS_F_FIPS_SELFTEST_X931,FIPS_R_SELFTEST_FAILED);
return rv;
} }
#endif #endif