Google Git
Sign in
flutter/third_party/openssl/4fa35e7336100df98d8e3db61f3559671bc3f3cd^!/.
commit
4fa35e7336100df98d8e3db61f3559671bc3f3cd
[log]
author
Dr. Stephen Henson <steve@openssl.org>
Sat Dec 10 13:38:34 2011 +0000
committer
Dr. Stephen Henson <steve@openssl.org>
Sat Dec 10 13:38:34 2011 +0000
tree
553928d69b993144c050e5dd2639e1428b0460a8
parent
a3a2e3a43d13d8486c5e100e1bef7fec8e61b27b [diff]
Updates from fips2 branch: close streams in test utilities, use cofactor ECDH
add new key and signature generation tests to fips_test_suite.

diff --git a/fips/dh/fips_dhvs.c b/fips/dh/fips_dhvs.c
index 3ba1977..0fb52f7 100644
--- a/fips/dh/fips_dhvs.c
+++ b/fips/dh/fips_dhvs.c

@@ -279,6 +279,10 @@
 							rhash, rhashlen);
 			}
 		}
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
 	return 0;
 	parse_error:
 	fprintf(stderr, "Error Parsing request file\n");

diff --git a/fips/ecdh/fips_ecdh_selftest.c b/fips/ecdh/fips_ecdh_selftest.c
index 2b21cea..0b16c57 100644
--- a/fips/ecdh/fips_ecdh_selftest.c
+++ b/fips/ecdh/fips_ecdh_selftest.c

@@ -166,6 +166,7 @@
 			rv = -1;
 			goto err;
 			}
+		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
 
 		if (!EC_KEY_set_public_key_affine_coordinates(ec1, x, y))
 			{
@@ -194,6 +195,7 @@
 			rv = -1;
 			goto err;
 			}
+		EC_KEY_set_flags(ec1, EC_FLAG_COFACTOR_ECDH);
 
 		if (!EC_KEY_set_public_key_affine_coordinates(ec2, x, y))
 			{

diff --git a/fips/ecdh/fips_ecdhvs.c b/fips/ecdh/fips_ecdhvs.c
index a30e335..a142286 100644
--- a/fips/ecdh/fips_ecdhvs.c
+++ b/fips/ecdh/fips_ecdhvs.c

@@ -261,6 +261,7 @@
 	unsigned char chash[EVP_MAX_MD_SIZE];
 	int Zlen;
 	ec = EC_KEY_new();
+	EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
 	EC_KEY_set_group(ec, group);
 	peerkey = make_peer(group, cx, cy);
 	if (rhash == NULL)
@@ -413,6 +414,11 @@
 			if (group)
 				EC_GROUP_free(group);
 			group = EC_GROUP_new_by_curve_name(nid);
+			if (!group)
+				{
+				fprintf(stderr, "ERROR: unsupported curve %s\n", buf + 1);
+				return 1;
+				}
 			}
 
 		if (strlen(buf) > 6 && !strncmp(buf, "[E", 2))
@@ -478,6 +484,10 @@
 		BN_free(cy);
 	if (group)
 		EC_GROUP_free(group);
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
 	if (rv)
 		fprintf(stderr, "Error Parsing request file\n");
 	return rv;

diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c
index 2d0a4bb..cf8f085 100644
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c

@@ -650,6 +650,13 @@
 	return (min_len + 0xf) & ~0xf;
 	}
 
+/* Callback which returns 0 to indicate entropy source failure */
+static size_t drbg_fail_cb(DRBG_CTX *ctx, unsigned char **pout,
+                                int entropy, size_t min_len, size_t max_len)
+	{
+	return 0;
+	}
+
 /* DRBG test: just generate lots of data and trigger health checks */
 
 static int do_drbg_test(int type, int flags)
@@ -1036,7 +1043,7 @@
 	size_t i;
 	RSA *rsa = NULL;
 	DSA *dsa = NULL;
-	DRBG_CTX *dctx = NULL;
+	DRBG_CTX *dctx = NULL, *defctx = NULL;
 	EC_KEY *ec = NULL;
 	BIGNUM *bn = NULL;
 	unsigned char out[10];
@@ -1133,6 +1140,9 @@
 	else
 		printf("\tECDSA key generation failed as expected.\n");
 
+	FIPS_ec_key_free(ec);
+	ec = NULL;
+
 	fail_id = -1;
 	fail_sub = -1;
 	fail_key = -1;
@@ -1241,6 +1251,63 @@
 		printf("\tX9.31 continuous PRNG failed as expected\n");
 	FIPS_x931_stick(0);
 
+	/* Leave FIPS mode to clear error */
+	FIPS_module_mode_set(0, NULL);
+	/* Enter FIPS mode successfully */
+	if (!FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS))
+		{
+		printf("\tError entering FIPS mode\n");
+		st_err++;
+		}
+
+	printf("    Testing operation failure with DRBG entropy failure\n");
+
+	/* Generate DSA key for later use */
+    	if (DSA_generate_key(dsa))
+		printf("\tDSA key generated OK as expected.\n");
+	else
+		{
+		printf("\tDSA key generation FAILED!!\n");
+		st_err++;
+		}
+
+	/* Initialise default DRBG context */
+	defctx = FIPS_get_default_drbg();
+	if (!defctx)
+		return 0;
+	if (!FIPS_drbg_init(defctx, NID_sha512, 0))
+		return 0;
+	/* Set entropy failure callback */
+	FIPS_drbg_set_callbacks(defctx, drbg_fail_cb, 0, 0x10, drbg_test_cb, 0);
+	if (FIPS_drbg_instantiate(defctx, dummy_drbg_entropy, 10))
+		{
+		printf("\tDRBG entropy fail OK incorrectly!!\n");
+		st_err++;
+		}
+	else
+		printf("\tDRBG entropy fail failed as expected\n");
+
+	if (FIPS_dsa_sign(dsa, dummy_drbg_entropy, 5, EVP_sha256()))
+		{
+		printf("\tDSA signing OK incorrectly!!\n");
+		st_err++;
+		}
+	else
+		printf("\tDSA signing failed as expected\n");
+
+	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+
+	if (!ec)
+		return 0;
+
+    	if (EC_KEY_generate_key(ec))
+		{
+		printf("\tECDSA key generated OK incorrectly!!\n");
+		st_err++;
+		}
+	else
+		printf("\tECDSA key generation failed as expected.\n");
+
 	printf("  Induced failure test completed with %d errors\n", st_err);
 	post_quiet = 0; 
 	no_err = 0;

diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c
index bcdfa6d..9aae88c 100644
--- a/fips/rand/fips_drbgvs.c
+++ b/fips/rand/fips_drbgvs.c

@@ -176,7 +176,7 @@
 int main(int argc,char **argv)
 #endif
 	{
-	FILE *in, *out;
+	FILE *in = NULL, *out = NULL;
 	DRBG_CTX *dctx = NULL;
 	TEST_ENT t;
 	int r, nid = 0;
@@ -406,6 +406,10 @@
 			}
 
 		}
+	if (in && in != stdin)
+		fclose(in);
+	if (out && out != stdout)
+		fclose(out);
 	return 0;
 	}