Corruption self tests are skipped when verify_integrity is failed
shuishuiwawa opened this issue · comments
Description
I built OpenSSL from source using version 3.0.1, and also installed FIPS provider. I tried to run the self test manually for FIPS provider by running ./provider_status_test -config /opt/ossl3/ssl/openssl-fips.cnf -provider_name fips, the command itself runs successfully, but the result looks weird. See it below. When it comes to on demand failure, only one test case is run. Failure to verify integrity of the provider will cause provider load failure, therefore we cannot test any other algorithms. This is the expected behavior of failure to verify integrity, but the provider_status_test tries to do some corruption tests for some algorithms, including verify_integrity. What I expect is that other corruption tests will be run after module verification failure.
but the test case tries to corrupt integrity and
[root@localhost test]# ./provider_status_test -config /opt/ossl3/ssl/openssl-fips.cnf -provider_name fips
#
# On Loading
# HMAC : (Module_Integrity) : Pass
# HMAC : (Install_Integrity) : Pass
1..1
start self test...#
# On Demand
# HMAC : (Module_Integrity) : Pass
# HMAC : (Install_Integrity) : Pass
# SHA1 : (KAT_Digest) : Pass
# SHA2 : (KAT_Digest) : Pass
# SHA3 : (KAT_Digest) : Pass
# TDES : (KAT_Cipher) : Pass
# AES_GCM : (KAT_Cipher) : Pass
# AES_ECB_Decrypt : (KAT_Cipher) : Pass
# RSA : (KAT_Signature) : RNG : (Continuous_RNG_Test) : Pass
# Pass
# ECDSA : (PCT_Signature) : Pass
# ECDSA : (PCT_Signature) : Pass
# DSA : (PCT_Signature) : Pass
# TLS13_KDF_EXTRACT : (KAT_KDF) : Pass
# TLS13_KDF_EXPAND : (KAT_KDF) : Pass
# TLS12_PRF : (KAT_KDF) : Pass
# PBKDF2 : (KAT_KDF) : Pass
# SSHKDF : (KAT_KDF) : Pass
# KBKDF : (KAT_KDF) : Pass
# HKDF : (KAT_KDF) : Pass
# SSKDF : (KAT_KDF) : Pass
# X963KDF : (KAT_KDF) : Pass
# X942KDF : (KAT_KDF) : Pass
# HASH : (DRBG) : Pass
# CTR : (DRBG) : Pass
# HMAC : (DRBG) : Pass
# DH : (KAT_KA) : Pass
# ECDH : (KAT_KA) : Pass
# RSA_Encrypt : (KAT_AsymmetricCipher) : Pass
# RSA_Decrypt : (KAT_AsymmetricCipher) : Pass
# RSA_Decrypt : (KAT_AsymmetricCipher) : Pass
#
# On Demand Failure
# HMAC : (Module_Integrity) : Fail
ok 1 - test_provider_status
Analysis
After checking the source code, I see module verification is always run in SELF_TEST_post in self_test.c. Once it fails, the program will go to end, and skip the SELF_TEST_kats right before end section. Since I see some corruption code in self_test_digests and some other tests, I expect other corruption tests can be triggered after the corruption for module verification.
Would you please confirm if it's a bug or expected behavior? Thank you!
Did you follow the installation instructions from the security policy? I suspect not because 3.0.1 is not and never will be FIPS validated. Currently, only versions 3.0.8 and 3.0.9 are on the validated list.
Moreover, the installation instructions include steps which create the integrity checksum which is what is failing for you.