[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-cvs
Subject: [CVS] OpenSSL: OpenSSL-fips-2_0-dev: openssl/fips/des/ fips_des_selfte...
From: "Dr. Stephen Henson" <steve () openssl ! org>
Date: 2012-12-28 20:19:11
Message-ID: 20121228201911.17D3C166C8 () master ! openssl ! org
[Download RAW message or body]
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Dr. Stephen Henson
Root: /v/openssl/cvs Email: steve@openssl.org
Module: openssl Date: 28-Dec-2012 21:19:11
Branch: OpenSSL-fips-2_0-dev Handle: 2012122820190901
Modified files: (Branch: OpenSSL-fips-2_0-dev)
openssl/fips fips_test_suite.c
openssl/fips/des fips_des_selftest.c
openssl/fips/ecdsa fips_ecdsa_selftest.c
Log:
Make DES3 and ECDSA self tests continue with remaining cases on
failure.
Make fips_test_suite induced failure work on every possible subtest instead
of just categories of subtest.
Summary:
Revision Changes Path
1.8.4.1 +2 -4 openssl/fips/des/fips_des_selftest.c
1.9.4.1 +4 -4 openssl/fips/ecdsa/fips_ecdsa_selftest.c
1.42.2.7.2.1+36 -46 openssl/fips/fips_test_suite.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openssl/fips/des/fips_des_selftest.c
============================================================================
$ cvs diff -u -r1.8 -r1.8.4.1 fips_des_selftest.c
--- openssl/fips/des/fips_des_selftest.c 14 Sep 2011 20:48:46 -0000 1.8
+++ openssl/fips/des/fips_des_selftest.c 28 Dec 2012 20:19:10 -0000 1.8.4.1
@@ -83,7 +83,7 @@
int FIPS_selftest_des()
{
- int n, ret = 0;
+ int n, ret = 1;
EVP_CIPHER_CTX ctx;
FIPS_cipher_ctx_init(&ctx);
@@ -93,10 +93,8 @@
if (!fips_cipher_test(FIPS_TEST_CIPHER, &ctx, EVP_des_ede3_ecb(),
tests3[n].key, NULL,
tests3[n].plaintext, tests3[n].ciphertext, 8))
- goto err;
+ ret = 0;
}
- ret = 1;
- err:
FIPS_cipher_ctx_cleanup(&ctx);
if (ret == 0)
FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/ecdsa/fips_ecdsa_selftest.c
============================================================================
$ cvs diff -u -r1.9 -r1.9.4.1 fips_ecdsa_selftest.c
--- openssl/fips/ecdsa/fips_ecdsa_selftest.c 14 Sep 2011 20:48:47 -0000 1.9
+++ openssl/fips/ecdsa/fips_ecdsa_selftest.c 28 Dec 2012 20:19:10 -0000 1.9.4.1
@@ -143,7 +143,7 @@
EC_KEY *ec = NULL;
BIGNUM *x = NULL, *y = NULL, *d = NULL;
EVP_PKEY pk;
- int rv = 0;
+ int rv = 0, test_err = 0;
size_t i;
for (i = 0; i < sizeof(test_ec_data)/sizeof(EC_SELFTEST_DATA); i++)
@@ -173,12 +173,12 @@
if (!fips_pkey_signature_test(FIPS_TEST_SIGNATURE, &pk, NULL, 0,
NULL, 0, EVP_sha512(), 0,
ecd->name))
- goto err;
+ test_err = 1;
EC_KEY_free(ec);
ec = NULL;
}
-
- rv = 1;
+ if (test_err == 0)
+ rv = 1;
err:
@@ .
patch -p0 <<'@@ .'
Index: openssl/fips/fips_test_suite.c
============================================================================
$ cvs diff -u -r1.42.2.7 -r1.42.2.7.2.1 fips_test_suite.c
--- openssl/fips/fips_test_suite.c 3 Dec 2011 19:41:28 -0000 1.42.2.7
+++ openssl/fips/fips_test_suite.c 28 Dec 2012 20:19:09 -0000 1.42.2.7.2.1
@@ -810,13 +810,15 @@
static int fail_id = -1;
static int fail_sub = -1;
static int fail_key = -1;
+static int sub_num = -1, sub_count = -1;
+static int sub_fail_num = -1;
static int st_err, post_quiet = 0;
static int post_cb(int op, int id, int subid, void *ex)
{
const char *idstr, *exstr = "";
- char asctmp[20];
+ char asctmp[20], teststr[80];
int keytype = -1;
int exp_fail = 0;
#ifdef FIPS_POST_TIME
@@ -935,6 +937,16 @@
&& (fail_sub == -1 || fail_sub == subid))
exp_fail = 1;
+ if (sub_num > 0)
+ {
+ if (sub_fail_num == sub_num)
+ exp_fail = 1;
+ sprintf(teststr, "\t\t%s %s (POST subtest #%d) test",
+ idstr, exstr, sub_num);
+ }
+ else
+ sprintf(teststr, "\t\t%s %s test", idstr, exstr);
+
switch(op)
{
case FIPS_POST_BEGIN:
@@ -945,9 +957,16 @@
clock_gettime(CLOCK_REALTIME, &tstart);
#endif
printf("\tPOST started\n");
+ sub_num = 1;
break;
case FIPS_POST_END:
+ if (sub_count == -1)
+ sub_count = sub_num;
+ else if (sub_num != sub_count)
+ printf("Inconsistent POST count %d != %d\n",
+ sub_num, sub_count);
+ sub_num = -1;
printf("\tPOST %s\n", id ? "Success" : "Failed");
#ifdef FIPS_POST_TIME
clock_gettime(CLOCK_REALTIME, &tend);
@@ -959,21 +978,22 @@
case FIPS_POST_STARTED:
if (!post_quiet && !exp_fail)
- printf("\t\t%s %s test started\n", idstr, exstr);
+ printf("%s started\n", teststr);
#ifdef FIPS_POST_TIME
clock_gettime(CLOCK_REALTIME, &start);
#endif
break;
case FIPS_POST_SUCCESS:
+ if (sub_num > 0)
+ sub_num++;
if (exp_fail)
{
- printf("\t\t%s %s test OK but should've failed\n",
- idstr, exstr);
+ printf("%s OK but should've failed\n", teststr);
st_err++;
}
else if (!post_quiet)
- printf("\t\t%s %s test OK\n", idstr, exstr);
+ printf("%s OK\n", teststr);
#ifdef FIPS_POST_TIME
clock_gettime(CLOCK_REALTIME, &end);
printf("\t\t\tTook %f seconds\n",
@@ -983,15 +1003,13 @@
break;
case FIPS_POST_FAIL:
+ if (sub_num > 0)
+ sub_num++;
if (exp_fail)
- {
- printf("\t\t%s %s test failed as expected\n",
- idstr, exstr);
- }
+ printf("%s failed as expected\n", teststr);
else
{
- printf("\t\t%s %s test Failed Incorrectly!!\n",
- idstr, exstr);
+ printf("%s Failed Incorrectly!!\n", teststr);
st_err++;
}
break;
@@ -999,7 +1017,7 @@
case FIPS_POST_CORRUPT:
if (exp_fail)
{
- printf("\t\t%s %s test failure induced\n", idstr, exstr);
+ printf("%s failure induced\n", teststr);
return 0;
}
break;
@@ -1008,39 +1026,11 @@
return 1;
}
-/* Test POST induced failures */
-
-typedef struct
- {
- const char *name;
- int id, subid, keyid;
- } fail_list;
-
-static fail_list flist[] =
- {
- {"Integrity", FIPS_TEST_INTEGRITY, -1, -1},
- {"AES", FIPS_TEST_CIPHER, NID_aes_128_ecb, -1},
- {"DES3", FIPS_TEST_CIPHER, NID_des_ede3_ecb, -1},
- {"AES-GCM", FIPS_TEST_GCM, -1, -1},
- {"AES-CCM", FIPS_TEST_CCM, -1, -1},
- {"AES-XTS", FIPS_TEST_XTS, -1, -1},
- {"Digest", FIPS_TEST_DIGEST, -1, -1},
- {"HMAC", FIPS_TEST_HMAC, -1, -1},
- {"CMAC", FIPS_TEST_CMAC, -1, -1},
- {"DRBG", FIPS_TEST_DRBG, -1, -1},
- {"X9.31 PRNG", FIPS_TEST_X931, -1, -1},
- {"RSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_RSA},
- {"DSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_DSA},
- {"ECDSA", FIPS_TEST_SIGNATURE, -1, EVP_PKEY_EC},
- {"ECDH", FIPS_TEST_ECDH, -1, -1},
- {NULL, -1, -1, -1}
- };
-
static int do_fail_all(int fullpost, int fullerr)
{
- fail_list *ftmp;
int rv;
size_t i;
+ int sub_fail;
RSA *rsa = NULL;
DSA *dsa = NULL;
DRBG_CTX *dctx = NULL, *defctx = NULL;
@@ -1052,12 +1042,11 @@
if (!fullerr)
no_err = 1;
FIPS_module_mode_set(0, NULL);
- for (ftmp = flist; ftmp->name; ftmp++)
+ for (sub_fail = 1; sub_fail < sub_count; sub_fail++)
{
- printf(" Testing induced failure of %s test\n", ftmp->name);
- fail_id = ftmp->id;
- fail_sub = ftmp->subid;
- fail_key = ftmp->keyid;
+ sub_fail_num = sub_fail;
+ printf(" Testing induced failure of POST subtest %d\n",
+ sub_fail);
rv = FIPS_module_mode_set(1, FIPS_AUTH_USER_PASS);
if (rv)
{
@@ -1065,6 +1054,7 @@
st_err++;
}
}
+ sub_fail_num = -1;
printf(" Testing induced failure of RSA keygen test\n");
/* NB POST will succeed with a pairwise test failures as
* it is not used during POST.
@@ .
______________________________________________________________________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List openssl-cvs@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic