#include <openssl/fips.h>
#include <openssl/evp.h>
-static int fips_dsa_pairwise_fail = 0;
-
-void FIPS_corrupt_dsa_keygen(void)
- {
- fips_dsa_pairwise_fail = 1;
- }
-
static int fips_check_dsa(DSA *dsa)
{
EVP_PKEY pk;
dsa->priv_key=priv_key;
dsa->pub_key=pub_key;
#ifdef OPENSSL_FIPS
- if (fips_dsa_pairwise_fail)
- BN_add_word(dsa->pub_key, 1);
if(!fips_check_dsa(dsa))
{
dsa->pub_key = NULL;
#include <openssl/evp.h>
-static int fips_ec_pairwise_fail = 0;
-
-void FIPS_corrupt_ec_keygen(void)
- {
- fips_ec_pairwise_fail = 1;
- }
-
static int fips_check_ec(EC_KEY *key)
{
EVP_PKEY pk;
eckey->pub_key = pub_key;
#ifdef OPENSSL_FIPS
- if (fips_ec_pairwise_fail)
- BN_add_word(eckey->priv_key, 1);
if(!fips_check_ec(eckey))
{
eckey->priv_key = NULL;
#include <openssl/fips.h>
#include <openssl/evp.h>
-static int fips_rsa_pairwise_fail = 0;
-
-void FIPS_corrupt_rsa_keygen(void)
- {
- fips_rsa_pairwise_fail = 1;
- }
-
int fips_check_rsa(RSA *rsa)
{
const unsigned char tbs[] = "RSA Pairwise Check Data";
if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
#ifdef OPENSSL_FIPS
- if (fips_rsa_pairwise_fail)
- BN_add_word(rsa->n, 1);
-
if(!fips_check_rsa(rsa))
goto err;
#endif
#ifdef OPENSSL_FIPS
static struct
{
- unsigned char key[16];
- unsigned char plaintext[16];
- unsigned char ciphertext[16];
+ const unsigned char key[16];
+ const unsigned char plaintext[16];
+ const unsigned char ciphertext[16];
} tests[]=
{
{
},
};
-void FIPS_corrupt_aes()
- {
- tests[0].key[0]++;
- }
-
int FIPS_selftest_aes()
{
int n;
static struct
{
- unsigned char key[16];
- unsigned char plaintext[8];
- unsigned char ciphertext[8];
- } tests2[]=
- {
- {
- { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
- 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
- { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
- { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
- },
- {
- { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
- 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
- { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
- { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
- }
- };
-
-static struct
- {
- unsigned char key[24];
- unsigned char plaintext[8];
- unsigned char ciphertext[8];
+ const unsigned char key[24];
+ const unsigned char plaintext[8];
+ const unsigned char ciphertext[8];
} tests3[]=
{
{
},
};
-void FIPS_corrupt_des()
- {
- tests2[0].plaintext[0]++;
- }
-
int FIPS_selftest_des()
{
int n, ret = 0;
0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7,
0xdb,0xa0,0x69,0xe9
};
-static unsigned char dsa_test_2048_q[] = {
+static const unsigned char dsa_test_2048_q[] = {
0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a,
0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56,
0x74,0x41,0xa0,0xa5
0xec,0x55,0xf6,0xcc
};
-void FIPS_corrupt_dsa()
- {
- ++dsa_test_2048_q[0];
- }
-
int FIPS_selftest_dsa()
{
DSA *dsa=NULL;
static const char P_384_name[] = "ECDSA P-384";
-static unsigned char P_384_d[] = {
+static const unsigned char P_384_d[] = {
0x1d,0x84,0x42,0xde,0xa2,0x35,0x29,0xbd,0x9f,0xe2,0x6e,0x6d,
0x01,0x26,0x30,0x79,0x33,0x57,0x01,0xf3,0x97,0x88,0x41,0xb3,
0x82,0x07,0x08,0x5e,0x63,0x8e,0x1a,0xa6,0x9b,0x08,0xb6,0xe2,
0xfc,0x03,0xe5,0x12,0x50,0x17,0x98,0x7f,0x14,0x7e,0x95,0x17
};
-void FIPS_corrupt_ecdsa()
- {
- P_384_d[0]++;
- }
-
#ifndef OPENSSL_NO_EC2M
static const char K_409_name[] = "ECDSA K-409";
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
void FIPS_selftest_check(void);
-void FIPS_corrupt_sha1(void);
int FIPS_selftest_sha1(void);
-void FIPS_corrupt_aes(void);
int FIPS_selftest_aes_gcm(void);
void FIPS_corrupt_aes_gcm(void);
int FIPS_selftest_aes(void);
-void FIPS_corrupt_des(void);
int FIPS_selftest_des(void);
-void FIPS_corrupt_rsa(void);
-void FIPS_corrupt_rsa_keygen(void);
int FIPS_selftest_rsa(void);
-void FIPS_corrupt_dsa(void);
-void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
-void FIPS_corrupt_ecdsa(void);
-void FIPS_corrupt_ec_keygen(void);
void FIPS_corrupt_x931(void);
void FIPS_corrupt_drbg(void);
void FIPS_x931_stick(void);
int main(int argc,char **argv)
{
-
- int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
int bad_rsa = 0, bad_dsa = 0;
int do_rng_stick = 0;
int do_drbg_stick = 0;
test_msg("2. Automatic power-up self test", FIPS_mode_set(1));
if (!FIPS_mode())
exit(1);
- if (do_corrupt_dsa_keygen)
- FIPS_corrupt_dsa_keygen();
- if (do_corrupt_rsa_keygen)
- FIPS_corrupt_rsa_keygen();
if (do_drbg_stick)
FIPS_drbg_stick();
if (do_rng_stick)
#ifdef OPENSSL_FIPS
-static unsigned char rsa_test_2048_n[] = {
+static const unsigned char rsa_test_2048_n[] = {
0xDB,0x10,0x1A,0xC2,0xA3,0xF1,0xDC,0xFF,0x13,0x6B,0xED,0x44,
0xDF,0xF0,0x02,0x6D,0x13,0xC7,0x88,0xDA,0x70,0x6B,0x54,0xF1,
0xE8,0x27,0xDC,0xC3,0x0F,0x99,0x6A,0xFA,0xC6,0x67,0xFF,0x1D,
return 0;
}
-void FIPS_corrupt_rsa()
- {
- rsa_test_2048_n[0]++;
- }
-
/* Known Answer Test (KAT) data for the above RSA private key signing
* kat_tbs.
*/
#include <openssl/sha.h>
#ifdef OPENSSL_FIPS
-static unsigned char test[][60]=
+static const unsigned char test[][60]=
{
"",
"abc",
0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
};
-void FIPS_corrupt_sha1()
- {
- test[2][0]++;
- }
-
int FIPS_selftest_sha1()
{
int rv = 1;
projects / oweals / openssl.git / commitdiff