Only run required tests during power-up self-test.

Enter error state after a failed key generation tests.

5 files changed, 39 insertions, 25 deletions

diff --git a/src/ChangeLog b/src/ChangeLog
index 634f440b..d860b543 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,10 @@
+2008-09-12  Werner Koch  <wk@g10code.com>
+
+	* fips.c (_gcry_fips_run_selftests): Add arg EXTENDED.
+	(run_cipher_selftests, run_digest_selftests, run_hmac_selftests) 
+	(run_pubkey_selftests): Ditto.
+	* cipher-proto.h (selftest_func_t): Add arg EXTENDED
+
 2008-09-11  Werner Koch  <wk@g10code.com>
 
 	* fips.c: Include string.h.
diff --git a/src/cipher-proto.h b/src/cipher-proto.h
index 39a91012..2382a68d 100644
--- a/src/cipher-proto.h
+++ b/src/cipher-proto.h
@@ -36,7 +36,7 @@ typedef void (*selftest_report_func_t)(const char *domain,
 
 /* Definition of the selftest functions.  */
 typedef gpg_err_code_t (*selftest_func_t)
-     (int algo, selftest_report_func_t report);
+     (int algo, int extended, selftest_report_func_t report);
 
 
 /* An extended type of the generate function.  */
@@ -90,10 +90,14 @@ gcry_error_t _gcry_pk_register (gcry_pk_spec_t *cipher,
                                 gcry_module_t *module);
 
 /* The selftest functions.  */
-gcry_error_t _gcry_cipher_selftest (int algo, selftest_report_func_t report);
-gcry_error_t _gcry_md_selftest (int algo, selftest_report_func_t report);
-gcry_error_t _gcry_pk_selftest (int algo, selftest_report_func_t report);
-gcry_error_t _gcry_hmac_selftest (int algo, selftest_report_func_t report);
+gcry_error_t _gcry_cipher_selftest (int algo, int extended, 
+                                    selftest_report_func_t report);
+gcry_error_t _gcry_md_selftest (int algo, int extended,
+                                selftest_report_func_t report);
+gcry_error_t _gcry_pk_selftest (int algo, int extended,
+                                selftest_report_func_t report);
+gcry_error_t _gcry_hmac_selftest (int algo, int extended,
+                                  selftest_report_func_t report);
 
 gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
 
diff --git a/src/fips.c b/src/fips.c
index d4f2fcb2..4aa50241 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -269,7 +269,7 @@ _gcry_fips_is_operational (void)
              performed by severeal threads; that is no problem because
              our FSM make sure that we won't oversee any error. */
           unlock_fsm ();
-          _gcry_fips_run_selftests ();
+          _gcry_fips_run_selftests (0);
           lock_fsm ();
         }
 
@@ -340,7 +340,7 @@ reporter (const char *domain, int algo, const char *what, const char *errtxt)
 /* Run self-tests for all required cipher algorithms.  Return 0 on
    success. */
 static int
-run_cipher_selftests (void)
+run_cipher_selftests (int extended)
 {
   static int algos[] = 
     {
@@ -356,7 +356,7 @@ run_cipher_selftests (void)
 
   for (idx=0; algos[idx]; idx++)
     {
-      err = _gcry_cipher_selftest (algos[idx], reporter);
+      err = _gcry_cipher_selftest (algos[idx], extended, reporter);
       reporter ("cipher", algos[idx], NULL,
                 err? gpg_strerror (err):NULL);
       if (err)
@@ -369,7 +369,7 @@ run_cipher_selftests (void)
 /* Run self-tests for all required hash algorithms.  Return 0 on
    success. */
 static int
-run_digest_selftests (void)
+run_digest_selftests (int extended)
 {
   static int algos[] = 
     {
@@ -386,7 +386,7 @@ run_digest_selftests (void)
 
   for (idx=0; algos[idx]; idx++)
     {
-      err = _gcry_md_selftest (algos[idx], reporter);
+      err = _gcry_md_selftest (algos[idx], extended, reporter);
       reporter ("digest", algos[idx], NULL,
                 err? gpg_strerror (err):NULL);
       if (err)
@@ -398,7 +398,7 @@ run_digest_selftests (void)
 
 /* Run self-tests for all HMAC algorithms.  Return 0 on success. */
 static int
-run_hmac_selftests (void)
+run_hmac_selftests (int extended)
 {
   static int algos[] = 
     {
@@ -415,7 +415,7 @@ run_hmac_selftests (void)
 
   for (idx=0; algos[idx]; idx++)
     {
-      err = _gcry_hmac_selftest (algos[idx], reporter);
+      err = _gcry_hmac_selftest (algos[idx], extended, reporter);
       reporter ("hmac", algos[idx], NULL,
                 err? gpg_strerror (err):NULL);
       if (err)
@@ -428,7 +428,7 @@ run_hmac_selftests (void)
 /* Run self-tests for all required public key algorithms.  Return 0 on
    success. */
 static int
-run_pubkey_selftests (void)
+run_pubkey_selftests (int extended)
 {
   static int algos[] = 
     {
@@ -443,7 +443,7 @@ run_pubkey_selftests (void)
 
   for (idx=0; algos[idx]; idx++)
     {
-      err = _gcry_pk_selftest (algos[idx], reporter);
+      err = _gcry_pk_selftest (algos[idx], extended, reporter);
       reporter ("pubkey", algos[idx], NULL,
                 err? gpg_strerror (err):NULL);
       if (err)
@@ -550,9 +550,10 @@ check_binary_integrity (void)
 }
 
 
-/* Run the self-tests.  */
+/* Run the self-tests.  If EXTENDED is true, extended versions of the
+   selftest are run, that is more tests than required by FIPS.  */
 gpg_err_code_t
-_gcry_fips_run_selftests (void)
+_gcry_fips_run_selftests (int extended)
 {
   enum module_states result = STATE_ERROR;
   gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
@@ -560,13 +561,13 @@ _gcry_fips_run_selftests (void)
   if (fips_mode ())
     fips_new_state (STATE_SELFTEST);
 
-  if (run_cipher_selftests ())
+  if (run_cipher_selftests (extended))
     goto leave;
 
-  if (run_digest_selftests ())
+  if (run_digest_selftests (extended))
     goto leave;
 
-  if (run_hmac_selftests ())
+  if (run_hmac_selftests (extended))
     goto leave;
 
   /* Run random tests before the pubkey tests because the latter
@@ -574,7 +575,7 @@ _gcry_fips_run_selftests (void)
   if (run_random_selftests ())
     goto leave;
 
-  if (run_pubkey_selftests ())
+  if (run_pubkey_selftests (extended))
     goto leave;
 
   /* Now check the integrity of the binary.  We do this this after
diff --git a/src/g10lib.h b/src/g10lib.h
index 1a7ddffb..3ef7c94b 100644
--- a/src/g10lib.h
+++ b/src/g10lib.h
@@ -316,7 +316,7 @@ int _gcry_fips_is_operational (void);
 int _gcry_fips_test_operational (void);
 int _gcry_fips_test_error_or_operational (void);
 
-gpg_err_code_t _gcry_fips_run_selftests (void);
+gpg_err_code_t _gcry_fips_run_selftests (int extended);
 
 void _gcry_fips_noreturn (void);
 #define fips_noreturn()  (_gcry_fips_noreturn ())
diff --git a/src/global.c b/src/global.c
index e664aa7f..09664ab1 100644
--- a/src/global.c
+++ b/src/global.c
@@ -469,17 +469,19 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr)
              run a selftest.  If not we use the is_operational call to
              force us into operational state if possible.  */
           if (_gcry_fips_test_error_or_operational ())
-            _gcry_fips_run_selftests ();
+            _gcry_fips_run_selftests (1);
           if (_gcry_fips_is_operational ())
             err = GPG_ERR_GENERAL; /* Used as TRUE value */
       }
       break;
 
     case GCRYCTL_SELFTEST:
-      /* Run a selftest.  This works in fips mode as weel as in
-         standard mode.  Returns 0 on success or an error code. */
+      /* Run a selftest.  This works in fips mode as well as in
+         standard mode.  In contrast to the power-up tests, we use an
+         extended version ofthe selftests. Returns 0 on success or an
+         error code. */
       global_init ();
-      err = _gcry_fips_run_selftests ();
+      err = _gcry_fips_run_selftests (1);
       break;
 
     default: