Indicate failure if any selftest fails.

author Dr. Stephen Henson <steve@openssl.org>

Wed, 15 Aug 2007 00:36:05 +0000 (00:36 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 15 Aug 2007 00:36:05 +0000 (00:36 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 15 Aug 2007 00:36:05 +0000 (00:36 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 15 Aug 2007 00:36:05 +0000 (00:36 +0000)
diff --git a/fips-1.0/dsa/fips_dsa_key.c b/fips-1.0/dsa/fips_dsa_key.c

index 3798f488fb3c6d17ae765640a5ae2b8243f0bace..b43b0c181e8d2fb468d0fbfb891e5aa73fdd3fac 100644 (file)
--- a/fips-1.0/dsa/fips_dsa_key.c
+++ b/fips-1.0/dsa/fips_dsa_key.c
@@ -65,6 +65,7 @@
  #include <openssl/err.h>
  #include <openssl/evp.h>
  #include <openssl/fips.h>
+#include "fips_locl.h"
  
  #ifdef OPENSSL_FIPS
  
@@ -81,6 +82,7 @@ int fips_check_dsa(DSA *dsa)
                                         NULL, 0, EVP_dss1(), 0, NULL))
                 {
                 FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+               fips_set_selftest_fail();
                 return 0;
                 }
         return 1;
diff --git a/fips-1.0/fips.c b/fips-1.0/fips.c

index 469e847f660854b11dc2790e68e2a81dd362296d..0518a2e97e7fbbe6dada7f1ad7eb77ad5bc6bceb 100644 (file)
--- a/fips-1.0/fips.c
+++ b/fips-1.0/fips.c
@@ -147,6 +147,11 @@ void FIPS_selftest_check(void)
         }
      }
  
+void fips_set_selftest_fail(void)
+    {
+    fips_selftest_fail = 1;
+    }
+
  int FIPS_selftest()
      {
  
diff --git a/fips-1.0/fips_locl.h b/fips-1.0/fips_locl.h

index 06cb64d8328990be2cfdf3d905382744a7315955..03fed36e3cfd90a955c77fad9e7bab84f4d17019 100644 (file)
--- a/fips-1.0/fips_locl.h
+++ b/fips-1.0/fips_locl.h
@@ -61,6 +61,7 @@ int fips_is_started(void);
  void fips_set_started(void);
  int fips_is_owning_thread(void);
  int fips_set_owning_thread(void);
+void fips_set_selftest_fail(void);
  int fips_clear_owning_thread(void);
  unsigned char *fips_signature_witness(void);
  
diff --git a/fips-1.0/fips_test_suite.c b/fips-1.0/fips_test_suite.c

index 7da954654e52a8a320414817a29656535c3d0302..3410f3449ffbadd3ef31bc08d33a88f411781317 100644 (file)
--- a/fips-1.0/fips_test_suite.c
+++ b/fips-1.0/fips_test_suite.c
@@ -100,7 +100,7 @@ static int FIPS_dsa_test()
      dsa = FIPS_dsa_new();
      if (!dsa)
         goto end;
-    if (!DSA_generate_parameters_ex(dsa, 512,NULL,0,NULL,NULL,NULL))
+    if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
         goto end;
      if (!DSA_generate_key(dsa))
         goto end;
@@ -354,7 +354,7 @@ static int dh_test()
      dh = FIPS_dh_new();
      if (!dh)
         return 0;
-    if (!DH_generate_parameters_ex(dh, 256, 2, NULL))
+    if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
         return 0;
      FIPS_dh_free(dh);
      return 1;
diff --git a/fips-1.0/rand/fips_rand.c b/fips-1.0/rand/fips_rand.c

index b4e83bca9eae4f647b4a9b6716d08ae9b8c7ab8d..478e836e6c39037a9c89524004dca0a6566bb2d7 100644 (file)
--- a/fips-1.0/rand/fips_rand.c
+++ b/fips-1.0/rand/fips_rand.c
@@ -77,6 +77,7 @@
  #endif
  #include <string.h>
  #include <openssl/fips.h>
+#include "fips_locl.h"
  
  #ifdef OPENSSL_FIPS
  
@@ -294,12 +295,14 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
                 for (i = 0; i < AES_BLOCK_LENGTH; i++)
                         tmp[i] = R[i] ^ I[i];
                 AES_encrypt(tmp, ctx->V, &ctx->ks);
+               /* Continuouse PRNG test */
                 if (ctx->second)
                         {
                         if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
                                 {
                                 RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
                                 ctx->error = 1;
+                               fips_set_selftest_fail();
                                 return 0;
                                 }
                         }
diff --git a/fips-1.0/rsa/fips_rsa_gen.c b/fips-1.0/rsa/fips_rsa_gen.c

index 7ea6873419432271484fdf7ec04c88625dd0359e..e384dcaba07ad3b7ce2d14b048036268598f822f 100644 (file)
--- a/fips-1.0/rsa/fips_rsa_gen.c
+++ b/fips-1.0/rsa/fips_rsa_gen.c
@@ -71,27 +71,66 @@
  #include <openssl/err.h>
  #include <openssl/evp.h>
  #include <openssl/fips.h>
+#include "fips_locl.h"
  
  #ifdef OPENSSL_FIPS
  
  int fips_check_rsa(RSA *rsa)
         {
         const unsigned char tbs[] = "RSA Pairwise Check Data";
+       unsigned char *ctbuf = NULL, *ptbuf = NULL;
+       int len, ret = 0;
         EVP_PKEY pk;
         pk.type = EVP_PKEY_RSA;
         pk.pkey.rsa = rsa;
  
+       /* Perform pairwise consistency signature test */
         if (!fips_pkey_signature_test(&pk, tbs, -1,
                         NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
                 || !fips_pkey_signature_test(&pk, tbs, -1,
                         NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
                 || !fips_pkey_signature_test(&pk, tbs, -1,
                         NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+               goto err;
+       /* Now perform pairwise consistency encrypt/decrypt test */
+       ctbuf = OPENSSL_malloc(RSA_size(rsa));
+       if (!ctbuf)
+               goto err;
+
+       len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
+       if (len <= 0)
+               goto err;
+       /* Check ciphertext doesn't match plaintext */
+       if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
+               goto err;
+       ptbuf = OPENSSL_malloc(RSA_size(rsa));
+
+       if (!ptbuf)
+               goto err;
+       len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+       if (len != (sizeof(tbs) - 1))
+               goto err;
+       if (memcmp(ptbuf, tbs, len))
+               goto err;
+
+       ret = 1;
+
+       if (!ptbuf)
+               goto err;
+       
+       err:
+       if (ret == 0)
                 {
+               fips_set_selftest_fail();
                 FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
-               return 0;
                 }
-       return 1;
+
+       if (ctbuf)
+               OPENSSL_free(ctbuf);
+       if (ptbuf)
+               OPENSSL_free(ptbuf);
+
+       return ret;
         }
  
  static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
diff --git a/fips-1.0/rsa/fips_rsa_sign.c b/fips-1.0/rsa/fips_rsa_sign.c

index 2236699c000a2bfcd54a4ed7110d2e0fa9f258fc..fd2d7309eb26ba09cf37c4795ce917b6e5c95b02 100644 (file)
--- a/fips-1.0/rsa/fips_rsa_sign.c
+++ b/fips-1.0/rsa/fips_rsa_sign.c
@@ -191,12 +191,12 @@ static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *l
  static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
              unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
         {
-       int i,j,ret=0;
+       int i=0,j,ret=0;
         unsigned int dlen;
         const unsigned char *der;
         unsigned int m_len;
         int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
-       int rsa_pad_mode;
+       int rsa_pad_mode = 0;
         RSA *rsa = sv->key;
         /* Largest DigestInfo: 19 (max encoding) + max MD */
         unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
@@ -301,7 +301,7 @@ static int fips_rsa_verify(int dtype,
         int i,ret=0;
         unsigned int dlen, diglen;
         int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
-       int rsa_pad_mode;
+       int rsa_pad_mode = 0;
         unsigned char *s;
         const unsigned char *der;
         unsigned char dig[EVP_MAX_MD_SIZE];
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 15 Aug 2007 00:36:05 +0000 (00:36 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 15 Aug 2007 00:36:05 +0000 (00:36 +0000)
fips-1.0/dsa/fips_dsa_key.c		patch \| blob \| history
fips-1.0/fips.c		patch \| blob \| history
fips-1.0/fips_locl.h		patch \| blob \| history
fips-1.0/fips_test_suite.c		patch \| blob \| history
fips-1.0/rand/fips_rand.c		patch \| blob \| history
fips-1.0/rsa/fips_rsa_gen.c		patch \| blob \| history
fips-1.0/rsa/fips_rsa_sign.c		patch \| blob \| history