From: Dr. Stephen Henson Date: Wed, 20 Apr 2011 18:05:05 +0000 (+0000) Subject: Update DRBG to use new POST scheme. X-Git-Tag: OpenSSL-fips-2_0-rc1~521 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7608978861ccef4823d7fbc4598879b104597121;p=oweals%2Fopenssl.git Update DRBG to use new POST scheme. --- diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index ee64b1590a..64452bae3c 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -685,6 +685,9 @@ POST_ID id_list[] = { {NID_aes_128_cbc, "AES-128-CBC"}, {NID_aes_192_cbc, "AES-192-CBC"}, {NID_aes_256_cbc, "AES-256-CBC"}, + {NID_aes_128_ctr, "AES-128-CTR"}, + {NID_aes_192_ctr, "AES-192-CTR"}, + {NID_aes_256_ctr, "AES-256-CTR"}, {NID_aes_128_ecb, "AES-128-ECB"}, {NID_aes_128_xts, "AES-128-XTS"}, {NID_aes_256_xts, "AES-256-XTS"}, @@ -772,6 +775,13 @@ static int post_cb(int op, int id, int subid, void *ex) case FIPS_TEST_DRBG: idstr = "DRBG"; + if (*(int *)ex & DRBG_FLAG_CTR_USE_DF) + { + sprintf(asctmp, "%s DF", lookup_id(subid)); + exstr = asctmp; + } + else + exstr = lookup_id(subid); break; case FIPS_TEST_PAIRWISE: @@ -891,7 +901,7 @@ int main(int argc,char **argv) } else if (!strcmp(argv[1], "cmac")) { fail_id = FIPS_TEST_CMAC; } else if (!strcmp(argv[1], "drbg")) { - FIPS_corrupt_drbg(); + fail_id = FIPS_TEST_DRBG; } else if (!strcmp(argv[1], "rng")) { fail_id = FIPS_TEST_X931; } else if (!strcmp(argv[1], "post")) { diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index 496ea73481..cbf0590c6d 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -60,6 +60,7 @@ #include #include #include "fips_rand_lcl.h" +#include "fips_locl.h" typedef struct { int nid; @@ -688,7 +689,7 @@ static const unsigned char sha512_additionalinput2[] = 0x41,0xbe,0x14,0x87,0x81,0x08,0x0d,0xee }; /* NB: not constant so we can corrupt it */ -static unsigned char sha512_entropyinputpr2[] = +static const unsigned char sha512_entropyinputpr2[] = { 0xed,0x22,0x42,0x61,0xa7,0x4c,0xed,0xc7,0x10,0x82,0x61,0x17, 0xaa,0x7d,0xdb,0x4e,0x1c,0x96,0x61,0x23,0xcd,0x8f,0x84,0x77, @@ -750,15 +751,11 @@ static size_t test_nonce(DRBG_CTX *dctx, unsigned char **pout, return t->noncelen; } -void FIPS_corrupt_drbg(void) - { - sha512_entropyinputpr2[0]++; - } - static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) { TEST_ENT t; int rv = 0; + size_t adinlen; unsigned char randout[1024]; if (!FIPS_drbg_init(dctx, td->nid, td->flags)) return 0; @@ -780,8 +777,16 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) t.ent = td->entpr; t.entlen = td->entprlen; + /* Note for CTR without DF some additional input values + * ignore bytes after the keylength: so reduce adinlen + * to half to ensure invalid data is fed in. + */ + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->flags)) + adinlen = td->adinlen / 2; + else + adinlen = td->adinlen; if (!FIPS_drbg_generate(dctx, randout, td->katlen, 0, 1, - td->adin, td->adinlen)) + td->adin, adinlen)) goto err; t.ent = td->entg; @@ -1018,20 +1023,31 @@ int FIPS_selftest_drbg(void) { DRBG_CTX *dctx; DRBG_SELFTEST_DATA *td; + int rv = 1; dctx = FIPS_drbg_new(0, 0); if (!dctx) return 0; for (td = drbg_test; td->nid != 0; td++) { + if (!fips_post_started(FIPS_TEST_DRBG, td->nid, &td->flags)) + return 1; if (!fips_drbg_single_kat(dctx, td)) - break; + { + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); + rv = 0; + continue; + } if (!fips_drbg_health_check(dctx, td)) - break; + { + fips_post_failed(FIPS_TEST_DRBG, td->nid, &td->flags); + rv = 0; + continue; + } + if (!fips_post_success(FIPS_TEST_DRBG, td->nid, &td->flags)) + return 0; } FIPS_drbg_free(dctx); - if (td->nid == 0) - return 1; - return 0; + return rv; }