[svn] gcry - r1314 - in trunk: random src tests
svn author wk
cvs at cvs.gnupg.org
Fri Sep 5 18:00:52 CEST 2008
Author: wk
Date: 2008-09-05 18:00:51 +0200 (Fri, 05 Sep 2008)
New Revision: 1314
Modified:
trunk/random/ChangeLog
trunk/random/random-fips.c
trunk/random/random.c
trunk/src/ChangeLog
trunk/src/fips.c
trunk/src/g10lib.h
trunk/src/gcrypt.h.in
trunk/src/global.c
trunk/tests/basic.c
Log:
Let the test suite run the selftests even in non-fips mode.
Modified: trunk/random/ChangeLog
===================================================================
--- trunk/random/ChangeLog 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/random/ChangeLog 2008-09-05 16:00:51 UTC (rev 1314)
@@ -1,3 +1,8 @@
+2008-09-05 Werner Koch <wk at g10code.com>
+
+ * random.c (_gcry_random_selftest): Return success if not in fips
+ mode.
+
2008-09-01 Werner Koch <wk at g10code.com>
* random-fips.c (x931_get_dt) [W32]: Do not use getppid.
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/src/ChangeLog 2008-09-05 16:00:51 UTC (rev 1314)
@@ -1,3 +1,10 @@
+2008-09-05 Werner Koch <wk at g10code.com>
+
+ * gcrypt.h.in (GCYRCTL_SELFTEST): New.
+ * global.c (_gcry_vcontrol): Implement.
+ * fips.c (_gcry_fips_run_selftests): Do state transitions only if
+ in fips mode. Return an error code.
+
2008-09-01 Werner Koch <wk at g10code.com>
* stdmem.c: Re-indented.
Modified: trunk/random/random-fips.c
===================================================================
--- trunk/random/random-fips.c 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/random/random-fips.c 2008-09-05 16:00:51 UTC (rev 1314)
@@ -783,6 +783,9 @@
gcry_error_t
_gcry_rngfips_add_bytes (const void *buf, size_t buflen, int quality)
{
+ (void)buf;
+ (void)buflen;
+ (void)quality;
return 0; /* Not implemented. */
}
Modified: trunk/random/random.c
===================================================================
--- trunk/random/random.c 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/random/random.c 2008-09-05 16:00:51 UTC (rev 1314)
@@ -280,6 +280,6 @@
if (fips_mode ())
return _gcry_rngfips_selftest (report);
else
- return gpg_error (GPG_ERR_NOT_SUPPORTED);
+ return 0; /* No selftests yet. */
}
Modified: trunk/src/fips.c
===================================================================
--- trunk/src/fips.c 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/src/fips.c 2008-09-05 16:00:51 UTC (rev 1314)
@@ -200,8 +200,8 @@
/* This function returns true if fips mode is enabled. This is
independent of the fips required finite state machine and only used
- to enable run fips specific code. Please use the fips_mode macro
- instead of calling this fucntion directly. */
+ to enable fips specific code. Please use the fips_mode macro
+ instead of calling this function directly. */
int
_gcry_fips_mode (void)
{
@@ -520,12 +520,14 @@
/* Run the self-tests. */
-void
+gpg_err_code_t
_gcry_fips_run_selftests (void)
{
enum module_states result = STATE_ERROR;
+ gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
- fips_new_state (STATE_SELFTEST);
+ if (fips_mode ())
+ fips_new_state (STATE_SELFTEST);
if (run_cipher_selftests ())
goto leave;
@@ -549,9 +551,13 @@
/* All selftests passed. */
result = STATE_OPERATIONAL;
+ ec = 0;
leave:
- fips_new_state (result);
+ if (fips_mode ())
+ fips_new_state (result);
+
+ return ec;
}
Modified: trunk/src/g10lib.h
===================================================================
--- trunk/src/g10lib.h 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/src/g10lib.h 2008-09-05 16:00:51 UTC (rev 1314)
@@ -316,7 +316,7 @@
int _gcry_fips_test_operational (void);
int _gcry_fips_test_error_or_operational (void);
-void _gcry_fips_run_selftests (void);
+gpg_err_code_t _gcry_fips_run_selftests (void);
void _gcry_fips_noreturn (void);
#define fips_noreturn() (_gcry_fips_noreturn ())
Modified: trunk/src/gcrypt.h.in
===================================================================
--- trunk/src/gcrypt.h.in 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/src/gcrypt.h.in 2008-09-05 16:00:51 UTC (rev 1314)
@@ -408,7 +408,8 @@
GCRYCTL_PRINT_CONFIG = 53,
GCRYCTL_OPERATIONAL_P = 54,
GCRYCTL_FIPS_MODE_P = 55,
- GCRYCTL_FORCE_FIPS_MODE = 56
+ GCRYCTL_FORCE_FIPS_MODE = 56,
+ GCRYCTL_SELFTEST = 57
};
/* Perform various operations defined by CMD. */
Modified: trunk/src/global.c
===================================================================
--- trunk/src/global.c 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/src/global.c 2008-09-05 16:00:51 UTC (rev 1314)
@@ -475,6 +475,13 @@
}
break;
+ case GCRYCTL_SELFTEST:
+ /* Run a selftest. This works in fips mode as weel as in
+ standard mode. Returns 0 on success or an error code. */
+ global_init ();
+ err = _gcry_fips_run_selftests ();
+ break;
+
default:
err = GPG_ERR_INV_OP;
}
Modified: trunk/tests/basic.c
===================================================================
--- trunk/tests/basic.c 2008-09-03 10:42:11 UTC (rev 1313)
+++ trunk/tests/basic.c 2008-09-05 16:00:51 UTC (rev 1314)
@@ -2105,9 +2105,9 @@
check_hmac ();
check_pubkey ();
- /* If we are in fips mode do some more tests. */
if (in_fips_mode)
{
+ /* If we are in fips mode do some more tests. */
gcry_md_hd_t md;
/* First trigger a self-test. */
@@ -2130,6 +2130,8 @@
/* gcry_md_get_algo is only defined for a context with
just one digest algorithm. With our setup it should
put the oibrary intoerror state. */
+ fputs ("Note: Two lines with error messages follow "
+ "- this is expected\n", stderr);
gcry_md_get_algo (md);
gcry_md_close (md);
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
@@ -2147,7 +2149,11 @@
}
}
-
+ else
+ {
+ /* If in standard mode, run selftests. */
+ gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
+ }
if (verbose)
fprintf (stderr, "\nAll tests completed. Errors: %i\n", error_count);
More information about the Gnupg-commits
mailing list