From f01108e4761e1d4189cb134322c3cb01dc71ef87 Mon Sep 17 00:00:00 2001
From: Bob Beck <bbe@google.com>
Date: Mon, 24 Jun 2024 20:29:52 +0000
Subject: Revert "Fix test_fips in google3"

This reverts commit 26468aea6483135b156fb03a5693c495dbad2e0f.

Change-Id: I50951239b4b79544f7e8914a6f86d2b38c098a2d
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/69627
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Auto-Submit: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
---
 util/fipstools/CMakeLists.txt | 12 +++++++-----
 util/fipstools/test_fips.c    | 43 ++++++++++++++++---------------------------
 2 files changed, 23 insertions(+), 32 deletions(-)

diff --git a/util/fipstools/CMakeLists.txt b/util/fipstools/CMakeLists.txt
index 69e1284..87abf0a 100644
--- a/util/fipstools/CMakeLists.txt
+++ b/util/fipstools/CMakeLists.txt
@@ -1,6 +1,8 @@
-add_executable(
-  test_fips
+if(FIPS)
+  add_executable(
+    test_fips
 
-  test_fips.c
-)
-target_link_libraries(test_fips crypto)
+    test_fips.c
+  )
+  target_link_libraries(test_fips crypto)
+endif()
diff --git a/util/fipstools/test_fips.c b/util/fipstools/test_fips.c
index 87ef89e..bb36853 100644
--- a/util/fipstools/test_fips.c
+++ b/util/fipstools/test_fips.c
@@ -37,9 +37,7 @@
 #include "../../crypto/fipsmodule/tls/internal.h"
 #include "../../crypto/internal.h"
 
-OPENSSL_MSVC_PRAGMA(warning(disable : 4295))
 
-#if defined(BORINGSSL_FIPS)
 static void hexdump(const void *a, size_t len) {
   const unsigned char *in = (const unsigned char *)a;
   for (size_t i = 0; i < len; i++) {
@@ -48,7 +46,6 @@ static void hexdump(const void *a, size_t len) {
 
   printf("\n");
 }
-#endif
 
 int main(int argc, char **argv) {
   // Ensure that the output is line-buffered rather than fully buffered. When
@@ -65,27 +62,17 @@ int main(int argc, char **argv) {
   const uint32_t module_version = FIPS_version();
   if (module_version == 0) {
     printf("No module version set\n");
-    printf("FAIL\n");
-    fflush(stdout);
-    abort();
+    goto err;
   }
   printf("Module: '%s', version: %" PRIu32 " hash:\n", FIPS_module_name(),
          module_version);
 
-#if !defined(BORINGSSL_FIPS)
-  // |module_version| will be zero, so the non-FIPS build will never get
-  // this far.
-  printf("Non zero module version in non-FIPS build - should not happen!\n");
-  printf("FAIL\n");
-  fflush(stdout);
-  abort();
-}
+#if !defined(OPENSSL_ASAN)
+  hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH);
 #else
-#if defined(OPENSSL_ASAN)
   printf("(not available when compiled for ASAN)");
-#else
-  hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH);
 #endif
+  printf("\n");
 
   static const uint8_t kAESKey[16] = "BoringCrypto Key";
   static const uint8_t kPlaintext[64] =
@@ -162,8 +149,8 @@ int main(int argc, char **argv) {
   printf("About to AES-GCM open ");
   hexdump(output, out_len);
   if (!EVP_AEAD_CTX_open(&aead_ctx, output, &out_len, sizeof(output), nonce,
-                         EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), output,
-                         out_len, NULL, 0)) {
+                         EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
+                         output, out_len, NULL, 0)) {
     printf("AES-GCM decrypt failed\n");
     goto err;
   }
@@ -191,8 +178,8 @@ int main(int argc, char **argv) {
   memcpy(&des_iv, &kDESIV, sizeof(des_iv));
   printf("About to 3DES-CBC decrypt ");
   hexdump(kPlaintext, sizeof(kPlaintext));
-  DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1, &des2, &des3,
-                       &des_iv, DES_DECRYPT);
+  DES_ede3_cbc_encrypt(output, output, sizeof(kPlaintext), &des1,
+                       &des2, &des3, &des_iv, DES_DECRYPT);
   printf("  got ");
   hexdump(output, sizeof(kPlaintext));
 
@@ -294,8 +281,9 @@ int main(int argc, char **argv) {
   hexdump(kPlaintextSHA256, sizeof(kPlaintextSHA256));
   ECDSA_SIG *sig =
       ECDSA_do_sign(kPlaintextSHA256, sizeof(kPlaintextSHA256), ec_key);
-  if (sig == NULL || !ECDSA_do_verify(kPlaintextSHA256,
-                                      sizeof(kPlaintextSHA256), sig, ec_key)) {
+  if (sig == NULL ||
+      !ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig,
+                       ec_key)) {
     printf("ECDSA Sign/Verify PWCT failed.\n");
     goto err;
   }
@@ -317,7 +305,7 @@ int main(int argc, char **argv) {
 
   /* ECDSA with an invalid public key. */
   ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-  static const uint8_t kNotValidX926[] = {1, 2, 3, 4, 5, 6};
+  static const uint8_t kNotValidX926[] = {1,2,3,4,5,6};
   if (!EC_KEY_oct2key(ec_key, kNotValidX926, sizeof(kNotValidX926),
                       /*ctx=*/NULL)) {
     printf("Error while parsing invalid ECDSA public key\n");
@@ -399,8 +387,10 @@ int main(int argc, char **argv) {
   /* FFDH */
   printf("About to compute FFDH key-agreement:\n");
   DH *dh = DH_get_rfc7919_2048();
-  uint8_t dh_result[2048 / 8];
-  if (!dh || !DH_generate_key(dh) || sizeof(dh_result) != DH_size(dh) ||
+  uint8_t dh_result[2048/8];
+  if (!dh ||
+      !DH_generate_key(dh) ||
+      sizeof(dh_result) != DH_size(dh) ||
       DH_compute_key_padded(dh_result, DH_get0_pub_key(dh), dh) !=
           sizeof(dh_result)) {
     fprintf(stderr, "FFDH failed.\n");
@@ -419,4 +409,3 @@ err:
   fflush(stdout);
   abort();
 }
-#endif // !defined(BORINGSSL_FIPS)
-- 
cgit v1.1