Have you considered using the provided for this: OSSL_PROVIDER_self_test()?
https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER.html
Pauli
On 8/2/22 17:41, Gahlot, Ashish Kumar wrote:
Hello All,
I’m trying to execute self-tests that FIPS runs after installation
manually by calling the APIs. I’m using code from
https://github.com/openssl/openssl/blob/7cce994d3e57345ba729388b9321d9bf8b661b4f/providers/fips/self_test_kats.c
but I’m getting NULL when I’m trying to fetch the encryption
algorithm. Is there a way to perform self-tests that FIPS runs after
installation because I did not find any code in fipsinstall.c where it
is directly calling the APIs.
int self_test_digest(const ST_KAT_DIGEST *t, OSSL_SELF_TEST *st,
OSSL_LIB_CTX *libctx)
{
int ok = 0;
unsigned char out[EVP_MAX_MD_SIZE];
unsigned int out_len = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
EVP_MD *md = EVP_MD_fetch(libctx, t->algorithm, NULL);
OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_KAT_DIGEST, t->desc);
if (ctx == NULL)
{syslog(LOG_NOTICE, "ctx NULL"); goto err;}
if (md == NULL)
{syslog(LOG_NOTICE, "md is NULL"); goto err;} //
<------------------- This is getting failed!
if (!EVP_DigestInit_ex(ctx, md, NULL))
{syslog(LOG_NOTICE, "digest failed"); goto err;}
if (!EVP_DigestUpdate(ctx, sha1_pt, t->pt_len))
{syslog(LOG_NOTICE, "digest update failed"); goto err;}
if (!EVP_DigestFinal(ctx, out, &out_len))
{syslog(LOG_NOTICE, "digest final failed"); goto err;}
/* Optional corruption */
OSSL_SELF_TEST_oncorrupt_byte(st, out);
for (int i=0; i < (int)t->expected_len; i++)
{syslog(LOG_NOTICE, "%x", out[i]);}
if (out_len != t->expected_len
|| memcmp(out, sha1_digest, out_len) != 0)
goto err;
ok = 1;
err:
EVP_MD_free(md);
EVP_MD_CTX_free(ctx);
OSSL_SELF_TEST_onend(st, ok);
return ok;
}
static int self_test_digests(OSSL_LIB_CTX *libctx)
{
OSSL_SELF_TEST *st = NULL;
st = OSSL_SELF_TEST_new(SelfTestCb, NULL);
if (st == NULL)
syslog(LOG_NOTICE, "OSSL_SELF_TEST_new failed");
int i, ret = 1;
for (i = 0; i < (int)OSSL_NELEM(st_kat_digest_tests); ++i) {
if (!self_test_digest(&st_kat_digest_tests[i], st, libctx))
ret = 0;
}
return ret;
}
if (!EVP_default_properties_enable_fips(libctx,1))
{
...
}
self_test_digests(libctx);
Thanks,
Ashish
Notice: This e-mail together with any attachments may contain
information of Ribbon Communications Inc. and its Affiliates that is
confidential and/or proprietary for the sole use of the intended
recipient. Any review, disclosure, reliance or distribution by others
or forwarding without express permission is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately and then delete all copies, including any attachments.
