/* Run the self-tests. If EXTENDED is true, extended versions of the
selftest are run, that is more tests than required by FIPS. */
gpg_err_code_t
_gcry_fips_run_selftests (int extended)
{
enum module_states result = STATE_ERROR;
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
if (fips_mode ())
fips_new_state (STATE_SELFTEST);
if (run_cipher_selftests (extended))
goto leave;
if (run_digest_selftests (extended))
goto leave;
if (run_hmac_selftests (extended))
goto leave;
/* Run random tests before the pubkey tests because the latter
require random. */
if (run_random_selftests ())
goto leave;
if (run_pubkey_selftests (extended))
goto leave;
/* Now check the integrity of the binary. We do this this after
having checked the HMAC code. */
if (check_binary_integrity ())
goto leave;
/* All selftests passed. */
result = STATE_OPERATIONAL;
ec = 0;
leave:
if (fips_mode ())
fips_new_state (result);
return ec;
}
int _gnutls_fips_perform_self_checks2(void)
{
int ret;
_gnutls_switch_lib_state(LIB_STATE_SELFTEST);
/* Tests the FIPS algorithms */
/* ciphers - one test per cipher */
ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_3DES_CBC);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_cipher_self_test(0, GNUTLS_CIPHER_AES_256_GCM);
if (ret < 0) {
gnutls_assert();
goto error;
}
/* MAC (includes message digest test) */
ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA1);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA224);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA256);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA384);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_mac_self_test(0, GNUTLS_MAC_SHA512);
if (ret < 0) {
gnutls_assert();
goto error;
}
/* PK */
ret = gnutls_pk_self_test(0, GNUTLS_PK_RSA);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_pk_self_test(0, GNUTLS_PK_DSA);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_pk_self_test(0, GNUTLS_PK_EC);
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = gnutls_pk_self_test(0, GNUTLS_PK_DH);
if (ret < 0) {
gnutls_assert();
goto error;
}
if (_gnutls_rnd_ops.self_test == NULL) {
gnutls_assert();
goto error;
}
ret = _gnutls_rnd_ops.self_test();
if (ret < 0) {
gnutls_assert();
goto error;
}
if (_skip_integrity_checks == 0) {
ret = check_binary_integrity(GNUTLS_LIBRARY_NAME, "gnutls_global_init");
if (ret == 0) {
gnutls_assert();
goto error;
}
ret = check_binary_integrity(NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
if (ret == 0) {
gnutls_assert();
goto error;
}
ret = check_binary_integrity(HOGWEED_LIBRARY_NAME, "nettle_mpz_sizeinbase_256_u");
if (ret == 0) {
gnutls_assert();
goto error;
}
ret = check_binary_integrity(GMP_LIBRARY_NAME, "__gmpz_init");
if (ret == 0) {
gnutls_assert();
goto error;
}
}
return 0;
error:
_gnutls_switch_lib_state(LIB_STATE_ERROR);
_gnutls_audit_log(NULL, "FIPS140-2 self testing part 2 failed\n");
return GNUTLS_E_SELF_TEST_ERROR;
}