mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
b571e662cd
openssl/providers/fips/self_test.h
Shane Lontis 04cb5ec0b7 Add 'on demand self test' and status test to providers 
The default and legacy providers currently return 1 for status and self test checks.
Added test to show the 3 different stages the self test can be run (for installation, loading and on demand).

For the fips provider:
  - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the
    cached algorithms are flushed on failure.
  - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core
    libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at
    any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11752)
2020-08-09 18:06:52 +10:00

38 lines
1.4 KiB
C
Raw Blame History

/*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/core_dispatch.h>
#include <openssl/types.h>
#include <openssl/self_test.h>
typedef struct self_test_post_params_st {
/* FIPS module integrity check parameters */
const char *module_filename; /* Module file to perform MAC on */
const char *module_checksum_data; /* Expected module MAC integrity */
/* Used for KAT install indicator integrity check */
const char *indicator_version; /* version - for future proofing */
const char *indicator_data; /* data to perform MAC on */
const char *indicator_checksum_data; /* Expected MAC integrity value */
/* BIO callbacks supplied to the FIPS provider */
OSSL_FUNC_BIO_new_file_fn *bio_new_file_cb;
OSSL_FUNC_BIO_new_membuf_fn *bio_new_buffer_cb;
OSSL_FUNC_BIO_read_ex_fn *bio_read_ex_cb;
OSSL_FUNC_BIO_free_fn *bio_free_cb;
OSSL_CALLBACK *cb;
void *cb_arg;
OPENSSL_CTX *libctx;
} SELF_TEST_POST_PARAMS;
int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test);
int SELF_TEST_kats(OSSL_SELF_TEST *event, OPENSSL_CTX *libctx);
unsigned int FIPS_is_running(void);
Reference in New Issue View Git Blame Copy Permalink