]> git.ipfire.org Git - thirdparty/openssl.git/blob - fips/fips_test_suite.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Run util/openssl-format-source -v -c .
[thirdparty/openssl.git] / fips / fips_test_suite.c
1 /* ====================================================================
2 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
3 *
4 *
5 * This command is intended as a test driver for the FIPS-140 testing
6 * lab performing FIPS-140 validation. It demonstrates the use of the
7 * OpenSSL library ito perform a variety of common cryptographic
8 * functions. A power-up self test is demonstrated by deliberately
9 * pointing to an invalid executable hash
10 *
11 * Contributed by Steve Marquess.
12 *
13 */
14 #include <stdio.h>
15 #include <assert.h>
16 #include <ctype.h>
17 #include <string.h>
18 #include <stdlib.h>
19 #include <openssl/aes.h>
20 #include <openssl/des.h>
21 #include <openssl/hmac.h>
22 #include <openssl/err.h>
23
24 #include <openssl/bn.h>
25 #include <openssl/rand.h>
26 #include <openssl/sha.h>
27
28 #ifndef OPENSSL_FIPS
29 int main(int argc, char *argv[])
30 {
31 printf("No FIPS support\n");
32 return (0);
33 }
34 #else
35
36 # include <openssl/rsa.h>
37 # include <openssl/dsa.h>
38 # include <openssl/dh.h>
39
40 # include <openssl/fips.h>
41 # include "fips_utl.h"
42
43 /*
44 * AES: encrypt and decrypt known plaintext, verify result matches original
45 * plaintext
46 */
47 static int FIPS_aes_test(void)
48 {
49 int ret = 0;
50 unsigned char pltmp[16];
51 unsigned char citmp[16];
52 unsigned char key[16] =
53 { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
54 unsigned char plaintext[16] = "etaonrishdlcu";
55 EVP_CIPHER_CTX ctx;
56 EVP_CIPHER_CTX_init(&ctx);
57 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 1) <= 0)
58 goto err;
59 EVP_Cipher(&ctx, citmp, plaintext, 16);
60 if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 0) <= 0)
61 goto err;
62 EVP_Cipher(&ctx, pltmp, citmp, 16);
63 if (memcmp(pltmp, plaintext, 16))
64 goto err;
65 ret = 1;
66 err:
67 EVP_CIPHER_CTX_cleanup(&ctx);
68 return ret;
69 }
70
71 static int FIPS_des3_test(void)
72 {
73 int ret = 0;
74 unsigned char pltmp[8];
75 unsigned char citmp[8];
76 unsigned char key[] =
77 { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
78 19, 20, 21, 22, 23, 24
79 };
80 unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
81 EVP_CIPHER_CTX ctx;
82 EVP_CIPHER_CTX_init(&ctx);
83 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0)
84 goto err;
85 EVP_Cipher(&ctx, citmp, plaintext, 8);
86 if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0)
87 goto err;
88 EVP_Cipher(&ctx, pltmp, citmp, 8);
89 if (memcmp(pltmp, plaintext, 8))
90 goto err;
91 ret = 1;
92 err:
93 EVP_CIPHER_CTX_cleanup(&ctx);
94 return ret;
95 }
96
97 /*
98 * DSA: generate keys and sign, verify input plaintext.
99 */
100 static int FIPS_dsa_test(int bad)
101 {
102 DSA *dsa = NULL;
103 EVP_PKEY pk;
104 unsigned char dgst[] = "etaonrishdlc";
105 unsigned char buf[60];
106 unsigned int slen;
107 int r = 0;
108 EVP_MD_CTX mctx;
109
110 ERR_clear_error();
111 EVP_MD_CTX_init(&mctx);
112 dsa = FIPS_dsa_new();
113 if (!dsa)
114 goto end;
115 if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))
116 goto end;
117 if (!DSA_generate_key(dsa))
118 goto end;
119 if (bad)
120 BN_add_word(dsa->pub_key, 1);
121
122 pk.type = EVP_PKEY_DSA;
123 pk.pkey.dsa = dsa;
124
125 if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
126 goto end;
127 if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
128 goto end;
129 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
130 goto end;
131
132 if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
133 goto end;
134 if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
135 goto end;
136 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
137 end:
138 EVP_MD_CTX_cleanup(&mctx);
139 if (dsa)
140 FIPS_dsa_free(dsa);
141 if (r != 1)
142 return 0;
143 return 1;
144 }
145
146 /*
147 * RSA: generate keys and sign, verify input plaintext.
148 */
149 static int FIPS_rsa_test(int bad)
150 {
151 RSA *key;
152 unsigned char input_ptext[] = "etaonrishdlc";
153 unsigned char buf[256];
154 unsigned int slen;
155 BIGNUM *bn;
156 EVP_MD_CTX mctx;
157 EVP_PKEY pk;
158 int r = 0;
159
160 ERR_clear_error();
161 EVP_MD_CTX_init(&mctx);
162 key = FIPS_rsa_new();
163 bn = BN_new();
164 if (!key || !bn)
165 return 0;
166 BN_set_word(bn, 65537);
167 if (!RSA_generate_key_ex(key, 1024, bn, NULL))
168 return 0;
169 BN_free(bn);
170 if (bad)
171 BN_add_word(key->n, 1);
172
173 pk.type = EVP_PKEY_RSA;
174 pk.pkey.rsa = key;
175
176 if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
177 goto end;
178 if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
179 goto end;
180 if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
181 goto end;
182
183 if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
184 goto end;
185 if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
186 goto end;
187 r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
188 end:
189 EVP_MD_CTX_cleanup(&mctx);
190 if (key)
191 FIPS_rsa_free(key);
192 if (r != 1)
193 return 0;
194 return 1;
195 }
196
197 /*
198 * SHA1: generate hash of known digest value and compare to known precomputed
199 * correct hash
200 */
201 static int FIPS_sha1_test()
202 {
203 unsigned char digest[SHA_DIGEST_LENGTH] =
204 { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a,
205 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18
206 };
207 unsigned char str[] = "etaonrishd";
208
209 unsigned char md[SHA_DIGEST_LENGTH];
210
211 ERR_clear_error();
212 if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha1(), NULL))
213 return 0;
214 if (memcmp(md, digest, sizeof(md)))
215 return 0;
216 return 1;
217 }
218
219 /*
220 * SHA256: generate hash of known digest value and compare to known
221 * precomputed correct hash
222 */
223 static int FIPS_sha256_test()
224 {
225 unsigned char digest[SHA256_DIGEST_LENGTH] =
226 { 0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9,
227 0x68, 0xc0, 0xea, 0x40, 0x91,
228 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6,
229 0x50, 0x4f, 0x47, 0x57
230 };
231 unsigned char str[] = "etaonrishd";
232
233 unsigned char md[SHA256_DIGEST_LENGTH];
234
235 ERR_clear_error();
236 if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha256(), NULL))
237 return 0;
238 if (memcmp(md, digest, sizeof(md)))
239 return 0;
240 return 1;
241 }
242
243 /*
244 * SHA512: generate hash of known digest value and compare to known
245 * precomputed correct hash
246 */
247 static int FIPS_sha512_test()
248 {
249 unsigned char digest[SHA512_DIGEST_LENGTH] =
250 { 0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f,
251 0x94, 0x71, 0x64, 0x28, 0xca,
252 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2,
253 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
254 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f,
255 0x24, 0xb1, 0xd9, 0x40, 0x22,
256 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6,
257 0xeb, 0x2d, 0x42, 0x1d, 0xa3
258 };
259 unsigned char str[] = "etaonrishd";
260
261 unsigned char md[SHA512_DIGEST_LENGTH];
262
263 ERR_clear_error();
264 if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha512(), NULL))
265 return 0;
266 if (memcmp(md, digest, sizeof(md)))
267 return 0;
268 return 1;
269 }
270
271 /*
272 * HMAC-SHA1: generate hash of known digest value and compare to known
273 * precomputed correct hash
274 */
275 static int FIPS_hmac_sha1_test()
276 {
277 unsigned char key[] = "etaonrishd";
278 unsigned char iv[] = "Sample text";
279 unsigned char kaval[EVP_MAX_MD_SIZE] =
280 { 0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea,
281 0x56, 0x1b, 0x61, 0x2e, 0x70,
282 0xb2, 0xfb, 0xec, 0xc6
283 };
284
285 unsigned char out[EVP_MAX_MD_SIZE];
286 unsigned int outlen;
287
288 ERR_clear_error();
289 if (!HMAC
290 (EVP_sha1(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, &outlen))
291 return 0;
292 if (memcmp(out, kaval, outlen))
293 return 0;
294 return 1;
295 }
296
297 /*
298 * HMAC-SHA224: generate hash of known digest value and compare to known
299 * precomputed correct hash
300 */
301 static int FIPS_hmac_sha224_test()
302 {
303 unsigned char key[] = "etaonrishd";
304 unsigned char iv[] = "Sample text";
305 unsigned char kaval[EVP_MAX_MD_SIZE] =
306 { 0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe,
307 0x1c, 0xb2, 0xf0, 0x20, 0x35,
308 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19
309 };
310
311 unsigned char out[EVP_MAX_MD_SIZE];
312 unsigned int outlen;
313
314 ERR_clear_error();
315 if (!HMAC
316 (EVP_sha224(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
317 &outlen))
318 return 0;
319 if (memcmp(out, kaval, outlen))
320 return 0;
321 return 1;
322 }
323
324 /*
325 * HMAC-SHA256: generate hash of known digest value and compare to known
326 * precomputed correct hash
327 */
328 static int FIPS_hmac_sha256_test()
329 {
330 unsigned char key[] = "etaonrishd";
331 unsigned char iv[] = "Sample text";
332 unsigned char kaval[EVP_MAX_MD_SIZE] =
333 { 0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36,
334 0x02, 0xf5, 0x72, 0x33, 0x87,
335 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee,
336 0x51, 0xff, 0xda, 0x24, 0xf4
337 };
338
339 unsigned char out[EVP_MAX_MD_SIZE];
340 unsigned int outlen;
341
342 ERR_clear_error();
343 if (!HMAC
344 (EVP_sha256(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
345 &outlen))
346 return 0;
347 if (memcmp(out, kaval, outlen))
348 return 0;
349 return 1;
350 }
351
352 /*
353 * HMAC-SHA384: generate hash of known digest value and compare to known
354 * precomputed correct hash
355 */
356 static int FIPS_hmac_sha384_test()
357 {
358 unsigned char key[] = "etaonrishd";
359 unsigned char iv[] = "Sample text";
360 unsigned char kaval[EVP_MAX_MD_SIZE] =
361 { 0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08,
362 0x26, 0x99, 0xef, 0x3b, 0x10,
363 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b,
364 0xac, 0xb0, 0x07, 0x39, 0x08,
365 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3,
366 0xf3, 0xb8, 0x9b, 0x88, 0x1c
367 };
368
369 unsigned char out[EVP_MAX_MD_SIZE];
370 unsigned int outlen;
371
372 ERR_clear_error();
373 if (!HMAC
374 (EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
375 &outlen))
376 return 0;
377 if (memcmp(out, kaval, outlen))
378 return 0;
379 return 1;
380 }
381
382 /*
383 * HMAC-SHA512: generate hash of known digest value and compare to known
384 * precomputed correct hash
385 */
386 static int FIPS_hmac_sha512_test()
387 {
388 unsigned char key[] = "etaonrishd";
389 unsigned char iv[] = "Sample text";
390 unsigned char kaval[EVP_MAX_MD_SIZE] =
391 { 0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3,
392 0x77, 0x59, 0x85, 0xa9, 0xe6,
393 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1,
394 0xad, 0x7e, 0x24, 0xca, 0xb1,
395 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52,
396 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
397 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96,
398 0x3d, 0xa6, 0xd9, 0x2a, 0x53
399 };
400
401 unsigned char out[EVP_MAX_MD_SIZE];
402 unsigned int outlen;
403
404 ERR_clear_error();
405 if (!HMAC
406 (EVP_sha512(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
407 &outlen))
408 return 0;
409 if (memcmp(out, kaval, outlen))
410 return 0;
411 return 1;
412 }
413
414 /*
415 * DH: generate shared parameters
416 */
417 static int dh_test()
418 {
419 DH *dh;
420 ERR_clear_error();
421 dh = FIPS_dh_new();
422 if (!dh)
423 return 0;
424 if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
425 return 0;
426 FIPS_dh_free(dh);
427 return 1;
428 }
429
430 /*
431 * Zeroize
432 */
433 static int Zeroize()
434 {
435 RSA *key;
436 BIGNUM *bn;
437 unsigned char userkey[16] =
438 { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f,
439 0x83, 0x02, 0xb1, 0x09, 0x68
440 };
441 size_t i;
442 int n;
443
444 key = FIPS_rsa_new();
445 bn = BN_new();
446 if (!key || !bn)
447 return 0;
448 BN_set_word(bn, 65537);
449 if (!RSA_generate_key_ex(key, 1024, bn, NULL))
450 return 0;
451 BN_free(bn);
452
453 n = BN_num_bytes(key->d);
454 printf(" Generated %d byte RSA private key\n", n);
455 printf("\tBN key before overwriting:\n");
456 do_bn_print(stdout, key->d);
457 BN_rand(key->d, n * 8, -1, 0);
458 printf("\tBN key after overwriting:\n");
459 do_bn_print(stdout, key->d);
460
461 printf("\tchar buffer key before overwriting: \n\t\t");
462 for (i = 0; i < sizeof(userkey); i++)
463 printf("%02x", userkey[i]);
464 printf("\n");
465 RAND_bytes(userkey, sizeof userkey);
466 printf("\tchar buffer key after overwriting: \n\t\t");
467 for (i = 0; i < sizeof(userkey); i++)
468 printf("%02x", userkey[i]);
469 printf("\n");
470
471 return 1;
472 }
473
474 static int Error;
475 static const char *Fail(const char *msg)
476 {
477 do_print_errors();
478 Error++;
479 return msg;
480 }
481
482 static void test_msg(const char *msg, int result)
483 {
484 printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
485 }
486
487 int main(int argc, char **argv)
488 {
489
490 int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
491 int bad_rsa = 0, bad_dsa = 0;
492 int do_rng_stick = 0;
493 int no_exit = 0;
494
495 printf("\tFIPS-mode test application\n\n");
496
497 /* Load entropy from external file, if any */
498 RAND_load_file(".rnd", 1024);
499
500 if (argv[1]) {
501 /* Corrupted KAT tests */
502 if (!strcmp(argv[1], "aes")) {
503 FIPS_corrupt_aes();
504 printf("AES encryption/decryption with corrupted KAT...\n");
505 } else if (!strcmp(argv[1], "des")) {
506 FIPS_corrupt_des();
507 printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
508 } else if (!strcmp(argv[1], "dsa")) {
509 FIPS_corrupt_dsa();
510 printf
511 ("DSA key generation and signature validation with corrupted KAT...\n");
512 } else if (!strcmp(argv[1], "rsa")) {
513 FIPS_corrupt_rsa();
514 printf
515 ("RSA key generation and signature validation with corrupted KAT...\n");
516 } else if (!strcmp(argv[1], "rsakey")) {
517 printf
518 ("RSA key generation and signature validation with corrupted key...\n");
519 bad_rsa = 1;
520 no_exit = 1;
521 } else if (!strcmp(argv[1], "rsakeygen")) {
522 do_corrupt_rsa_keygen = 1;
523 no_exit = 1;
524 printf
525 ("RSA key generation and signature validation with corrupted keygen...\n");
526 } else if (!strcmp(argv[1], "dsakey")) {
527 printf
528 ("DSA key generation and signature validation with corrupted key...\n");
529 bad_dsa = 1;
530 no_exit = 1;
531 } else if (!strcmp(argv[1], "dsakeygen")) {
532 do_corrupt_dsa_keygen = 1;
533 no_exit = 1;
534 printf
535 ("DSA key generation and signature validation with corrupted keygen...\n");
536 } else if (!strcmp(argv[1], "sha1")) {
537 FIPS_corrupt_sha1();
538 printf("SHA-1 hash with corrupted KAT...\n");
539 } else if (!strcmp(argv[1], "rng")) {
540 FIPS_corrupt_rng();
541 } else if (!strcmp(argv[1], "rngstick")) {
542 do_rng_stick = 1;
543 no_exit = 1;
544 printf("RNG test with stuck continuous test...\n");
545 } else {
546 printf("Bad argument \"%s\"\n", argv[1]);
547 exit(1);
548 }
549 if (!no_exit) {
550 if (!FIPS_mode_set(1)) {
551 do_print_errors();
552 printf("Power-up self test failed\n");
553 exit(1);
554 }
555 printf("Power-up self test successful\n");
556 exit(0);
557 }
558 }
559
560 /*
561 * Non-Approved cryptographic operation
562 */
563 printf("1. Non-Approved cryptographic operation test...\n");
564 test_msg("\ta. Included algorithm (D-H)...", dh_test());
565
566 /*
567 * Power-up self test
568 */
569 ERR_clear_error();
570 test_msg("2. Automatic power-up self test", FIPS_mode_set(1));
571 if (!FIPS_mode())
572 exit(1);
573 if (do_corrupt_dsa_keygen)
574 FIPS_corrupt_dsa_keygen();
575 if (do_corrupt_rsa_keygen)
576 FIPS_corrupt_rsa_keygen();
577 if (do_rng_stick)
578 FIPS_rng_stick();
579
580 /*
581 * AES encryption/decryption
582 */
583 test_msg("3. AES encryption/decryption", FIPS_aes_test());
584
585 /*
586 * RSA key generation and encryption/decryption
587 */
588 test_msg("4. RSA key generation and encryption/decryption",
589 FIPS_rsa_test(bad_rsa));
590
591 /*
592 * DES-CBC encryption/decryption
593 */
594 test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
595
596 /*
597 * DSA key generation and signature validation
598 */
599 test_msg("6. DSA key generation and signature validation",
600 FIPS_dsa_test(bad_dsa));
601
602 /*
603 * SHA-1 hash
604 */
605 test_msg("7a. SHA-1 hash", FIPS_sha1_test());
606
607 /*
608 * SHA-256 hash
609 */
610 test_msg("7b. SHA-256 hash", FIPS_sha256_test());
611
612 /*
613 * SHA-512 hash
614 */
615 test_msg("7c. SHA-512 hash", FIPS_sha512_test());
616
617 /*
618 * HMAC-SHA-1 hash
619 */
620 test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
621
622 /*
623 * HMAC-SHA-224 hash
624 */
625 test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
626
627 /*
628 * HMAC-SHA-256 hash
629 */
630 test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
631
632 /*
633 * HMAC-SHA-384 hash
634 */
635 test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
636
637 /*
638 * HMAC-SHA-512 hash
639 */
640 test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
641
642 /*
643 * Non-Approved cryptographic operation
644 */
645 printf("8. Non-Approved cryptographic operation test...\n");
646 printf("\ta. Included algorithm (D-H)...%s\n",
647 dh_test()? "successful as expected" : Fail("failed INCORRECTLY!"));
648
649 /*
650 * Zeroization
651 */
652 printf("9. Zero-ization...\n\t%s\n",
653 Zeroize()? "successful as expected" : Fail("failed INCORRECTLY!"));
654
655 printf("\nAll tests completed with %d errors\n", Error);
656 return Error ? 1 : 0;
657 }
658
659 #endif
A mirror of the official openssl repository