Implement health checks needed by SP800-90.
Fix warnings. Instantiate DRBGs at maximum strength.
This commit is contained in:
Dr. Stephen Henson
@@ -84,6 +84,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
|
||||
{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK), "FIPS_DRBG_HEALTH_CHECK"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"},
|
||||
{ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
|
||||
@@ -117,6 +118,8 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
|
||||
{ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"},
|
||||
{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
|
||||
{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
|
||||
{ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
|
||||
{ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"},
|
||||
{ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
|
||||
{ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
|
||||
{ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY),"error retrieving entropy"},
|
||||
@@ -127,7 +130,9 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
|
||||
{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"},
|
||||
{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
|
||||
{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
|
||||
{ERR_REASON(FIPS_R_FUNCTION_ERROR) ,"function error"},
|
||||
{ERR_REASON(FIPS_R_GENERATE_ERROR) ,"generate error"},
|
||||
{ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),"generate error undetected"},
|
||||
{ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"},
|
||||
{ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),"insufficient security strength"},
|
||||
{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
|
||||
@@ -136,13 +141,18 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
|
||||
{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
|
||||
{ERR_REASON(FIPS_R_NOT_INSTANTIATED) ,"not instantiated"},
|
||||
{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
|
||||
{ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"},
|
||||
{ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"},
|
||||
{ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"},
|
||||
{ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"},
|
||||
{ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"},
|
||||
{ERR_REASON(FIPS_R_RESEED_ERROR) ,"reseed error"},
|
||||
{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa decrypt error"},
|
||||
{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa encrypt error"},
|
||||
{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"},
|
||||
{ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"},
|
||||
{ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"},
|
||||
{ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"},
|
||||
{ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"},
|
||||
{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
|
||||
{0,NULL}
|
||||
|
||||
Reference in New Issue
Block a user