Update error codes for FIPS.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 21 Oct 2011 13:04:27 +0000 (13:04 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 21 Oct 2011 13:04:27 +0000 (13:04 +0000)
Add support for authentication in FIPS_mode_set().

crypto/fips_err.h
crypto/o_fips.c

index 21b820c6957729bb775ba2ddc4fbae4ad699c522..c671691b4786b32e5e567db4df5e6541268f27ab 100644 (file)
@@ -1,6 +1,6 @@
 /* crypto/fips_err.h */
 /* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -72,6 +72,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
        {
 {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),        "DH_BUILTIN_GENPARAMS"},
 {ERR_FUNC(FIPS_F_DH_INIT),     "DH_INIT"},
+{ERR_FUNC(FIPS_F_DRBG_RESEED), "DRBG_RESEED"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),        "DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2),       "DSA_BUILTIN_PARAMGEN2"},
 {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
@@ -83,17 +84,17 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),       "FIPS_check_incore_fingerprint"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA),      "fips_check_rsa"},
 {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"},
-{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_CIPHER"},
-{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT),     "FIPS_CIPHERINIT"},
+{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_cipher"},
+{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT),     "FIPS_cipherinit"},
 {ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL),        "FIPS_CIPHER_CTX_CTRL"},
-{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL),    "FIPS_DIGESTFINAL"},
-{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT),     "FIPS_DIGESTINIT"},
-{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE),   "FIPS_DIGESTUPDATE"},
+{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL),    "FIPS_digestfinal"},
+{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT),     "FIPS_digestinit"},
+{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE),   "FIPS_digestupdate"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES),     "FIPS_DRBG_BYTES"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK),     "FIPS_DRBG_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST),        "FIPS_DRBG_CPRNG_TEST"},
+{ERR_FUNC(FIPS_F_FIPS_DRBG_ERROR_CHECK),       "FIPS_DRBG_ERROR_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE),  "FIPS_drbg_generate"},
-{ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK),      "FIPS_DRBG_HEALTH_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT),      "FIPS_drbg_init"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE),       "FIPS_drbg_instantiate"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),       "FIPS_drbg_new"},
@@ -137,9 +138,12 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 
 static ERR_STRING_DATA FIPS_str_reasons[]=
        {
+{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),"additional input error undetected"},
 {ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),"additional input too long"},
 {ERR_REASON(FIPS_R_ALREADY_INSTANTIATED) ,"already instantiated"},
+{ERR_REASON(FIPS_R_AUTHENTICATION_FAILURE),"authentication failure"},
 {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
+{ERR_REASON(FIPS_R_DRBG_NOT_INITIALISED) ,"drbg not initialised"},
 {ERR_REASON(FIPS_R_DRBG_STUCK)           ,"drbg stuck"},
 {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},
 {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"},
@@ -164,12 +168,17 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
 {ERR_REASON(FIPS_R_INVALID_PARAMETERS)   ,"invalid parameters"},
 {ERR_REASON(FIPS_R_IN_ERROR_STATE)       ,"in error state"},
 {ERR_REASON(FIPS_R_KEY_TOO_SHORT)        ,"key too short"},
+{ERR_REASON(FIPS_R_NONCE_ERROR_UNDETECTED),"nonce error undetected"},
 {ERR_REASON(FIPS_R_NON_FIPS_METHOD)      ,"non fips method"},
+{ERR_REASON(FIPS_R_NOPR_TEST1_FAILURE)   ,"nopr test1 failure"},
+{ERR_REASON(FIPS_R_NOPR_TEST2_FAILURE)   ,"nopr test2 failure"},
 {ERR_REASON(FIPS_R_NOT_INSTANTIATED)     ,"not instantiated"},
 {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
 {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"},
 {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"},
 {ERR_REASON(FIPS_R_PRNG_STRENGTH_TOO_LOW),"prng strength too low"},
+{ERR_REASON(FIPS_R_PR_TEST1_FAILURE)     ,"pr test1 failure"},
+{ERR_REASON(FIPS_R_PR_TEST2_FAILURE)     ,"pr test2 failure"},
 {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"},
 {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"},
 {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"},
index 9474a0d9afa4199f113935f91865167c48c20dfc..6a823957502e771b769d2cc5cd2560fa8d56d189 100644 (file)
@@ -75,7 +75,10 @@ int FIPS_mode_set(int r)
        {
        OPENSSL_init();
 #ifdef OPENSSL_FIPS
-       if (!FIPS_module_mode_set(r))
+#ifndef FIPS_AUTH_USER_PASS
+#define FIPS_AUTH_USER_PASS    "Default FIPS Crypto User Password"
+#endif
+       if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS))
                return 0;
        if (r)
                RAND_set_rand_method(FIPS_rand_get_method());