Update error codes for FIPS.
Add support for authentication in FIPS_mode_set().
This commit is contained in:
Dr. Stephen Henson
parent
6d5eb464c9
commit
03f84c8260
@ -1,6 +1,6 @@
|
|||||||
/* crypto/fips_err.h */
|
/* crypto/fips_err.h */
|
||||||
/* ====================================================================
|
/* ====================================================================
|
||||||
* Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
|
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
|
||||||
*
|
*
|
||||||
* Redistribution and use in source and binary forms, with or without
|
* Redistribution and use in source and binary forms, with or without
|
||||||
* modification, are permitted provided that the following conditions
|
* modification, are permitted provided that the following conditions
|
||||||
@ -72,6 +72,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
|
|||||||
{
|
{
|
||||||
{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
|
{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
|
||||||
{ERR_FUNC(FIPS_F_DH_INIT), "DH_INIT"},
|
{ERR_FUNC(FIPS_F_DH_INIT), "DH_INIT"},
|
||||||
|
{ERR_FUNC(FIPS_F_DRBG_RESEED), "DRBG_RESEED"},
|
||||||
{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
|
{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
|
||||||
{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
|
{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"},
|
||||||
{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
|
{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
|
||||||
@ -83,17 +84,17 @@ static ERR_STRING_DATA FIPS_str_functs[]=
|
|||||||
{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_check_incore_fingerprint"},
|
{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_check_incore_fingerprint"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
|
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"},
|
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_CIPHER"},
|
{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_cipher"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
|
{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_cipherinit"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
|
{ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_DIGESTFINAL"},
|
{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_digestfinal"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
|
{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_digestinit"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_DIGESTUPDATE"},
|
{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_digestupdate"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "FIPS_DRBG_BYTES"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "FIPS_DRBG_BYTES"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "FIPS_DRBG_CHECK"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "FIPS_DRBG_CHECK"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "FIPS_DRBG_CPRNG_TEST"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "FIPS_DRBG_CPRNG_TEST"},
|
||||||
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "FIPS_DRBG_ERROR_CHECK"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK), "FIPS_DRBG_HEALTH_CHECK"},
|
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
|
||||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
|
{ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
|
||||||
@ -137,9 +138,12 @@ static ERR_STRING_DATA FIPS_str_functs[]=
|
|||||||
|
|
||||||
static ERR_STRING_DATA FIPS_str_reasons[]=
|
static ERR_STRING_DATA FIPS_str_reasons[]=
|
||||||
{
|
{
|
||||||
|
{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),"additional input error undetected"},
|
||||||
{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),"additional input too long"},
|
{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),"additional input too long"},
|
||||||
{ERR_REASON(FIPS_R_ALREADY_INSTANTIATED) ,"already instantiated"},
|
{ERR_REASON(FIPS_R_ALREADY_INSTANTIATED) ,"already instantiated"},
|
||||||
|
{ERR_REASON(FIPS_R_AUTHENTICATION_FAILURE),"authentication failure"},
|
||||||
{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
|
{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
|
||||||
|
{ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED) ,"drbg not initialised"},
|
||||||
{ERR_REASON(FIPS_R_DRBG_STUCK) ,"drbg stuck"},
|
{ERR_REASON(FIPS_R_DRBG_STUCK) ,"drbg stuck"},
|
||||||
{ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
|
{ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
|
||||||
{ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"},
|
{ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"},
|
||||||
@ -164,12 +168,17 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
|
|||||||
{ERR_REASON(FIPS_R_INVALID_PARAMETERS) ,"invalid parameters"},
|
{ERR_REASON(FIPS_R_INVALID_PARAMETERS) ,"invalid parameters"},
|
||||||
{ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"},
|
{ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"},
|
||||||
{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"},
|
{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"},
|
||||||
|
{ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED),"nonce error undetected"},
|
||||||
{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
|
{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
|
||||||
|
{ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE) ,"nopr test1 failure"},
|
||||||
|
{ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE) ,"nopr test2 failure"},
|
||||||
{ERR_REASON(FIPS_R_NOT_INSTANTIATED) ,"not instantiated"},
|
{ERR_REASON(FIPS_R_NOT_INSTANTIATED) ,"not instantiated"},
|
||||||
{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
|
{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
|
||||||
{ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"},
|
{ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"},
|
||||||
{ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"},
|
{ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"},
|
||||||
{ERR_REASON(FIPS_R_PRNG_STRENGTH_TOO_LOW),"prng strength too low"},
|
{ERR_REASON(FIPS_R_PRNG_STRENGTH_TOO_LOW),"prng strength too low"},
|
||||||
|
{ERR_REASON(FIPS_R_PR_TEST1_FAILURE) ,"pr test1 failure"},
|
||||||
|
{ERR_REASON(FIPS_R_PR_TEST2_FAILURE) ,"pr test2 failure"},
|
||||||
{ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"},
|
{ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"},
|
||||||
{ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"},
|
{ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"},
|
||||||
{ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"},
|
{ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"},
|
||||||
|
|||||||
@ -75,7 +75,10 @@ int FIPS_mode_set(int r)
|
|||||||
{
|
{
|
||||||
OPENSSL_init();
|
OPENSSL_init();
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (!FIPS_module_mode_set(r))
|
#ifndef FIPS_AUTH_USER_PASS
|
||||||
|
#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password"
|
||||||
|
#endif
|
||||||
|
if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
|
||||||
return 0;
|
return 0;
|
||||||
if (r)
|
if (r)
|
||||||
RAND_set_rand_method(FIPS_rand_get_method());
|
RAND_set_rand_method(FIPS_rand_get_method());
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user