Google Git
Sign in
boringssl/boringssl/f01108e4761e1d4189cb134322c3cb01dc71ef87^!/.
commit
f01108e4761e1d4189cb134322c3cb01dc71ef87
[log]
author
Bob Beck <bbe@google.com>
Mon Jun 24 20:29:52 2024 +0000
committer
David Benjamin <davidben@google.com>
Mon Jun 24 20:32:36 2024 +0000
tree
6fdb7be65766f4268e2f2a3dc032d2f9b5f51076
parent
26468aea6483135b156fb03a5693c495dbad2e0f [diff]
Revert "Fix test_fips in google3"

This reverts commit 26468aea6483135b156fb03a5693c495dbad2e0f.

Change-Id: I50951239b4b79544f7e8914a6f86d2b38c098a2d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69627
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/util/fipstools/CMakeLists.txt b/util/fipstools/CMakeLists.txt
index 69e1284..87abf0a 100644
--- a/util/fipstools/CMakeLists.txt
+++ b/util/fipstools/CMakeLists.txt

@@ -1,6 +1,8 @@
-add_executable(
-  test_fips
+if(FIPS)
+  add_executable(
+    test_fips
 
-  test_fips.c
-)
-target_link_libraries(test_fips crypto)
+    test_fips.c
+  )
+  target_link_libraries(test_fips crypto)
+endif()

diff --git a/util/fipstools/test_fips.c b/util/fipstools/test_fips.c
index 87ef89e..bb36853 100644
--- a/util/fipstools/test_fips.c
+++ b/util/fipstools/test_fips.c

@@ -37,9 +37,7 @@
 #include "../../crypto/fipsmodule/tls/internal.h"
 #include "../../crypto/internal.h"
 
-OPENSSL_MSVC_PRAGMA(warning(disable : 4295))
 
-#if defined(BORINGSSL_FIPS)
 static void hexdump(const void *a, size_t len) {
   const unsigned char *in = (const unsigned char *)a;
   for (size_t i = 0; i < len; i++) {
@@ -48,7 +46,6 @@
 
   printf("\n");
 }
-#endif
 
 int main(int argc, char **argv) {
   // Ensure that the output is line-buffered rather than fully buffered. When
@@ -65,27 +62,17 @@
   const uint32_t module_version = FIPS_version();
   if (module_version == 0) {
     printf("No module version set\n");
-    printf("FAIL\n");
-    fflush(stdout);
-    abort();
+    goto err;
   }
   printf("Module: '%s', version: %" PRIu32 " hash:\n", FIPS_module_name(),
          module_version);
 
-#if !defined(BORINGSSL_FIPS)
-  // |module_version| will be zero, so the non-FIPS build will never get
-  // this far.
-  printf("Non zero module version in non-FIPS build - should not happen!\n");
-  printf("FAIL\n");
-  fflush(stdout);
-  abort();
-}
-#else
-#if defined(OPENSSL_ASAN)
-  printf("(not available when compiled for ASAN)");
-#else
+#if !defined(OPENSSL_ASAN)
   hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH);
+#else
+  printf("(not available when compiled for ASAN)");
 #endif
+  printf("\n");
 
   static const uint8_t kAESKey[16] = "BoringCrypto Key";
   static const uint8_t kPlaintext[64] =
@@ -162,8 +149,8 @@
   printf("About to AES-GCM open ");
   hexdump(output, out_len);
   if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
-                         EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), output,
-                         out_len, NULL, 0)) {
+                         EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
+                         output, out_len, NULL, 0)) {
     printf("AES-GCM decrypt failed\n");
     goto err;
   }
@@ -191,8 +178,8 @@
   memcpy(&des_iv, &kDESIV, sizeof(des_iv));
   printf("About to 3DES-CBC decrypt ");
   hexdump(kPlaintext, sizeof(kPlaintext));
-  DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1, &des2, &des3,
-                       &des_iv, DES_DECRYPT);
+  DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1,
+                       &des2, &des3, &des_iv, DES_DECRYPT);
   printf("  got ");
   hexdump(output, sizeof(kPlaintext));
 
@@ -294,8 +281,9 @@
   hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
   ECDSA_SIG *sig =
       ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
-  if (sig == NULL || !ECDSA_do_verify(kPlaintextSHA256,
-                                      sizeof(kPlaintextSHA256), sig, ec_key)) {
+  if (sig == NULL ||
+      !ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
+                       ec_key)) {
     printf("ECDSA Sign/Verify PWCT failed.\n");
     goto err;
   }
@@ -317,7 +305,7 @@
 
   /* ECDSA with an invalid public key. */
   ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-  static const uint8_t kNotValidX926[] = {1, 2, 3, 4, 5, 6};
+  static const uint8_t kNotValidX926[] = {1,2,3,4,5,6};
   if (!EC_KEY_oct2key(ec_key, kNotValidX926, sizeof(kNotValidX926),
                       /*ctx=*/NULL)) {
     printf("Error while parsing invalid ECDSA public key\n");
@@ -399,8 +387,10 @@
   /* FFDH */
   printf("About to compute FFDH key-agreement:\n");
   DH *dh = DH_get_rfc7919_2048();
-  uint8_t dh_result[2048 / 8];
-  if (!dh || !DH_generate_key(dh) || sizeof(dh_result) != DH_size(dh) ||
+  uint8_t dh_result[2048/8];
+  if (!dh ||
+      !DH_generate_key(dh) ||
+      sizeof(dh_result) != DH_size(dh) ||
       DH_compute_key_padded(dh_result, DH_get0_pub_key(dh), dh) !=
           sizeof(dh_result)) {
     fprintf(stderr, "FFDH failed.\n");
@@ -419,4 +409,3 @@
   fflush(stdout);
   abort();
 }
-#endif // !defined(BORINGSSL_FIPS)