int FIPS_selftest(void);
int FIPS_selftest_failed(void);
void FIPS_selftest_check(void);
-void FIPS_corrupt_sha1(void);
int FIPS_selftest_sha1(void);
-void FIPS_corrupt_aes(void);
int FIPS_selftest_aes_gcm(void);
-void FIPS_corrupt_aes_gcm(void);
+int FIPS_selftest_aes_xts(void);
int FIPS_selftest_aes(void);
-void FIPS_corrupt_des(void);
int FIPS_selftest_des(void);
-void FIPS_corrupt_rsa(void);
-void FIPS_corrupt_rsa_keygen(void);
int FIPS_selftest_rsa(void);
-void FIPS_corrupt_dsa(void);
-void FIPS_corrupt_dsa_keygen(void);
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
-void FIPS_corrupt_ecdsa(void);
-void FIPS_corrupt_ec_keygen(void);
-void FIPS_corrupt_x931(void);
void FIPS_corrupt_drbg(void);
void FIPS_x931_stick(void);
void FIPS_drbg_stick(void);
unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
int FIPS_check_incore_fingerprint(void);
-int fips_pkey_signature_test(struct evp_pkey_st *pkey,
- const unsigned char *tbs, int tbslen,
- const unsigned char *kat, unsigned int katlen,
- const struct env_md_st *digest, int pad_mode,
- const char *fail_str);
-
-int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
- const struct evp_cipher_st *cipher,
- const unsigned char *key,
- const unsigned char *iv,
- const unsigned char *plaintext,
- const unsigned char *ciphertext,
- int len);
-
void fips_set_selftest_fail(void);
int fips_check_rsa(struct rsa_st *rsa);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+/* POST callback operation value: */
+/* All tests started */
+#define FIPS_POST_BEGIN 1
+/* All tests end: result in id */
+#define FIPS_POST_END 2
+/* One individual test started */
+#define FIPS_POST_STARTED 3
+/* Individual test success */
+#define FIPS_POST_SUCCESS 4
+/* Individual test failure */
+#define FIPS_POST_FAIL 5
+/* Induce failure in test if zero return */
+#define FIPS_POST_CORRUPT 6
+
+/* Test IDs */
+/* HMAC integrity test */
+#define FIPS_TEST_INTEGRITY 1
+/* Digest test */
+#define FIPS_TEST_DIGEST 2
+/* Symmetric cipher test */
+#define FIPS_TEST_CIPHER 3
+/* Public key signature test */
+#define FIPS_TEST_SIGNATURE 4
+/* HMAC test */
+#define FIPS_TEST_HMAC 5
+/* CMAC test */
+#define FIPS_TEST_CMAC 6
+/* GCM test */
+#define FIPS_TEST_GCM 7
+/* CCM test */
+#define FIPS_TEST_CCM 8
+/* XTS test */
+#define FIPS_TEST_XTS 9
+/* X9.31 PRNG */
+#define FIPS_TEST_X931 10
+/* DRNB */
+#define FIPS_TEST_DRBG 11
+/* Keygen pairwise consistency test */
+#define FIPS_TEST_PAIRWISE 12
+/* Continuous PRNG test */
+#define FIPS_TEST_CONTINUOUS 13
+
+void FIPS_post_set_callback(
+ int (*post_cb)(int op, int id, int subid, void *ex));
+
#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
+int fips_pkey_signature_test(int id, struct evp_pkey_st *pkey,
+ const unsigned char *tbs, size_t tbslen,
+ const unsigned char *kat, size_t katlen,
+ const struct env_md_st *digest, int pad_mode,
+ const char *fail_str);
+
+int fips_cipher_test(int id, struct evp_cipher_ctx_st *ctx,
+ const struct evp_cipher_st *cipher,
+ const unsigned char *key,
+ const unsigned char *iv,
+ const unsigned char *plaintext,
+ const unsigned char *ciphertext,
+ int len);
+
/* Where necessary redirect standard OpenSSL APIs to FIPS versions */
#if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
#define FIPS_F_FIPS_RAND_STATUS 127
#define FIPS_F_FIPS_SELFTEST_AES 128
#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
+#define FIPS_F_FIPS_SELFTEST_AES_XTS 144
#define FIPS_F_FIPS_SELFTEST_CMAC 130
#define FIPS_F_FIPS_SELFTEST_DES 131
#define FIPS_F_FIPS_SELFTEST_DSA 132
#define FIPS_R_SELFTEST_FAILURE 135
#define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
#define FIPS_R_TEST_FAILURE 137
+#define FIPS_R_UNINSTANTIATE_ERROR 141
#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
#define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
#define FIPS_R_UNSUPPORTED_PLATFORM 140