diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-09-21 17:04:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-09-21 17:04:56 +0000 |
commit | 4420b3b17acf19f78f4fdea1a69d5f0a644c8154 (patch) | |
tree | 720d7c471443701477854133fb5fa2e76962a7c3 /fips/rand/fips_drbg_selftest.c | |
parent | e74ac3f8307ba2a49b4ce5e6c56216b5a69531c2 (diff) |
Revise DRBG to split between internal and external flags.
One demand health check function.
Perform generation test in fips_test_suite.
Option to skip dh test if fips_test_suite.
Diffstat (limited to 'fips/rand/fips_drbg_selftest.c')
-rw-r--r-- | fips/rand/fips_drbg_selftest.c | 61 |
1 files changed, 40 insertions, 21 deletions
diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index 3a91e6007b..76667a0167 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -227,7 +227,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, * ignore bytes after the keylength: so reduce adinlen * to half to ensure invalid data is fed in. */ - if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->flags)) + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) adinlen = td->adinlen / 2; else adinlen = td->adinlen; @@ -290,7 +290,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td, * ignore bytes after the keylength: so reduce adinlen * to half to ensure invalid data is fed in. */ - if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->flags)) + if (!fips_post_corrupt(FIPS_TEST_DRBG, dctx->type, &dctx->iflags)) adinlen = td->adinlen_pr / 2; else adinlen = td->adinlen_pr; @@ -381,7 +381,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; /* Don't report induced errors */ - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; /* Personalisation string tests */ @@ -413,7 +413,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -423,7 +423,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; /* Test insufficient entropy */ @@ -435,7 +435,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -447,7 +447,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; t.entlen = dctx->max_entropy + 1; @@ -457,7 +457,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -474,7 +474,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; t.noncelen = dctx->min_nonce - 1; @@ -484,7 +484,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -501,7 +501,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; t.noncelen = dctx->max_nonce + 1; @@ -511,7 +511,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -529,7 +529,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) td->adin, td->adinlen)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; /* Request too much data for one request */ if (FIPS_drbg_generate(dctx, randout, dctx->max_request + 1, 0, @@ -560,7 +560,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { @@ -602,7 +602,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) { @@ -625,7 +625,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - dctx->flags &= ~DRBG_FLAG_NOERR; + dctx->iflags &= ~DRBG_FLAG_NOERR; if (!FIPS_drbg_uninstantiate(dctx)) { @@ -665,7 +665,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) { @@ -678,7 +678,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; t.entlen = 0; @@ -699,7 +699,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; t.entlen = dctx->max_entropy + 1; @@ -720,7 +720,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!do_drbg_init(dctx, td, &t)) goto err; - dctx->flags |= DRBG_FLAG_NOERR; + dctx->iflags |= DRBG_FLAG_NOERR; t.entlen = dctx->min_entropy - 1; @@ -756,7 +756,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) /* A real error as opposed to an induced one: underlying function will * indicate the error. */ - if (!(dctx->flags & DRBG_FLAG_NOERR)) + if (!(dctx->iflags & DRBG_FLAG_NOERR)) FIPSerr(FIPS_F_FIPS_DRBG_HEALTH_CHECK, FIPS_R_FUNCTION_ERROR); FIPS_drbg_uninstantiate(dctx); return 0; @@ -767,6 +767,7 @@ int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags) { int rv; DRBG_SELFTEST_DATA *td; + flags |= DRBG_FLAG_TEST; for (td = drbg_test; td->nid != 0; td++) { if (td->nid == nid && td->flags == flags) @@ -780,6 +781,24 @@ int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags) return 0; } +int FIPS_drbg_test(DRBG_CTX *dctx) + { + int rv; + DRBG_CTX *tctx = NULL; + tctx = FIPS_drbg_new(0, 0); + fips_post_started(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); + if (!tctx) + return 0; + rv = fips_drbg_kat(tctx, dctx->type, dctx->xflags); + if (tctx) + FIPS_drbg_free(tctx); + if (rv) + fips_post_success(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); + else + fips_post_failed(FIPS_TEST_DRBG, dctx->type, &dctx->xflags); + return rv; + } + int FIPS_selftest_drbg(void) { DRBG_CTX *dctx; |