Revise fips_test_suite to use table of IDs for human readable strings.
Modify HMAC selftest callbacks to notify each digest type used.
diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c
index 8b0ffaf..b84eda4 100644
--- a/fips/aes/fips_aes_selftest.c
+++ b/fips/aes/fips_aes_selftest.c
@@ -134,7 +134,7 @@
memset(tag, 0, sizeof(tag));
if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
return 1;
- if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
+ if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
do_corrupt = 1;
if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
goto err;
diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c
index 40676ae..c14ecb3 100644
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -665,42 +665,39 @@
printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
}
-static const char *post_get_sig(int id)
+/* Table of IDs for POST translating between NIDs and names */
+
+typedef struct
{
- switch (id)
- {
- case EVP_PKEY_RSA:
- return " (RSA)";
+ int id;
+ const char *name;
+ } POST_ID;
- case EVP_PKEY_DSA:
- return " (DSA)";
+POST_ID id_list[] = {
+ {NID_sha1, "SHA1"},
+ {NID_sha224, "SHA224"},
+ {NID_sha256, "SHA256"},
+ {NID_sha384, "SHA384"},
+ {NID_sha512, "SHA512"},
+ {EVP_PKEY_RSA, "RSA"},
+ {EVP_PKEY_DSA, "DSA"},
+ {EVP_PKEY_EC, "ECDSA"},
+ {NID_aes_128_ecb, "AES-128-ECB"},
+ {NID_des_ede3_ecb, "DES-EDE3-ECB"},
+ {0, NULL}
+};
- case EVP_PKEY_EC:
- return " (ECDSA)";
-
- default:
- return " (UNKNOWN)";
-
- }
- }
-
-static const char *post_get_cipher(int id)
+static const char *lookup_id(int id)
{
- static char out[128];
- switch(id)
+ POST_ID *n;
+ static char out[40];
+ for (n = id_list; n->name; n++)
{
-
- case NID_aes_128_ecb:
- return " (AES-128-ECB)";
-
- case NID_des_ede3_ecb:
- return " (DES-EDE3-ECB)";
-
- default:
- sprintf(out, " (NID=%d)", id);
- return out;
-
+ if (n->id == id)
+ return n->name;
}
+ sprintf(out, "ID=%d\n", id);
+ return out;
}
static int fail_id = -1;
@@ -719,12 +716,11 @@
case FIPS_TEST_DIGEST:
idstr = "Digest";
- if (subid == NID_sha1)
- exstr = " (SHA1)";
+ exstr = lookup_id(subid);
break;
case FIPS_TEST_CIPHER:
- exstr = post_get_cipher(subid);
+ exstr = lookup_id(subid);
idstr = "Cipher";
break;
@@ -733,12 +729,13 @@
{
EVP_PKEY *pkey = ex;
keytype = pkey->type;
- exstr = post_get_sig(keytype);
+ exstr = lookup_id(keytype);
}
idstr = "Signature";
break;
case FIPS_TEST_HMAC:
+ exstr = lookup_id(subid);
idstr = "HMAC";
break;
@@ -747,11 +744,11 @@
break;
case FIPS_TEST_GCM:
- idstr = "HMAC";
+ idstr = "GCM";
break;
case FIPS_TEST_CCM:
- idstr = "HMAC";
+ idstr = "CCM";
break;
case FIPS_TEST_XTS:
@@ -771,7 +768,7 @@
{
EVP_PKEY *pkey = ex;
keytype = pkey->type;
- exstr = post_get_sig(keytype);
+ exstr = lookup_id(keytype);
}
idstr = "Pairwise Consistency";
break;
@@ -797,15 +794,15 @@
break;
case FIPS_POST_STARTED:
- printf("\t\t%s%s test started\n", idstr, exstr);
+ printf("\t\t%s %s test started\n", idstr, exstr);
break;
case FIPS_POST_SUCCESS:
- printf("\t\t%s%s test OK\n", idstr, exstr);
+ printf("\t\t%s %s test OK\n", idstr, exstr);
break;
case FIPS_POST_FAIL:
- printf("\t\t%s%s test FAILED!!\n", idstr, exstr);
+ printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
break;
case FIPS_POST_CORRUPT:
@@ -813,7 +810,7 @@
&& (fail_key == -1 || fail_key == keytype)
&& (fail_sub == -1 || fail_sub == subid))
{
- printf("\t\t%s%s test failure induced\n", idstr, exstr);
+ printf("\t\t%s %s test failure induced\n", idstr, exstr);
return 0;
}
break;
@@ -822,8 +819,6 @@
return 1;
}
-
-
int main(int argc,char **argv)
{
int bad_rsa = 0, bad_dsa = 0;
diff --git a/fips/hmac/fips_hmac_selftest.c b/fips/hmac/fips_hmac_selftest.c
index fd81890..34ac247 100644
--- a/fips/hmac/fips_hmac_selftest.c
+++ b/fips/hmac/fips_hmac_selftest.c
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -119,46 +119,58 @@
unsigned char out[EVP_MAX_MD_SIZE];
const EVP_MD *md;
const HMAC_KAT *t;
- int rv = 0, do_corrupt = 0;
+ int rv = 1, subid;
HMAC_CTX c;
HMAC_CTX_init(&c);
- if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
- return 1;
- if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
- do_corrupt = 1;
for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
{
md = (*t->alg)();
+ subid = M_EVP_MD_type(md);
+ if (!fips_post_started(FIPS_TEST_HMAC, subid, 0))
+ continue;
if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
+ {
+ rv = -1;
goto err;
+ }
if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
+ {
+ rv = -1;
goto err;
- if (do_corrupt)
+ }
+ if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL))
{
if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
+ {
+ rv = -1;
goto err;
+ }
}
if (!HMAC_Final(&c, out, &outlen))
+ {
+ rv = -1;
goto err;
+ }
if(memcmp(out,t->kaval,outlen))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
- goto err;
+ fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
+ rv = 0;
}
+ if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
+ goto err;
}
- rv = 1;
-
err:
HMAC_CTX_cleanup(&c);
- if (rv == 0)
+ if (rv == -1)
{
- fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
- return 0;
+ fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
+ rv = 0;
}
- return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
+ return rv;
}
#endif
