From 03f84c826056529dc3a093c810091c17e68d4557 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 21 Oct 2011 13:04:27 +0000 Subject: [PATCH] Update error codes for FIPS. Add support for authentication in FIPS_mode_set(). --- crypto/fips_err.h | 23 ++++++++++++++++------- crypto/o_fips.c | 5 ++++- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/crypto/fips_err.h b/crypto/fips_err.h index 21b820c695..c671691b47 100644 --- a/crypto/fips_err.h +++ b/crypto/fips_err.h @@ -1,6 +1,6 @@ /* crypto/fips_err.h */ /* ==================================================================== - * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -72,6 +72,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= { {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, {ERR_FUNC(FIPS_F_DH_INIT), "DH_INIT"}, +{ERR_FUNC(FIPS_F_DRBG_RESEED), "DRBG_RESEED"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, @@ -83,17 +84,17 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_check_incore_fingerprint"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"}, {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"}, -{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_CIPHER"}, -{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, +{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_cipher"}, +{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_cipherinit"}, {ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"}, -{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_DIGESTFINAL"}, -{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, -{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_DIGESTUPDATE"}, +{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_digestfinal"}, +{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_digestinit"}, +{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_digestupdate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "FIPS_DRBG_BYTES"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "FIPS_DRBG_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "FIPS_DRBG_CPRNG_TEST"}, +{ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK), "FIPS_DRBG_ERROR_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"}, -{ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK), "FIPS_DRBG_HEALTH_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, @@ -137,9 +138,12 @@ static ERR_STRING_DATA FIPS_str_functs[]= static ERR_STRING_DATA FIPS_str_reasons[]= { +{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),"additional input error undetected"}, {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),"additional input too long"}, {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED) ,"already instantiated"}, +{ERR_REASON(FIPS_R_AUTHENTICATION_FAILURE),"authentication failure"}, {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"}, +{ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED) ,"drbg not initialised"}, {ERR_REASON(FIPS_R_DRBG_STUCK) ,"drbg stuck"}, {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"}, {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"}, @@ -164,12 +168,17 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_INVALID_PARAMETERS) ,"invalid parameters"}, {ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"}, {ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"}, +{ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED),"nonce error undetected"}, {ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE) ,"nopr test1 failure"}, +{ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE) ,"nopr test2 failure"}, {ERR_REASON(FIPS_R_NOT_INSTANTIATED) ,"not instantiated"}, {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"}, {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"}, {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"}, {ERR_REASON(FIPS_R_PRNG_STRENGTH_TOO_LOW),"prng strength too low"}, +{ERR_REASON(FIPS_R_PR_TEST1_FAILURE) ,"pr test1 failure"}, +{ERR_REASON(FIPS_R_PR_TEST2_FAILURE) ,"pr test2 failure"}, {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"}, {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"}, {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"}, diff --git a/crypto/o_fips.c b/crypto/o_fips.c index 9474a0d9af..6a82395750 100644 --- a/crypto/o_fips.c +++ b/crypto/o_fips.c @@ -75,7 +75,10 @@ int FIPS_mode_set(int r) { OPENSSL_init(); #ifdef OPENSSL_FIPS - if (!FIPS_module_mode_set(r)) +#ifndef FIPS_AUTH_USER_PASS +#define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" +#endif + if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) return 0; if (r) RAND_set_rand_method(FIPS_rand_get_method()); -- 2.40.0