Report each cipher used with CMAC tests.

Only add one error to error queue if a specific test type fails.

fips/cmac/fips_cmac_selftest.c

@@ -114,39 +114,63 @@ int FIPS_selftest_cmac()
 	const EVP_CIPHER *cipher;
 	CMAC_CTX *ctx = CMAC_CTX_new();
 	const CMAC_KAT *t;
-	int do_corrupt = 0, rv = 0;
+	int subid, rv = 1;
-
-	if (!fips_post_started(FIPS_TEST_CMAC, 0, 0))
-		return 1;
-	if (!fips_post_corrupt(FIPS_TEST_CMAC, 0, NULL))
 
 	for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
 		{
 		cipher = (*t->alg)();
-		CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0);
+		subid = M_EVP_CIPHER_nid(cipher);
-		CMAC_Update(ctx, t->msg, t->msgsize/8);
+		if (!fips_post_started(FIPS_TEST_CMAC, subid, 0))
-		if (do_corrupt)
+			continue;
-			CMAC_Update(ctx, t->msg, 1);
+		if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0))
-		CMAC_Final(ctx, out, &outlen);
+			{
+			rv = -1;
+			goto err;
+			}
+		if (!CMAC_Update(ctx, t->msg, t->msgsize/8))
+			{
+			rv = -1;
+			goto err;
+			}
+			
+		if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL))
+			{
+			if (!CMAC_Update(ctx, t->msg, 1))
+				{
+				rv = -1;
+				goto err;
+				}
+			}
+		if (!CMAC_Final(ctx, out, &outlen))
+			{
+			rv = -1;
+			goto err;
+			}
 		CMAC_CTX_cleanup(ctx);
 
 		if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8))
 			{
-		    	FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
+			fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
-		    	goto err;
+		    	rv = 0;
 		    	}
+		else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL))
+			{
+			rv = 0;
+			goto err;
+			}
 		}
 
-	rv = 1;
 	err:
 	CMAC_CTX_free(ctx);
 
-	if (rv == 0)
+	if (rv == -1)
 		{
-		fips_post_failed(FIPS_TEST_CMAC, 0, NULL);
+		fips_post_failed(FIPS_TEST_CMAC, subid, NULL);
-		return 0;
+		rv = 0;
 		}
+	if (!rv)
+		   FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED);
 
-	return fips_post_success(FIPS_TEST_CMAC, 0, NULL);
+	return rv;
 	}
 #endif

fips/fips_test_suite.c

@@ -682,7 +682,11 @@ POST_ID id_list[] = {
 	{EVP_PKEY_RSA, "RSA"},
 	{EVP_PKEY_DSA, "DSA"},
 	{EVP_PKEY_EC, "ECDSA"},
+	{NID_aes_128_cbc, "AES-128-CBC"},
+	{NID_aes_192_cbc, "AES-192-CBC"},
+	{NID_aes_256_cbc, "AES-256-CBC"},
 	{NID_aes_128_ecb, "AES-128-ECB"},
+	{NID_des_ede3_cbc, "DES-EDE3-CBC"},
 	{NID_des_ede3_ecb, "DES-EDE3-ECB"},
 	{0, NULL}
 };
@@ -696,7 +700,7 @@ static const char *lookup_id(int id)
 		if (n->id == id)
 			return n->name;
 		}
-	sprintf(out, "ID=%d\n", id);
+	sprintf(out, "ID=%d", id);
 	return out;
 	}
 
@@ -741,6 +745,7 @@ static int post_cb(int op, int id, int subid, void *ex)
 
 		case FIPS_TEST_CMAC:
 		idstr = "CMAC";
+		exstr = lookup_id(subid);
 		break;
 
 		case FIPS_TEST_GCM:
@@ -873,6 +878,8 @@ int main(int argc,char **argv)
 	    fail_id = FIPS_TEST_DIGEST;
         } else if (!strcmp(argv[1], "hmac")) {
 	    fail_id = FIPS_TEST_HMAC;
+        } else if (!strcmp(argv[1], "cmac")) {
+	    fail_id = FIPS_TEST_CMAC;
 	} else if (!strcmp(argv[1], "drbg")) {
 	    FIPS_corrupt_drbg();
 	} else if (!strcmp(argv[1], "rng")) {

fips/hmac/fips_hmac_selftest.c

@@ -156,11 +156,10 @@ int FIPS_selftest_hmac()
 
 		if(memcmp(out,t->kaval,outlen))
 			{
-		    	FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
 			fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
 			rv = 0;
 		    	}
-		if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
+		else if (!fips_post_success(FIPS_TEST_HMAC, subid, NULL))
 			goto err;
 		}
 
@@ -171,6 +170,8 @@ int FIPS_selftest_hmac()
 		fips_post_failed(FIPS_TEST_HMAC, subid, NULL);
 		rv = 0;
 		}
+	if (!rv)
+		   FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
 	return rv;
 	}
 #endif