From 1f1bd3a51a406db1c16daa79c1bda5f11650d403 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Thu, 4 Sep 2003 07:17:43 +0000 Subject: [PATCH] Selftests. --- fips/aes/Makefile.ssl | 4 ++-- fips/aes/fingerprint.sha1 | 1 + fips/des/Makefile.ssl | 4 ++-- fips/des/fingerprint.sha1 | 1 + fips/des/fips_desmovs.c | 6 +++++- fips/dsa/.cvsignore | 1 + fips/fingerprint.sha1 | 6 +++--- fips/fips.c | 12 +++++++++++- fips/fips.h | 8 +++++++- fips/fips_err.c | 5 ++++- fips/fips_make_sha1 | 6 +++--- fips/sha1/.cvsignore | 1 + fips/sha1/Makefile.ssl | 4 ++-- fips/sha1/fingerprint.sha1 | 1 + 14 files changed, 44 insertions(+), 16 deletions(-) diff --git a/fips/aes/Makefile.ssl b/fips/aes/Makefile.ssl index ddecf55b70..d5f5a1052a 100644 --- a/fips/aes/Makefile.ssl +++ b/fips/aes/Makefile.ssl @@ -23,8 +23,8 @@ TEST=fips_aesavs.c fips_aes_data APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=fips_aes_core.c -LIBOBJ=fips_aes_core.o +LIBSRC=fips_aes_core.c fips_aes_selftest.c +LIBOBJ=fips_aes_core.o fips_aes_selftest.o SRC= $(LIBSRC) diff --git a/fips/aes/fingerprint.sha1 b/fips/aes/fingerprint.sha1 index 0d4eeddb0e..807e674403 100644 --- a/fips/aes/fingerprint.sha1 +++ b/fips/aes/fingerprint.sha1 @@ -1,2 +1,3 @@ SHA1(fips_aes_core.c)= 5298df7807877eed470a1ee5f8331fc0876689da +SHA1(fips_aes_selftest.c)= fb848010c088adbbfaf719ca77c91e8ae0932ce0 SHA1(fips_aes_locl.h)= a3c01d9a4f9d5211e9e785852f6f1a2febfd73b6 diff --git a/fips/des/Makefile.ssl b/fips/des/Makefile.ssl index ea59463b79..acec984a26 100644 --- a/fips/des/Makefile.ssl +++ b/fips/des/Makefile.ssl @@ -23,8 +23,8 @@ TEST= fips_desmovs.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=fips_des_enc.c -LIBOBJ=fips_des_enc.o +LIBSRC=fips_des_enc.c fips_des_selftest.c +LIBOBJ=fips_des_enc.o fips_des_selftest.o SRC= $(LIBSRC) diff --git a/fips/des/fingerprint.sha1 b/fips/des/fingerprint.sha1 index 9f6bba874a..4d944e0104 100644 --- a/fips/des/fingerprint.sha1 +++ b/fips/des/fingerprint.sha1 @@ -1,2 +1,3 @@ SHA1(fips_des_enc.c)= a4b88bb16782604a298d74de04a8b3bc3a204c5a +SHA1(fips_des_selftest.c)= 5638ae4d50be6110d9efbaa5e7e19c7e04c9940d SHA1(fips_des_locl.h)= 5e5128f074485e72d6fdee00d22d46a694bd5abe diff --git a/fips/des/fips_desmovs.c b/fips/des/fips_desmovs.c index 473062eab8..c041403cbe 100644 --- a/fips/des/fips_desmovs.c +++ b/fips/des/fips_desmovs.c @@ -667,7 +667,11 @@ int main(int argc, char **argv) int f_opt = 0, d_opt = 1; #ifdef FIPS - FIPS_mode_set(1); + if(!FIPS_mode_set(1)) + { + fprintf(stderr,"Failed to enter FIPS mode.\n"); + exit(1); + } #endif ERR_load_crypto_strings(); if (argc > 1) diff --git a/fips/dsa/.cvsignore b/fips/dsa/.cvsignore index 695fdd0059..e32a5ba021 100644 --- a/fips/dsa/.cvsignore +++ b/fips/dsa/.cvsignore @@ -1,2 +1,3 @@ Makefile.save lib +fips_dssvs diff --git a/fips/fingerprint.sha1 b/fips/fingerprint.sha1 index 9b90d65ba0..cdee38b17a 100644 --- a/fips/fingerprint.sha1 +++ b/fips/fingerprint.sha1 @@ -1,4 +1,4 @@ -SHA1(fips.c)= 39f2919005cb5c8d3b806b52d81a9247804dbe64 +SHA1(fips.c)= dfb2a82fcff1ee84b7674d84a0e0bf191cb759f3 SHA1(fips_err_wrapper.c)= 0cbe881739f6e7d91308e2e74b92032e69007528 -SHA1(fips.h)= 53ce62539f2b69141693d427af9a4c4abc822cd0 -SHA1(fips_err.c)= 197ccc595c33079de87ae02da868808a9ca60648 +SHA1(fips.h)= 5dc66fb941513cb732c51eeca6f44018d4acd7ae +SHA1(fips_err.c)= 672c470bf38e01ba2a1fa2d52492bc31330dd974 diff --git a/fips/fips.c b/fips/fips.c index 440258425c..bd12d67591 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -53,16 +53,26 @@ #ifdef FIPS -void FIPS_mode_set(int onoff) +int FIPS_selftest() + { + return FIPS_selftest_sha1() + && FIPS_selftest_aes() + && FIPS_selftest_des(); + } + +int FIPS_mode_set(int onoff) { FIPS_mode=onoff; if(onoff) { FIPS_rand_check=&rand_fips_meth; RAND_set_rand_method(&rand_fips_meth); + return FIPS_selftest(); } + return 1; } + #if 0 /* here just to cause error codes to exist */ static void dummy() diff --git a/fips/fips.h b/fips/fips.h index 020c45b726..179489b790 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -55,8 +55,11 @@ extern int FIPS_mode; extern void *FIPS_rand_check; struct dsa_st; -void FIPS_mode_set(int onoff); +int FIPS_mode_set(int onoff); int FIPS_dsa_check(struct dsa_st *dsa); +int FIPS_selftest_sha1(void); +int FIPS_selftest_aes(void); +int FIPS_selftest_des(void); /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -73,11 +76,14 @@ void ERR_load_FIPS_strings(void); /* Function codes. */ #define FIPS_F_FIPS_DSA_CHECK 102 +#define FIPS_F_FIPS_SELFTEST_AES 104 +#define FIPS_F_FIPS_SELFTEST_SHA1 103 #define FIPS_F_HASH_FINAL 100 #define FIPS_F_SSLEAY_RAND_BYTES 101 /* Reason codes. */ #define FIPS_R_NON_FIPS_METHOD 100 +#define FIPS_R_SELFTEST_FAILED 101 #ifdef __cplusplus } diff --git a/fips/fips_err.c b/fips/fips_err.c index 6f67161668..d9c55d37aa 100644 --- a/fips/fips_err.c +++ b/fips/fips_err.c @@ -1,6 +1,6 @@ /* fips/fips_err.c */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -67,6 +67,8 @@ static ERR_STRING_DATA FIPS_str_functs[]= { {ERR_PACK(0,FIPS_F_FIPS_DSA_CHECK,0), "FIPS_dsa_check"}, +{ERR_PACK(0,FIPS_F_FIPS_SELFTEST_AES,0), "FIPS_selftest_aes"}, +{ERR_PACK(0,FIPS_F_FIPS_SELFTEST_SHA1,0), "FIPS_selftest_sha1"}, {ERR_PACK(0,FIPS_F_HASH_FINAL,0), "HASH_FINAL"}, {ERR_PACK(0,FIPS_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, {0,NULL} @@ -75,6 +77,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= static ERR_STRING_DATA FIPS_str_reasons[]= { {FIPS_R_NON_FIPS_METHOD ,"non fips method"}, +{FIPS_R_SELFTEST_FAILED ,"selftest failed"}, {0,NULL} }; diff --git a/fips/fips_make_sha1 b/fips/fips_make_sha1 index 7cb167591b..8d5d72fcd5 100755 --- a/fips/fips_make_sha1 +++ b/fips/fips_make_sha1 @@ -12,13 +12,13 @@ cd rand $S fips_rand.c fips_rand.h > fingerprint.sha1 cd ../sha1 -$S fips_sha1dgst.c fips_sha_locl.h fips_md32_common.h > fingerprint.sha1 +$S fips_sha1dgst.c fips_sha1_selftest.c fips_sha_locl.h fips_md32_common.h > fingerprint.sha1 cd ../aes -$S fips_aes_core.c fips_aes_locl.h > fingerprint.sha1 +$S fips_aes_core.c fips_aes_selftest.c fips_aes_locl.h > fingerprint.sha1 cd ../dsa $S fips_dsa_ossl.c fips_dsa_gen.c > fingerprint.sha1 cd ../des -$S fips_des_enc.c fips_des_locl.h > fingerprint.sha1 +$S fips_des_enc.c fips_des_selftest.c fips_des_locl.h > fingerprint.sha1 diff --git a/fips/sha1/.cvsignore b/fips/sha1/.cvsignore index 3c65d3f9db..ba5158a0fa 100644 --- a/fips/sha1/.cvsignore +++ b/fips/sha1/.cvsignore @@ -1,3 +1,4 @@ Makefile.save lib fips_standalone_sha1 +fips_sha1test diff --git a/fips/sha1/Makefile.ssl b/fips/sha1/Makefile.ssl index 373d11a5f3..fcb4d165bd 100644 --- a/fips/sha1/Makefile.ssl +++ b/fips/sha1/Makefile.ssl @@ -24,8 +24,8 @@ APPS= EXE= fips_standalone_sha1 LIB=$(TOP)/libcrypto.a -LIBSRC=fips_sha1dgst.c -LIBOBJ=fips_sha1dgst.o +LIBSRC=fips_sha1dgst.c fips_sha1_selftest.c +LIBOBJ=fips_sha1dgst.o fips_sha1_selftest.o SRC= $(LIBSRC) fips_standalone_sha1.c diff --git a/fips/sha1/fingerprint.sha1 b/fips/sha1/fingerprint.sha1 index 658fab3f61..ec4a620698 100644 --- a/fips/sha1/fingerprint.sha1 +++ b/fips/sha1/fingerprint.sha1 @@ -1,3 +1,4 @@ SHA1(fips_sha1dgst.c)= 609e2cbf5d3cdcf318ec10238a0e82b93b78e6b5 +SHA1(fips_sha1_selftest.c)= d1becdceec9f08d2cd9ab22238a3f5941a98dd01 SHA1(fips_sha_locl.h)= 677427c495b571991f013939ea7e5dea87828f8c SHA1(fips_md32_common.h)= 4f41bcde24750b3b8c99a06bcba2fe06ff8db4d0 -- 2.25.1