[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Aug 31 10:46:22 UTC 2021
The branch master has been updated
via 5595058714832bdff03604c881cf44f91c14b5fc (commit)
from 9b6d17e423da138ea7fd190ae366580c539dceca (commit)
- Log -----------------------------------------------------------------
commit 5595058714832bdff03604c881cf44f91c14b5fc
Author: slontis <shane.lontis at oracle.com>
Date: Mon Aug 30 09:59:54 2021 +1000
Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE
Fixes #16457
The ECDSA and DSA signature tests use Pairwise tests instead of KATS.
Note there is a seperate type used by the keygen for conditional Pairwise Tests.
Reviewed-by: Tim Hudson <tjh at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16461)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/OSSL_PROVIDER-FIPS.pod | 6 +++++-
include/openssl/self_test.h | 3 ++-
providers/fips/self_test_kats.c | 6 +++++-
test/recipes/03-test_fipsinstall.t | 2 +-
4 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 62e495aef1..0eac85b324 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -214,6 +214,10 @@ Known answer test for a digest.
Known answer test for a signature.
+=item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>)
+
+Pairwise Consistency check for a signature.
+
=item "KAT_KDF" (B<OSSL_SELF_TEST_TYPE_KAT_KDF>)
Known answer test for a key derivation function.
@@ -226,7 +230,7 @@ Known answer test for key agreement.
Known answer test for a Deterministic Random Bit Generator.
-=item "Pairwise_Consistency_Test" (B<OSSL_SELF_TEST_TYPE_PCT>)
+=item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>)
Conditional test that is run during the generation of key pairs.
diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h
index 564fc95088..77c600a0d1 100644
--- a/include/openssl/self_test.h
+++ b/include/openssl/self_test.h
@@ -29,11 +29,12 @@ extern "C" {
# define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity"
# define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity"
# define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test"
-# define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test"
+# define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT"
# define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher"
# define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher"
# define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest"
# define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature"
+# define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature"
# define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF"
# define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA"
# define OSSL_SELF_TEST_TYPE_DRBG "DRBG"
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index d411767205..81f7226ba1 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -452,8 +452,12 @@ static int self_test_sign(const ST_KAT_SIGN *t,
0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
};
+ const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE;
- OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc);
+ if (t->sig_expected == NULL)
+ typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE;
+
+ OSSL_SELF_TEST_onbegin(st, typ, t->desc);
bnctx = BN_CTX_new_ex(libctx);
if (bnctx == NULL)
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index db64362538..d99974e467 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -235,7 +235,7 @@ SKIP: {
'-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey",
'-section_name', 'fips_sect',
'-corrupt_desc', 'DSA',
- '-corrupt_type', 'KAT_Signature'])),
+ '-corrupt_type', 'PCT_Signature'])),
"fipsinstall fails when the signature result is corrupted");
}
More information about the openssl-commits
mailing list