From: Dr. Stephen Henson Date: Thu, 14 Apr 2011 11:30:51 +0000 (+0000) Subject: Remove several of the old obsolete FIPS_corrupt_*() functions. X-Git-Tag: OpenSSL-fips-2_0-rc1~553 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a6311f856b9ed7d71460872148a735335338918e;p=oweals%2Fopenssl.git Remove several of the old obsolete FIPS_corrupt_*() functions. --- diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 39cf6b790d..c7589873a4 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -71,13 +71,6 @@ #include #include -static int fips_dsa_pairwise_fail = 0; - -void FIPS_corrupt_dsa_keygen(void) - { - fips_dsa_pairwise_fail = 1; - } - static int fips_check_dsa(DSA *dsa) { EVP_PKEY pk; @@ -159,8 +152,6 @@ static int dsa_builtin_keygen(DSA *dsa) dsa->priv_key=priv_key; dsa->pub_key=pub_key; #ifdef OPENSSL_FIPS - if (fips_dsa_pairwise_fail) - BN_add_word(dsa->pub_key, 1); if(!fips_check_dsa(dsa)) { dsa->pub_key = NULL; diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 1f048948e2..59bc08494e 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -236,13 +236,6 @@ int EC_KEY_up_ref(EC_KEY *r) #include -static int fips_ec_pairwise_fail = 0; - -void FIPS_corrupt_ec_keygen(void) - { - fips_ec_pairwise_fail = 1; - } - static int fips_check_ec(EC_KEY *key) { EVP_PKEY pk; @@ -311,8 +304,6 @@ int EC_KEY_generate_key(EC_KEY *eckey) eckey->pub_key = pub_key; #ifdef OPENSSL_FIPS - if (fips_ec_pairwise_fail) - BN_add_word(eckey->priv_key, 1); if(!fips_check_ec(eckey)) { eckey->priv_key = NULL; diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 977e461ef0..8f798c0dec 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -76,13 +76,6 @@ #include #include -static int fips_rsa_pairwise_fail = 0; - -void FIPS_corrupt_rsa_keygen(void) - { - fips_rsa_pairwise_fail = 1; - } - int fips_check_rsa(RSA *rsa) { const unsigned char tbs[] = "RSA Pairwise Check Data"; @@ -290,9 +283,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err; #ifdef OPENSSL_FIPS - if (fips_rsa_pairwise_fail) - BN_add_word(rsa->n, 1); - if(!fips_check_rsa(rsa)) goto err; #endif diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c index 457dabda38..403f4b74ca 100644 --- a/fips/aes/fips_aes_selftest.c +++ b/fips/aes/fips_aes_selftest.c @@ -57,9 +57,9 @@ #ifdef OPENSSL_FIPS static struct { - unsigned char key[16]; - unsigned char plaintext[16]; - unsigned char ciphertext[16]; + const unsigned char key[16]; + const unsigned char plaintext[16]; + const unsigned char ciphertext[16]; } tests[]= { { @@ -72,11 +72,6 @@ static struct }, }; -void FIPS_corrupt_aes() - { - tests[0].key[0]++; - } - int FIPS_selftest_aes() { int n; diff --git a/fips/des/fips_des_selftest.c b/fips/des/fips_des_selftest.c index 9eea546560..9d027c9195 100644 --- a/fips/des/fips_des_selftest.c +++ b/fips/des/fips_des_selftest.c @@ -59,30 +59,9 @@ static struct { - unsigned char key[16]; - unsigned char plaintext[8]; - unsigned char ciphertext[8]; - } tests2[]= - { - { - { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec, - 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 }, - { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef }, - { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd } - }, - { - { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34, - 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 }, - { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e }, - { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff }, - } - }; - -static struct - { - unsigned char key[24]; - unsigned char plaintext[8]; - unsigned char ciphertext[8]; + const unsigned char key[24]; + const unsigned char plaintext[8]; + const unsigned char ciphertext[8]; } tests3[]= { { @@ -101,11 +80,6 @@ static struct }, }; -void FIPS_corrupt_des() - { - tests2[0].plaintext[0]++; - } - int FIPS_selftest_des() { int n, ret = 0; diff --git a/fips/dsa/fips_dsa_selftest.c b/fips/dsa/fips_dsa_selftest.c index 8d894256f6..9617ab14bc 100644 --- a/fips/dsa/fips_dsa_selftest.c +++ b/fips/dsa/fips_dsa_selftest.c @@ -84,7 +84,7 @@ static const unsigned char dsa_test_2048_p[] = { 0x2c,0x8d,0x74,0x69,0xdb,0x02,0xe2,0x4d,0x59,0x23,0x94,0xa7, 0xdb,0xa0,0x69,0xe9 }; -static unsigned char dsa_test_2048_q[] = { +static const unsigned char dsa_test_2048_q[] = { 0xd2,0x77,0x04,0x4e,0x50,0xf5,0xa4,0xe3,0xf5,0x10,0xa5,0x0a, 0x0b,0x84,0xfd,0xff,0xbc,0xa0,0x47,0xed,0x27,0x60,0x20,0x56, 0x74,0x41,0xa0,0xa5 @@ -144,11 +144,6 @@ static const unsigned char dsa_test_2048_priv_key[] = { 0xec,0x55,0xf6,0xcc }; -void FIPS_corrupt_dsa() - { - ++dsa_test_2048_q[0]; - } - int FIPS_selftest_dsa() { DSA *dsa=NULL; diff --git a/fips/ecdsa/fips_ecdsa_selftest.c b/fips/ecdsa/fips_ecdsa_selftest.c index 69494806d5..8681005ef0 100644 --- a/fips/ecdsa/fips_ecdsa_selftest.c +++ b/fips/ecdsa/fips_ecdsa_selftest.c @@ -67,7 +67,7 @@ static const char P_384_name[] = "ECDSA P-384"; -static unsigned char P_384_d[] = { +static const unsigned char P_384_d[] = { 0x1d,0x84,0x42,0xde,0xa2,0x35,0x29,0xbd,0x9f,0xe2,0x6e,0x6d, 0x01,0x26,0x30,0x79,0x33,0x57,0x01,0xf3,0x97,0x88,0x41,0xb3, 0x82,0x07,0x08,0x5e,0x63,0x8e,0x1a,0xa6,0x9b,0x08,0xb6,0xe2, @@ -86,11 +86,6 @@ static const unsigned char P_384_qy[] = { 0xfc,0x03,0xe5,0x12,0x50,0x17,0x98,0x7f,0x14,0x7e,0x95,0x17 }; -void FIPS_corrupt_ecdsa() - { - P_384_d[0]++; - } - #ifndef OPENSSL_NO_EC2M static const char K_409_name[] = "ECDSA K-409"; diff --git a/fips/fips.h b/fips/fips.h index 4bc77f00d9..1e4b109ed0 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -72,23 +72,14 @@ const void *FIPS_rand_check(void); int FIPS_selftest(void); int FIPS_selftest_failed(void); void FIPS_selftest_check(void); -void FIPS_corrupt_sha1(void); int FIPS_selftest_sha1(void); -void FIPS_corrupt_aes(void); int FIPS_selftest_aes_gcm(void); void FIPS_corrupt_aes_gcm(void); int FIPS_selftest_aes(void); -void FIPS_corrupt_des(void); int FIPS_selftest_des(void); -void FIPS_corrupt_rsa(void); -void FIPS_corrupt_rsa_keygen(void); int FIPS_selftest_rsa(void); -void FIPS_corrupt_dsa(void); -void FIPS_corrupt_dsa_keygen(void); int FIPS_selftest_dsa(void); int FIPS_selftest_ecdsa(void); -void FIPS_corrupt_ecdsa(void); -void FIPS_corrupt_ec_keygen(void); void FIPS_corrupt_x931(void); void FIPS_corrupt_drbg(void); void FIPS_x931_stick(void); diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index e71ab11599..168db53711 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -826,8 +826,6 @@ static int post_cb(int op, int id, int subid, void *ex) int main(int argc,char **argv) { - - int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0; int bad_rsa = 0, bad_dsa = 0; int do_rng_stick = 0; int do_drbg_stick = 0; @@ -917,10 +915,6 @@ int main(int argc,char **argv) test_msg("2. Automatic power-up self test", FIPS_mode_set(1)); if (!FIPS_mode()) exit(1); - if (do_corrupt_dsa_keygen) - FIPS_corrupt_dsa_keygen(); - if (do_corrupt_rsa_keygen) - FIPS_corrupt_rsa_keygen(); if (do_drbg_stick) FIPS_drbg_stick(); if (do_rng_stick) diff --git a/fips/rsa/fips_rsa_selftest.c b/fips/rsa/fips_rsa_selftest.c index 0f6c5ff51a..df03b6ade8 100644 --- a/fips/rsa/fips_rsa_selftest.c +++ b/fips/rsa/fips_rsa_selftest.c @@ -61,7 +61,7 @@ #ifdef OPENSSL_FIPS -static unsigned char rsa_test_2048_n[] = { +static const unsigned char rsa_test_2048_n[] = { 0xDB,0x10,0x1A,0xC2,0xA3,0xF1,0xDC,0xFF,0x13,0x6B,0xED,0x44, 0xDF,0xF0,0x02,0x6D,0x13,0xC7,0x88,0xDA,0x70,0x6B,0x54,0xF1, 0xE8,0x27,0xDC,0xC3,0x0F,0x99,0x6A,0xFA,0xC6,0x67,0xFF,0x1D, @@ -193,11 +193,6 @@ static int setrsakey(RSA *k) return 0; } -void FIPS_corrupt_rsa() - { - rsa_test_2048_n[0]++; - } - /* Known Answer Test (KAT) data for the above RSA private key signing * kat_tbs. */ diff --git a/fips/sha/fips_sha1_selftest.c b/fips/sha/fips_sha1_selftest.c index e0f0c12d9e..3c8ca2be20 100644 --- a/fips/sha/fips_sha1_selftest.c +++ b/fips/sha/fips_sha1_selftest.c @@ -56,7 +56,7 @@ #include #ifdef OPENSSL_FIPS -static unsigned char test[][60]= +static const unsigned char test[][60]= { "", "abc", @@ -73,11 +73,6 @@ static const unsigned char ret[][SHA_DIGEST_LENGTH]= 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 }, }; -void FIPS_corrupt_sha1() - { - test[2][0]++; - } - int FIPS_selftest_sha1() { int rv = 1;