From d70f5891da26929ccf94fb71929d6e69bddf6a24 Mon Sep 17 00:00:00 2001
From: Ben Laurie <ben@openssl.org>
Date: Mon, 12 Jul 2004 17:59:50 +0000
Subject: [PATCH] Corrected test program.

---
 fips/dh/fingerprint.sha1 |  6 +++---
 fips/fips_test_suite.c   | 45 ++++++++++++++++++++++++++++++++++------
 2 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/fips/dh/fingerprint.sha1 b/fips/dh/fingerprint.sha1
index 2db86705fe..6e4b2444d6 100644
--- a/fips/dh/fingerprint.sha1
+++ b/fips/dh/fingerprint.sha1
@@ -1,3 +1,3 @@
-HMAC-SHA1(fips_dh_check.c)= 5657cf7c136f6d9608df40d0699fe1d61d0ad5b5
-HMAC-SHA1(fips_dh_gen.c)= e3626ccd5124942cb19ca962470d2c3704d265bb
-HMAC-SHA1(fips_dh_key.c)= 88c882a9063c0b7e5f46de1a7bfa82f71e0a918e
+HMAC-SHA1(fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3
+HMAC-SHA1(fips_dh_gen.c)= 6aaf18dab32bf9a5fb4b7449ac4cbe559040adb4
+HMAC-SHA1(fips_dh_key.c)= 7bf23b329a776953bbe7c30ebd7f9faf5249ddbe
diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c
index cb4386ae45..732bb6cd7c 100644
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -24,7 +24,7 @@
 #include <openssl/md5.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
-
+#include <openssl/bn.h>                                                                                          
 #ifndef OPENSSL_FIPS
 int main(int argc, char *argv[])
     {
@@ -174,12 +174,37 @@ static int dh_test()
 
     ERR_clear_error();
     dh = DH_generate_parameters(256, 2, NULL, NULL);
-    if (!dh)
-	{
-	ERR_load_crypto_strings();
-        ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+    if (dh)
+        return 1;
+    return 0;
+    }
+
+/* Zeroize
+*/
+static int Zeroize()
+    {
+    RSA *key;
+    unsigned char userkey[16] = 
+	{ 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
+    int i, n;
+    
+    key = RSA_generate_key(1024,65537,NULL,NULL);
+    if (!key)
 	return 0;
-	}
+    n = BN_num_bytes(key->d);
+    printf(" Generated %d byte RSA private key\n", n);
+    printf("\tBN key before overwriting:\n%s\n", BN_bn2hex(key->d));
+    BN_rand(key->d,n*8,-1,0);
+    printf("\tBN key after overwriting:\n%s\n", BN_bn2hex(key->d));
+
+    printf("\tchar buffer key before overwriting: \n\t\t");
+    for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
+        printf("\n");
+    RAND_bytes(userkey, sizeof userkey);
+    printf("\tchar buffer key after overwriting: \n\t\t");
+    for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
+        printf("\n");
+
     return 1;
     }
 
@@ -195,6 +220,9 @@ int main(int argc,char **argv)
 
     printf("\tFIPS-mode test application\n\n");
 
+    /* Load entropy from external file, if any */
+    RAND_load_file(".rnd", 1024);
+
     if (argv[1]) {
         /* Corrupted KAT tests */
         if (!strcmp(argv[1], "aes")) {
@@ -301,6 +329,11 @@ int main(int argc,char **argv)
     printf( dh_test() ? "successful as expected\n"
 	    : Fail("failed INCORRECTLY!\n") );
 
+    /* Zeroization
+    */
+    printf("9. Zero-ization...\n");
+    Zeroize();
+
     printf("\nAll tests completed with %d errors\n", Error);
     return 0;
     }
-- 
2.25.1