The branch master has been updated via 5595058714832bdff03604c881cf44f91c14b5fc (commit) from 9b6d17e423da138ea7fd190ae366580c539dceca (commit)
- Log ----------------------------------------------------------------- commit 5595058714832bdff03604c881cf44f91c14b5fc Author: slontis <shane.lon...@oracle.com> Date: Mon Aug 30 09:59:54 2021 +1000 Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATURE Fixes #16457 The ECDSA and DSA signature tests use Pairwise tests instead of KATS. Note there is a seperate type used by the keygen for conditional Pairwise Tests. Reviewed-by: Tim Hudson <t...@openssl.org> Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16461) ----------------------------------------------------------------------- Summary of changes: doc/man7/OSSL_PROVIDER-FIPS.pod | 6 +++++- include/openssl/self_test.h | 3 ++- providers/fips/self_test_kats.c | 6 +++++- test/recipes/03-test_fipsinstall.t | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 62e495aef1..0eac85b324 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -214,6 +214,10 @@ Known answer test for a digest. Known answer test for a signature. +=item "PCT_Signature" (B<OSSL_SELF_TEST_TYPE_PCT_SIGNATURE>) + +Pairwise Consistency check for a signature. + =item "KAT_KDF" (B<OSSL_SELF_TEST_TYPE_KAT_KDF>) Known answer test for a key derivation function. @@ -226,7 +230,7 @@ Known answer test for key agreement. Known answer test for a Deterministic Random Bit Generator. -=item "Pairwise_Consistency_Test" (B<OSSL_SELF_TEST_TYPE_PCT>) +=item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>) Conditional test that is run during the generation of key pairs. diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index 564fc95088..77c600a0d1 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -29,11 +29,12 @@ extern "C" { # define OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY "Module_Integrity" # define OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY "Install_Integrity" # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" -# define OSSL_SELF_TEST_TYPE_PCT "Pairwise_Consistency_Test" +# define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" # define OSSL_SELF_TEST_TYPE_KAT_DIGEST "KAT_Digest" # define OSSL_SELF_TEST_TYPE_KAT_SIGNATURE "KAT_Signature" +# define OSSL_SELF_TEST_TYPE_PCT_SIGNATURE "PCT_Signature" # define OSSL_SELF_TEST_TYPE_KAT_KDF "KAT_KDF" # define OSSL_SELF_TEST_TYPE_KAT_KA "KAT_KA" # define OSSL_SELF_TEST_TYPE_DRBG "DRBG" diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index d411767205..81f7226ba1 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -452,8 +452,12 @@ static int self_test_sign(const ST_KAT_SIGN *t, 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 }; + const char *typ = OSSL_SELF_TEST_TYPE_KAT_SIGNATURE; - OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_SIGNATURE, t->desc); + if (t->sig_expected == NULL) + typ = OSSL_SELF_TEST_TYPE_PCT_SIGNATURE; + + OSSL_SELF_TEST_onbegin(st, typ, t->desc); bnctx = BN_CTX_new_ex(libctx); if (bnctx == NULL) diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index db64362538..d99974e467 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -235,7 +235,7 @@ SKIP: { '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", '-section_name', 'fips_sect', '-corrupt_desc', 'DSA', - '-corrupt_type', 'KAT_Signature'])), + '-corrupt_type', 'PCT_Signature'])), "fipsinstall fails when the signature result is corrupted"); }