Add error for health check failure.

Rebuild all FIPS error codes to clean out old obsolete codes.
2011-04-09 17:46:31 +00:00 · 2011-04-09 17:46:31 +00:00 · 55e328f580
commit 55e328f580
parent f3823ddfcf
3 changed files with 88 additions and 108 deletions
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@ -71,13 +71,10 @@
 static ERR_STRING_DATA FIPS_str_functs[]=
 	{
 {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(FIPS_F_DRBG_CPRNG_TEST),	"DRBG_CPRNG_TEST"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2),	"DSA_BUILTIN_PARAMGEN2"},
 {ERR_FUNC(FIPS_F_DSA_DO_SIGN),	"DSA_do_sign"},
 {ERR_FUNC(FIPS_F_DSA_DO_VERIFY),	"DSA_do_verify"},
-{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},
-{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA),	"FIPS_CHECK_DSA"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_EC),	"FIPS_CHECK_EC"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),	"FIPS_check_incore_fingerprint"},
@ -85,15 +82,14 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT),	"FIPS_CIPHERINIT"},
 {ERR_FUNC(FIPS_F_FIPS_DIGESTINIT),	"FIPS_DIGESTINIT"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES),	"FIPS_DRBG_BYTES"},
+{ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST),	"FIPS_DRBG_CPRNG_TEST"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE),	"FIPS_drbg_generate"},
-{ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE_INTERNAL),	"FIPS_DRBG_GENERATE_INTERNAL"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK),	"FIPS_DRBG_HEALTH_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT),	"FIPS_drbg_init"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE),	"FIPS_drbg_instantiate"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),	"FIPS_drbg_new"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED),	"FIPS_drbg_reseed"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT),	"FIPS_DRBG_SINGLE_KAT"},
-{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),	"FIPS_DSA_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_MODE_SET),	"FIPS_mode_set"},
 {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),	"fips_pkey_signature_test"},
 {ERR_FUNC(FIPS_F_FIPS_RAND_ADD),	"FIPS_rand_add"},
@ -109,7 +105,6 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),	"FIPS_selftest_dsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA),	"FIPS_selftest_ecdsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),	"FIPS_selftest_hmac"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),	"FIPS_selftest_sha1"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931),	"FIPS_selftest_x931"},
 {ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},
@ -119,7 +114,6 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX),	"RSA_X931_generate_key_ex"},
-{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
 {0,NULL}
 	};

@ -127,8 +121,6 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 	{
 {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),"additional input too long"},
 {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED) ,"already instantiated"},
-{ERR_REASON(FIPS_R_CANNOT_READ_EXE)      ,"cannot read exe"},
-{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
 {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
 {ERR_REASON(FIPS_R_DRBG_STUCK)           ,"drbg stuck"},
 {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
@ -138,7 +130,6 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),"error retrieving additional input"},
 {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY),"error retrieving entropy"},
 {ERR_REASON(FIPS_R_ERROR_RETRIEVING_NONCE),"error retrieving nonce"},
-{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
 {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
 {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"},
 {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"},
@ -162,9 +153,8 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"},
 {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"},
 {ERR_REASON(FIPS_R_RESEED_ERROR)         ,"reseed error"},
-{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR)    ,"rsa decrypt error"},
-{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR)    ,"rsa encrypt error"},
 {ERR_REASON(FIPS_R_SELFTEST_FAILED)      ,"selftest failed"},
+{ERR_REASON(FIPS_R_SELFTEST_FAILURE)     ,"selftest failure"},
 {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"},
 {ERR_REASON(FIPS_R_TEST_FAILURE)         ,"test failure"},
 {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"},
--- a/fips/fips.h
+++ b/fips/fips.h
@ -197,102 +197,92 @@ void ERR_load_FIPS_strings(void);

 /* Function codes. */
 #define FIPS_F_DH_BUILTIN_GENPARAMS			 100
-#define FIPS_F_DRBG_CPRNG_TEST				 141
 #define FIPS_F_DSA_BUILTIN_PARAMGEN			 101
-#define FIPS_F_DSA_BUILTIN_PARAMGEN2			 126
-#define FIPS_F_DSA_DO_SIGN				 102
-#define FIPS_F_DSA_DO_VERIFY				 103
-#define FIPS_F_EVP_CIPHERINIT_EX			 124
-#define FIPS_F_EVP_DIGESTINIT_EX			 125
-#define FIPS_F_FIPS_CHECK_DSA				 104
-#define FIPS_F_FIPS_CHECK_EC				 129
-#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 105
-#define FIPS_F_FIPS_CHECK_RSA				 106
-#define FIPS_F_FIPS_CIPHERINIT				 128
-#define FIPS_F_FIPS_DIGESTINIT				 127
-#define FIPS_F_FIPS_DRBG_BYTES				 142
-#define FIPS_F_FIPS_DRBG_GENERATE			 132
-#define FIPS_F_FIPS_DRBG_GENERATE_INTERNAL		 138
-#define FIPS_F_FIPS_DRBG_HEALTH_CHECK			 137
-#define FIPS_F_FIPS_DRBG_INIT				 136
-#define FIPS_F_FIPS_DRBG_INSTANTIATE			 133
-#define FIPS_F_FIPS_DRBG_NEW				 134
-#define FIPS_F_FIPS_DRBG_RESEED				 135
-#define FIPS_F_FIPS_DRBG_SINGLE_KAT			 140
-#define FIPS_F_FIPS_DSA_CHECK				 107
-#define FIPS_F_FIPS_MODE_SET				 108
-#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 109
-#define FIPS_F_FIPS_RAND_ADD				 143
-#define FIPS_F_FIPS_RAND_BYTES				 144
-#define FIPS_F_FIPS_RAND_PSEUDO_BYTES			 145
-#define FIPS_F_FIPS_RAND_SEED				 148
-#define FIPS_F_FIPS_RAND_SET_METHOD			 146
-#define FIPS_F_FIPS_RAND_STATUS				 147
-#define FIPS_F_FIPS_SELFTEST_AES			 110
-#define FIPS_F_FIPS_SELFTEST_AES_GCM			 130
-#define FIPS_F_FIPS_SELFTEST_CMAC			 139
-#define FIPS_F_FIPS_SELFTEST_DES			 111
-#define FIPS_F_FIPS_SELFTEST_DSA			 112
-#define FIPS_F_FIPS_SELFTEST_ECDSA			 131
-#define FIPS_F_FIPS_SELFTEST_HMAC			 113
-#define FIPS_F_FIPS_SELFTEST_RNG			 114
-#define FIPS_F_FIPS_SELFTEST_SHA1			 115
-#define FIPS_F_FIPS_SELFTEST_X931			 149
-#define FIPS_F_HASH_FINAL				 123
-#define FIPS_F_RSA_BUILTIN_KEYGEN			 116
-#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 117
-#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 118
-#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 119
-#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 120
-#define FIPS_F_RSA_X931_GENERATE_KEY_EX			 121
-#define FIPS_F_SSLEAY_RAND_BYTES			 122
+#define FIPS_F_DSA_BUILTIN_PARAMGEN2			 102
+#define FIPS_F_DSA_DO_SIGN				 103
+#define FIPS_F_DSA_DO_VERIFY				 104
+#define FIPS_F_FIPS_CHECK_DSA				 105
+#define FIPS_F_FIPS_CHECK_EC				 106
+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 107
+#define FIPS_F_FIPS_CHECK_RSA				 108
+#define FIPS_F_FIPS_CIPHERINIT				 109
+#define FIPS_F_FIPS_DIGESTINIT				 110
+#define FIPS_F_FIPS_DRBG_BYTES				 111
+#define FIPS_F_FIPS_DRBG_CPRNG_TEST			 112
+#define FIPS_F_FIPS_DRBG_GENERATE			 113
+#define FIPS_F_FIPS_DRBG_HEALTH_CHECK			 114
+#define FIPS_F_FIPS_DRBG_INIT				 115
+#define FIPS_F_FIPS_DRBG_INSTANTIATE			 116
+#define FIPS_F_FIPS_DRBG_NEW				 117
+#define FIPS_F_FIPS_DRBG_RESEED				 118
+#define FIPS_F_FIPS_DRBG_SINGLE_KAT			 119
+#define FIPS_F_FIPS_MODE_SET				 120
+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 121
+#define FIPS_F_FIPS_RAND_ADD				 122
+#define FIPS_F_FIPS_RAND_BYTES				 123
+#define FIPS_F_FIPS_RAND_PSEUDO_BYTES			 124
+#define FIPS_F_FIPS_RAND_SEED				 125
+#define FIPS_F_FIPS_RAND_SET_METHOD			 126
+#define FIPS_F_FIPS_RAND_STATUS				 127
+#define FIPS_F_FIPS_SELFTEST_AES			 128
+#define FIPS_F_FIPS_SELFTEST_AES_GCM			 129
+#define FIPS_F_FIPS_SELFTEST_CMAC			 130
+#define FIPS_F_FIPS_SELFTEST_DES			 131
+#define FIPS_F_FIPS_SELFTEST_DSA			 132
+#define FIPS_F_FIPS_SELFTEST_ECDSA			 133
+#define FIPS_F_FIPS_SELFTEST_HMAC			 134
+#define FIPS_F_FIPS_SELFTEST_SHA1			 135
+#define FIPS_F_FIPS_SELFTEST_X931			 136
+#define FIPS_F_HASH_FINAL				 137
+#define FIPS_F_RSA_BUILTIN_KEYGEN			 138
+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 139
+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 140
+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 141
+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 142
+#define FIPS_F_RSA_X931_GENERATE_KEY_EX			 143

 /* Reason codes. */
-#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG		 118
-#define FIPS_R_ALREADY_INSTANTIATED			 119
-#define FIPS_R_CANNOT_READ_EXE				 103
-#define FIPS_R_CANNOT_READ_EXE_DIGEST			 104
-#define FIPS_R_CONTRADICTING_EVIDENCE			 114
-#define FIPS_R_DRBG_STUCK				 142
-#define FIPS_R_ENTROPY_ERROR_UNDETECTED			 133
-#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED		 134
-#define FIPS_R_ERROR_INITIALISING_DRBG			 120
-#define FIPS_R_ERROR_INSTANTIATING_DRBG			 121
-#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT	 144
-#define FIPS_R_ERROR_RETRIEVING_ENTROPY			 122
-#define FIPS_R_ERROR_RETRIEVING_NONCE			 123
-#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH		 110
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
-#define FIPS_R_FIPS_MODE_ALREADY_SET			 102
-#define FIPS_R_FIPS_SELFTEST_FAILED			 106
-#define FIPS_R_FUNCTION_ERROR				 135
-#define FIPS_R_GENERATE_ERROR				 124
-#define FIPS_R_GENERATE_ERROR_UNDETECTED		 136
-#define FIPS_R_INSTANTIATE_ERROR			 125
-#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH		 132
-#define FIPS_R_INTERNAL_ERROR				 143
-#define FIPS_R_INVALID_KEY_LENGTH			 109
-#define FIPS_R_IN_ERROR_STATE				 126
-#define FIPS_R_KEY_TOO_SHORT				 108
-#define FIPS_R_NON_FIPS_METHOD				 100
-#define FIPS_R_NOT_INSTANTIATED				 127
-#define FIPS_R_PAIRWISE_TEST_FAILED			 107
-#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED		 137
-#define FIPS_R_PERSONALISATION_STRING_TOO_LONG		 128
-#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED		 138
-#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG		 129
-#define FIPS_R_RESEED_COUNTER_ERROR			 139
-#define FIPS_R_RESEED_ERROR				 130
-#define FIPS_R_RSA_DECRYPT_ERROR			 115
-#define FIPS_R_RSA_ENCRYPT_ERROR			 116
-#define FIPS_R_SELFTEST_FAILED				 101
-#define FIPS_R_STRENGTH_ERROR_UNDETECTED		 140
-#define FIPS_R_TEST_FAILURE				 117
-#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR		 141
-#define FIPS_R_UNSUPPORTED_DRBG_TYPE			 131
-#define FIPS_R_UNSUPPORTED_PLATFORM			 113
+#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG		 100
+#define FIPS_R_ALREADY_INSTANTIATED			 101
+#define FIPS_R_CONTRADICTING_EVIDENCE			 102
+#define FIPS_R_DRBG_STUCK				 103
+#define FIPS_R_ENTROPY_ERROR_UNDETECTED			 104
+#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED		 105
+#define FIPS_R_ERROR_INITIALISING_DRBG			 106
+#define FIPS_R_ERROR_INSTANTIATING_DRBG			 107
+#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT	 108
+#define FIPS_R_ERROR_RETRIEVING_ENTROPY			 109
+#define FIPS_R_ERROR_RETRIEVING_NONCE			 110
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH		 111
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 112
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 113
+#define FIPS_R_FIPS_MODE_ALREADY_SET			 114
+#define FIPS_R_FIPS_SELFTEST_FAILED			 115
+#define FIPS_R_FUNCTION_ERROR				 116
+#define FIPS_R_GENERATE_ERROR				 117
+#define FIPS_R_GENERATE_ERROR_UNDETECTED		 118
+#define FIPS_R_INSTANTIATE_ERROR			 119
+#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH		 120
+#define FIPS_R_INTERNAL_ERROR				 121
+#define FIPS_R_INVALID_KEY_LENGTH			 122
+#define FIPS_R_IN_ERROR_STATE				 123
+#define FIPS_R_KEY_TOO_SHORT				 124
+#define FIPS_R_NON_FIPS_METHOD				 125
+#define FIPS_R_NOT_INSTANTIATED				 126
+#define FIPS_R_PAIRWISE_TEST_FAILED			 127
+#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED		 128
+#define FIPS_R_PERSONALISATION_STRING_TOO_LONG		 129
+#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED		 130
+#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG		 131
+#define FIPS_R_RESEED_COUNTER_ERROR			 132
+#define FIPS_R_RESEED_ERROR				 133
+#define FIPS_R_SELFTEST_FAILED				 134
+#define FIPS_R_SELFTEST_FAILURE				 135
+#define FIPS_R_STRENGTH_ERROR_UNDETECTED		 136
+#define FIPS_R_TEST_FAILURE				 137
+#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR		 138
+#define FIPS_R_UNSUPPORTED_DRBG_TYPE			 139
+#define FIPS_R_UNSUPPORTED_PLATFORM			 140

 #ifdef  __cplusplus
 }
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@ -91,7 +91,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
 		DRBG_CTX tctx;
 		if (!fips_drbg_kat(&tctx, type, flags | DRBG_FLAG_TEST))
 			{
-			/*FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);*/
+			FIPSerr(FIPS_F_FIPS_DRBG_INIT, FIPS_R_SELFTEST_FAILURE);
 			return 0;
 			}
 		}
@ -426,7 +426,7 @@ int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
 	/* Check block is valid: should never happen */
 	if (dctx->lb_valid == 0)
 		{
-		FIPSerr(FIPS_F_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
+		FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_INTERNAL_ERROR);
 		fips_set_selftest_fail();
 		return 0;
 		}
@ -435,7 +435,7 @@ int fips_drbg_cprng_test(DRBG_CTX *dctx, const unsigned char *out)
 	/* Check against last block: fail if match */
 	if (!memcmp(dctx->lb, out, dctx->blocklength))
 		{
-		FIPSerr(FIPS_F_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
+		FIPSerr(FIPS_F_FIPS_DRBG_CPRNG_TEST, FIPS_R_DRBG_STUCK);
 		fips_set_selftest_fail();
 		return 0;
 		}