1 files changed, 62 insertions, 0 deletions

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index 42df9a4b87..e10b00b5aa 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -173,6 +173,64 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
 #endif
 
 /*
+ * We need an explicit HMAC-SHA-256 KAT even though it is also
+ * checked as part of the KDF KATs.  Refer IG 10.3.
+ */
+static const unsigned char hmac_kat_pt[] = {
+    0xdd, 0x0c, 0x30, 0x33, 0x35, 0xf9, 0xe4, 0x2e,
+    0xc2, 0xef, 0xcc, 0xbf, 0x07, 0x95, 0xee, 0xa2
+};
+static const unsigned char hmac_kat_key[] = {
+    0xf4, 0x55, 0x66, 0x50, 0xac, 0x31, 0xd3, 0x54,
+    0x61, 0x61, 0x0b, 0xac, 0x4e, 0xd8, 0x1b, 0x1a,
+    0x18, 0x1b, 0x2d, 0x8a, 0x43, 0xea, 0x28, 0x54,
+    0xcb, 0xae, 0x22, 0xca, 0x74, 0x56, 0x08, 0x13
+};
+static const unsigned char hmac_kat_digest[] = {
+    0xf5, 0xf5, 0xe5, 0xf2, 0x66, 0x49, 0xe2, 0x40,
+    0xfc, 0x9e, 0x85, 0x7f, 0x2b, 0x9a, 0xbe, 0x28,
+    0x20, 0x12, 0x00, 0x92, 0x82, 0x21, 0x3e, 0x51,
+    0x44, 0x5d, 0xe3, 0x31, 0x04, 0x01, 0x72, 0x6b
+};
+
+static int integrity_self_test(OSSL_SELF_TEST *ev, OSSL_LIB_CTX *libctx)
+{
+    int ok = 0;
+    unsigned char out[EVP_MAX_MD_SIZE];
+    size_t out_len = 0;
+
+    OSSL_PARAM   params[2];
+    EVP_MAC     *mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
+    EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(mac);
+
+    OSSL_SELF_TEST_onbegin(ev, OSSL_SELF_TEST_TYPE_KAT_INTEGRITY,
+                               OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
+
+    params[0] = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
+    params[1] = OSSL_PARAM_construct_end();
+
+    if (ctx == NULL
+            || mac == NULL
+            || !EVP_MAC_init(ctx, hmac_kat_key, sizeof(hmac_kat_key), params)
+            || !EVP_MAC_update(ctx, hmac_kat_pt, sizeof(hmac_kat_pt))
+            || !EVP_MAC_final(ctx, out, &out_len, MAX_MD_SIZE))
+        goto err;
+
+    /* Optional corruption */
+    OSSL_SELF_TEST_oncorrupt_byte(ev, out);
+
+    if (out_len != sizeof(hmac_kat_digest)
+            || memcmp(out, hmac_kat_digest, out_len) != 0)
+        goto err;
+    ok = 1;
+err:
+    OSSL_SELF_TEST_onend(ev, ok);
+    EVP_MAC_free(mac);
+    EVP_MAC_CTX_free(ctx);
+    return ok;
+}
+
+/*
  * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
  * the result matches the expected value.
  * Return 1 if verified, or 0 if it fails.
@@ -190,6 +248,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     EVP_MAC_CTX *ctx = NULL;
     OSSL_PARAM params[2], *p = params;
 
+    if (!integrity_self_test(ev, libctx))
+        goto err;
+
     OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
 
     mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
@@ -355,6 +416,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
             goto end;
         }
     }
+
     ok = 1;
 end:
     OSSL_SELF_TEST_free(ev);