Indicate failure if any selftest fails.

Increase keysizes in fips_test_suite

7 files changed, 57 insertions, 7 deletions

diff --git a/fips-1.0/dsa/fips_dsa_key.c b/fips-1.0/dsa/fips_dsa_key.c
index 3798f488fb..b43b0c181e 100644
--- a/fips-1.0/dsa/fips_dsa_key.c
+++ b/fips-1.0/dsa/fips_dsa_key.c
@@ -65,6 +65,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/fips.h>
+#include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
 
@@ -81,6 +82,7 @@ int fips_check_dsa(DSA *dsa)
 					NULL, 0, EVP_dss1(), 0, NULL))
 		{
 		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
+		fips_set_selftest_fail();
 		return 0;
 		}
 	return 1;
diff --git a/fips-1.0/fips.c b/fips-1.0/fips.c
index 469e847f66..0518a2e97e 100644
--- a/fips-1.0/fips.c
+++ b/fips-1.0/fips.c
@@ -147,6 +147,11 @@ void FIPS_selftest_check(void)
 	}
     }
 
+void fips_set_selftest_fail(void)
+    {
+    fips_selftest_fail = 1;
+    }
+
 int FIPS_selftest()
     {
 
diff --git a/fips-1.0/fips_locl.h b/fips-1.0/fips_locl.h
index 06cb64d832..03fed36e3c 100644
--- a/fips-1.0/fips_locl.h
+++ b/fips-1.0/fips_locl.h
@@ -61,6 +61,7 @@ int fips_is_started(void);
 void fips_set_started(void);
 int fips_is_owning_thread(void);
 int fips_set_owning_thread(void);
+void fips_set_selftest_fail(void);
 int fips_clear_owning_thread(void);
 unsigned char *fips_signature_witness(void);
 
diff --git a/fips-1.0/fips_test_suite.c b/fips-1.0/fips_test_suite.c
index 7da954654e..3410f3449f 100644
--- a/fips-1.0/fips_test_suite.c
+++ b/fips-1.0/fips_test_suite.c
@@ -100,7 +100,7 @@ static int FIPS_dsa_test()
     dsa = FIPS_dsa_new();
     if (!dsa)
 	goto end;
-    if (!DSA_generate_parameters_ex(dsa, 512,NULL,0,NULL,NULL,NULL))
+    if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
 	goto end;
     if (!DSA_generate_key(dsa))
 	goto end;
@@ -354,7 +354,7 @@ static int dh_test()
     dh = FIPS_dh_new();
     if (!dh)
 	return 0;
-    if (!DH_generate_parameters_ex(dh, 256, 2, NULL))
+    if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
 	return 0;
     FIPS_dh_free(dh);
     return 1;
diff --git a/fips-1.0/rand/fips_rand.c b/fips-1.0/rand/fips_rand.c
index b4e83bca9e..478e836e6c 100644
--- a/fips-1.0/rand/fips_rand.c
+++ b/fips-1.0/rand/fips_rand.c
@@ -77,6 +77,7 @@
 #endif
 #include <string.h>
 #include <openssl/fips.h>
+#include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
 
@@ -294,12 +295,14 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
 		for (i = 0; i < AES_BLOCK_LENGTH; i++)
 			tmp[i] = R[i] ^ I[i];
 		AES_encrypt(tmp, ctx->V, &ctx->ks);
+		/* Continuouse PRNG test */
 		if (ctx->second)
 			{
 			if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
 				{
 	    			RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
 				ctx->error = 1;
+				fips_set_selftest_fail();
 				return 0;
 				}
 			}
diff --git a/fips-1.0/rsa/fips_rsa_gen.c b/fips-1.0/rsa/fips_rsa_gen.c
index 7ea6873419..e384dcaba0 100644
--- a/fips-1.0/rsa/fips_rsa_gen.c
+++ b/fips-1.0/rsa/fips_rsa_gen.c
@@ -71,27 +71,66 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/fips.h>
+#include "fips_locl.h"
 
 #ifdef OPENSSL_FIPS
 
 int fips_check_rsa(RSA *rsa)
 	{
 	const unsigned char tbs[] = "RSA Pairwise Check Data";
+	unsigned char *ctbuf = NULL, *ptbuf = NULL;
+	int len, ret = 0;
 	EVP_PKEY pk;
     	pk.type = EVP_PKEY_RSA;
     	pk.pkey.rsa = rsa;
 
+	/* Perform pairwise consistency signature test */
 	if (!fips_pkey_signature_test(&pk, tbs, -1,
 			NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
 			NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
 		|| !fips_pkey_signature_test(&pk, tbs, -1,
 			NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+		goto err;
+	/* Now perform pairwise consistency encrypt/decrypt test */
+	ctbuf = OPENSSL_malloc(RSA_size(rsa));
+	if (!ctbuf)
+		goto err;
+
+	len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
+	if (len <= 0)
+		goto err;
+	/* Check ciphertext doesn't match plaintext */
+	if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
+		goto err;
+	ptbuf = OPENSSL_malloc(RSA_size(rsa));
+
+	if (!ptbuf)
+		goto err;
+	len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+	if (len != (sizeof(tbs) - 1))
+		goto err;
+	if (memcmp(ptbuf, tbs, len))
+		goto err;
+
+	ret = 1;
+
+	if (!ptbuf)
+		goto err;
+	
+	err:
+	if (ret == 0)
 		{
+		fips_set_selftest_fail();
 		FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
-		return 0;
 		}
-	return 1;
+
+	if (ctbuf)
+		OPENSSL_free(ctbuf);
+	if (ptbuf)
+		OPENSSL_free(ptbuf);
+
+	return ret;
 	}
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
diff --git a/fips-1.0/rsa/fips_rsa_sign.c b/fips-1.0/rsa/fips_rsa_sign.c
index 2236699c00..fd2d7309eb 100644
--- a/fips-1.0/rsa/fips_rsa_sign.c
+++ b/fips-1.0/rsa/fips_rsa_sign.c
@@ -191,12 +191,12 @@ static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *l
 static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
 	     unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
 	{
-	int i,j,ret=0;
+	int i=0,j,ret=0;
 	unsigned int dlen;
 	const unsigned char *der;
 	unsigned int m_len;
 	int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
-	int rsa_pad_mode;
+	int rsa_pad_mode = 0;
 	RSA *rsa = sv->key;
 	/* Largest DigestInfo: 19 (max encoding) + max MD */
 	unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
@@ -301,7 +301,7 @@ static int fips_rsa_verify(int dtype,
 	int i,ret=0;
 	unsigned int dlen, diglen;
 	int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
-	int rsa_pad_mode;
+	int rsa_pad_mode = 0;
 	unsigned char *s;
 	const unsigned char *der;
 	unsigned char dig[EVP_MAX_MD_SIZE];