Revise fips_test_suite to use table of IDs for human readable strings.

Modify HMAC selftest callbacks to notify each digest type used.
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-14 16:14:41 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-14 16:14:41 +0000
commit: 9338f290d193bd7497c66d37702cff21ebad8695 (patch)
tree: d3c186da1d27b3e8d3fb6eb520cda1cb10e79c23 /fips
parent: 8038511c27a530f6da76c8826a8d5614e806ba44 (diff)
3 files changed, 67 insertions, 60 deletions
diff --git a/fips/aes/fips_aes_selftest.c b/fips/aes/fips_aes_selftest.c
index 8b0ffafd70..b84eda4a27 100644
--- a/fips/aes/fips_aes_selftest.c
+++ b/fips/aes/fips_aes_selftest.c
@@ -134,7 +134,7 @@ int FIPS_selftest_aes_gcm(void)
 	memset(tag, 0, sizeof(tag));
 	if (!fips_post_started(FIPS_TEST_GCM, 0, 0))
 		return 1;
-	if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
+	if (!fips_post_corrupt(FIPS_TEST_GCM, 0, NULL))
 		do_corrupt = 1;
 	if (!FIPS_cipherinit(&ctx, EVP_aes_256_gcm(), NULL, NULL, 1))
 		goto err;
diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c
index 40676ae666..c14ecb3058 100644
--- a/fips/fips_test_suite.c
+++ b/fips/fips_test_suite.c
@@ -665,42 +665,39 @@ static void test_msg(const char *msg, int result)
 	printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
 	}
 
-static const char *post_get_sig(int id)
-	{
-	switch (id)
-		{
-		case EVP_PKEY_RSA:
-		return " (RSA)";
-
-		case EVP_PKEY_DSA:
-		return " (DSA)";
-
-		case EVP_PKEY_EC:
-		return " (ECDSA)";
-
-		default:
-		return " (UNKNOWN)";
+/* Table of IDs for POST translating between NIDs and names */
 
-		}
-	}
-
-static const char *post_get_cipher(int id)
+typedef struct 
 	{
-	static char out[128];
-	switch(id)
+	int id;
+	const char *name;
+	} POST_ID;
+
+POST_ID id_list[] = {
+	{NID_sha1, "SHA1"},
+	{NID_sha224, "SHA224"},
+	{NID_sha256, "SHA256"},
+	{NID_sha384, "SHA384"},
+	{NID_sha512, "SHA512"},
+	{EVP_PKEY_RSA, "RSA"},
+	{EVP_PKEY_DSA, "DSA"},
+	{EVP_PKEY_EC, "ECDSA"},
+	{NID_aes_128_ecb, "AES-128-ECB"},
+	{NID_des_ede3_ecb, "DES-EDE3-ECB"},
+	{0, NULL}
+};
+
+static const char *lookup_id(int id)
+	{
+	POST_ID *n;
+	static char out[40];
+	for (n = id_list; n->name; n++)
 		{
-
-		case NID_aes_128_ecb:
-		return " (AES-128-ECB)";
-
-		case NID_des_ede3_ecb:
-		return " (DES-EDE3-ECB)";
-		
-		default:
-		sprintf(out, " (NID=%d)", id);
-		return out;
-
+		if (n->id == id)
+			return n->name;
 		}
+	sprintf(out, "ID=%d\n", id);
+	return out;
 	}
 
 static int fail_id = -1;
@@ -719,12 +716,11 @@ static int post_cb(int op, int id, int subid, void *ex)
 
 		case FIPS_TEST_DIGEST:
 		idstr = "Digest";
-		if (subid == NID_sha1)
-			exstr = " (SHA1)";
+		exstr = lookup_id(subid);
 		break;
 
 		case FIPS_TEST_CIPHER:
-		exstr = post_get_cipher(subid);
+		exstr = lookup_id(subid);
 		idstr = "Cipher";
 		break;
 
@@ -733,12 +729,13 @@ static int post_cb(int op, int id, int subid, void *ex)
 			{
 			EVP_PKEY *pkey = ex;
 			keytype = pkey->type;
-			exstr = post_get_sig(keytype);
+			exstr = lookup_id(keytype);
 			}
 		idstr = "Signature";
 		break;
 
 		case FIPS_TEST_HMAC:
+		exstr = lookup_id(subid);
 		idstr = "HMAC";
 		break;
 
@@ -747,11 +744,11 @@ static int post_cb(int op, int id, int subid, void *ex)
 		break;
 
 		case FIPS_TEST_GCM:
-		idstr = "HMAC";
+		idstr = "GCM";
 		break;
 
 		case FIPS_TEST_CCM:
-		idstr = "HMAC";
+		idstr = "CCM";
 		break;
 
 		case FIPS_TEST_XTS:
@@ -771,7 +768,7 @@ static int post_cb(int op, int id, int subid, void *ex)
 			{
 			EVP_PKEY *pkey = ex;
 			keytype = pkey->type;
-			exstr = post_get_sig(keytype);
+			exstr = lookup_id(keytype);
 			}
 		idstr = "Pairwise Consistency";
 		break;
@@ -797,15 +794,15 @@ static int post_cb(int op, int id, int subid, void *ex)
 		break;
 
 		case FIPS_POST_STARTED:
-		printf("\t\t%s%s test started\n", idstr, exstr);
+		printf("\t\t%s %s test started\n", idstr, exstr);
 		break;
 
 		case FIPS_POST_SUCCESS:
-		printf("\t\t%s%s test OK\n", idstr, exstr);
+		printf("\t\t%s %s test OK\n", idstr, exstr);
 		break;
 
 		case FIPS_POST_FAIL:
-		printf("\t\t%s%s test FAILED!!\n", idstr, exstr);
+		printf("\t\t%s %s test FAILED!!\n", idstr, exstr);
 		break;
 
 		case FIPS_POST_CORRUPT:
@@ -813,7 +810,7 @@ static int post_cb(int op, int id, int subid, void *ex)
 			&& (fail_key == -1 || fail_key == keytype)
 			&& (fail_sub == -1 || fail_sub == subid))
 			{
-			printf("\t\t%s%s test failure induced\n", idstr, exstr);
+			printf("\t\t%s %s test failure induced\n", idstr, exstr);
 			return 0;
 			}
 		break;
@@ -822,8 +819,6 @@ static int post_cb(int op, int id, int subid, void *ex)
 	return 1;
 	}
 
-
-
 int main(int argc,char **argv)
     {
     int bad_rsa = 0, bad_dsa = 0;
diff --git a/fips/hmac/fips_hmac_selftest.c b/fips/hmac/fips_hmac_selftest.c
index fd8189040d..34ac2472db 100644
--- a/fips/hmac/fips_hmac_selftest.c
+++ b/fips/hmac/fips_hmac_selftest.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -119,46 +119,58 @@ int FIPS_selftest_hmac()
 	unsigned char   out[EVP_MAX_MD_SIZE];
 	const EVP_MD   *md;
 	const HMAC_KAT *t;
-	int rv = 0, do_corrupt = 0;
+	int rv = 1, subid;
 	HMAC_CTX c;
 	HMAC_CTX_init(&c);
 
-	if (!fips_post_started(FIPS_TEST_HMAC, 0, 0))
-		return 1;
-	if (!fips_post_corrupt(FIPS_TEST_HMAC, 0, NULL))
-		do_corrupt = 1;
 
 	for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
 		{
 		md = (*t->alg)();
+		subid = M_EVP_MD_type(md);
+		if (!fips_post_started(FIPS_TEST_HMAC, subid, 0))
+			continue;
 		if (!HMAC_Init_ex(&c, t->key, strlen(t->key), md, NULL))
+			{
+			rv = -1;
 			goto err;
+			}
 		if (!HMAC_Update(&c, (const unsigned char *)t->iv, strlen(t->iv)))
+			{
+			rv = -1;
 			goto err;
-		if (do_corrupt)
+			}
+		if (!fips_post_corrupt(FIPS_TEST_HMAC, subid, NULL))
 			{
 			if (!HMAC_Update(&c, (const unsigned char *)t->iv, 1))
+				{
+				rv = -1;
 				goto err;
+				}
 			}
 		if (!HMAC_Final(&c, out, &outlen))
+			{
+			rv = -1;
 			goto err;
+			}
 
 		if(memcmp(out,t->kaval,outlen))
 			{
 		    	FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
-			goto err;
+			fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
+			rv = 0;
 		    	}
+		if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
+			goto err;
 		}
 
-	rv = 1;
-
 	err:
 	HMAC_CTX_cleanup(&c);
-	if (rv == 0)
+	if (rv == -1)
 		{
-		fips_post_failed(FIPS_TEST_HMAC, 0, NULL);
-		return 0;
+		fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
+		rv = 0;
 		}
-	return fips_post_success(FIPS_TEST_HMAC, 0, NULL);
+	return rv;
 	}
 #endif
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-14 16:14:41 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-14 16:14:41 +0000
commit	9338f290d193bd7497c66d37702cff21ebad8695 (patch)
tree	d3c186da1d27b3e8d3fb6eb520cda1cb10e79c23 /fips
parent	8038511c27a530f6da76c8826a8d5614e806ba44 (diff)