From fb51e4f61158a78995cd0f950e6f3d8a6f3d3d8b Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 8 Aug 2024 13:54:36 +1000 Subject: [PATCH] test: add positive FIPS indicator failure tests for DRBGs Reviewed-by: Shane Lontis Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/25135) --- test/recipes/30-test_evp_data/evprand.txt | 28 +++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt index 3f00caf31f8..0d09899a7c9 100644 --- a/test/recipes/30-test_evp_data/evprand.txt +++ b/test/recipes/30-test_evp_data/evprand.txt @@ -79779,15 +79779,15 @@ Output.14 = ee191dc6bef025e36302bb8ce0e6a949f7b0d2944b246fc52d68a20c3b2b787595ca Title = Test truncated Digests are not allowed in FIPS -FIPSversion = >=3.1.0 Availablein = fips +FIPSversion = >=3.1.0 RAND = HASH-DRBG Digest = SHA2-224 GenerateBits = 16 Result = EVP_RAND_CTX_set_params -FIPSversion = >=3.1.0 Availablein = fips +FIPSversion = >=3.1.0 RAND = HMAC-DRBG Digest = SHA2-384 GenerateBits = 16 @@ -79795,6 +79795,18 @@ Result = EVP_RAND_CTX_set_params Title = Test FIPS indicator callbacks for truncated digests +Availablein = fips +FIPSversion = >=3.4.0 +RAND = HASH-DRBG +Digest = SHA2-224 +PredictionResistance = 0 +GenerateBits = 16 +Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 +Nonce.0 = 15e32abbae6b7433 +Output.0 = 5af6 +Result = EVP_RAND_CTX_set_params +Reason = digest not allowed + FIPSversion = >=3.4.0 RAND = HASH-DRBG Unapproved = 1 @@ -79806,6 +79818,18 @@ Entropy.0 = c3ef82ce241f02e4298b118ca4f1622515e32abbae6b7433 Nonce.0 = 15e32abbae6b7433 Output.0 = 5af6 +Availablein = fips +FIPSversion = >=3.4.0 +RAND = HMAC-DRBG +Digest = SHA2-384 +PredictionResistance = 0 +GenerateBits = 16 +Entropy.0 = 32c1ca125223de8de569697f92a37c6732c1ca125223de8de569697f92a37c67 +Nonce.0 = 15e32abbae6b7433 +Output.0 = ee9f +Result = EVP_RAND_CTX_set_params +Reason = digest not allowed + FIPSversion = >=3.4.0 RAND = HMAC-DRBG Unapproved = 1 -- 2.47.2