X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Ffips.h;h=f9c3dde32dcffd7a60cab709c8d3c53e78e54fb1;hp=facdbc725c1d1919f9c8e57fc51fccbd01e23d0f;hb=cb1b3aa151b64ae8813c9b5e4e510ae462ef3aca;hpb=e990b4f838eaa649a1849d25db5be2236632fe34

diff --git a/fips/fips.h b/fips/fips.h
index facdbc725c..f9c3dde32d 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -72,33 +72,95 @@ const void *FIPS_rand_check(void);
 int FIPS_selftest(void);
 int FIPS_selftest_failed(void);
 void FIPS_selftest_check(void);
-void FIPS_corrupt_sha1(void);
 int FIPS_selftest_sha1(void);
-void FIPS_corrupt_aes(void);
+int FIPS_selftest_aes_ccm(void);
+int FIPS_selftest_aes_gcm(void);
+int FIPS_selftest_aes_xts(void);
 int FIPS_selftest_aes(void);
-void FIPS_corrupt_des(void);
 int FIPS_selftest_des(void);
-void FIPS_corrupt_rsa(void);
-void FIPS_corrupt_rsa_keygen(void);
 int FIPS_selftest_rsa(void);
-void FIPS_corrupt_dsa(void);
-void FIPS_corrupt_dsa_keygen(void);
 int FIPS_selftest_dsa(void);
-void FIPS_corrupt_rng(void);
-void FIPS_rng_stick(void);
-int FIPS_selftest_rng(void);
+int FIPS_selftest_ecdsa(void);
+void FIPS_corrupt_drbg(void);
+void FIPS_x931_stick(void);
+void FIPS_drbg_stick(void);
+int FIPS_selftest_x931(void);
 int FIPS_selftest_hmac(void);
+int FIPS_selftest_drbg(void);
+int FIPS_selftest_cmac(void);
 
 unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len);
 int FIPS_check_incore_fingerprint(void);
 
-int fips_pkey_signature_test(struct evp_pkey_st *pkey,
-			const unsigned char *tbs, int tbslen,
-			const unsigned char *kat, unsigned int katlen,
+void fips_set_selftest_fail(void);
+int fips_check_rsa(struct rsa_st *rsa);
+
+void FIPS_set_locking_callbacks(void (*func)(int mode, int type,
+				const char *file,int line),
+				int (*add_cb)(int *pointer, int amount,
+					int type, const char *file, int line));
+
+void FIPS_set_malloc_callbacks(
+		void *(*malloc_cb)(int num, const char *file, int line),
+		void (*free_cb)(void *));
+
+void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
+
+/* POST callback operation value: */
+/* All tests started */
+#define	FIPS_POST_BEGIN		1
+/* All tests end: result in id */
+#define	FIPS_POST_END		2
+/* One individual test started */
+#define	FIPS_POST_STARTED	3
+/* Individual test success */
+#define	FIPS_POST_SUCCESS	4
+/* Individual test failure */
+#define	FIPS_POST_FAIL		5
+/* Induce failure in test if zero return */
+#define FIPS_POST_CORRUPT	6
+
+/* Test IDs */
+/* HMAC integrity test */
+#define FIPS_TEST_INTEGRITY	1
+/* Digest test */
+#define FIPS_TEST_DIGEST	2
+/* Symmetric cipher test */
+#define FIPS_TEST_CIPHER	3
+/* Public key signature test */
+#define FIPS_TEST_SIGNATURE	4
+/* HMAC test */
+#define FIPS_TEST_HMAC		5
+/* CMAC test */
+#define FIPS_TEST_CMAC		6
+/* GCM test */
+#define FIPS_TEST_GCM		7
+/* CCM test */
+#define FIPS_TEST_CCM		8
+/* XTS test */
+#define FIPS_TEST_XTS		9
+/* X9.31 PRNG */
+#define FIPS_TEST_X931		10
+/* DRNB */
+#define FIPS_TEST_DRBG		11
+/* Keygen pairwise consistency test */
+#define FIPS_TEST_PAIRWISE	12
+/* Continuous PRNG test */
+#define FIPS_TEST_CONTINUOUS	13
+
+void FIPS_post_set_callback(
+	int (*post_cb)(int op, int id, int subid, void *ex));
+
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+		alg " previous FIPS forbidden algorithm error ignored");
+
+int fips_pkey_signature_test(int id, struct evp_pkey_st *pkey,
+			const unsigned char *tbs, size_t tbslen,
+			const unsigned char *kat, size_t katlen,
 			const struct env_md_st *digest, int pad_mode,
 			const char *fail_str);
 
-int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
+int fips_cipher_test(int id, struct evp_cipher_ctx_st *ctx,
 			const struct evp_cipher_st *cipher,
 			const unsigned char *key,
 			const unsigned char *iv,
@@ -106,17 +168,12 @@ int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
 			const unsigned char *ciphertext,
 			int len);
 
-void fips_set_selftest_fail(void);
-int fips_check_rsa(struct rsa_st *rsa);
-
-void FIPS_set_locking_callback(void (*func)(int mode, int type,
-				const char *file,int line));
-
 /* Where necessary redirect standard OpenSSL APIs to FIPS versions */
 
 #if defined(OPENSSL_FIPSCANISTER) && defined(OPENSSL_FIPSAPI)
 
 #define CRYPTO_lock FIPS_lock
+#define CRYPTO_add_lock FIPS_add_lock
 #define CRYPTO_malloc FIPS_malloc
 #define CRYPTO_free FIPS_free
 
@@ -146,10 +203,24 @@ void FIPS_set_locking_callback(void (*func)(int mode, int type,
 #define EVP_CIPHER_CTX_ctrl FIPS_cipher_ctx_ctrl
 #define EVP_CIPHER_CTX_new FIPS_cipher_ctx_new
 #define EVP_CIPHER_CTX_free FIPS_cipher_ctx_free
+#define EVP_CIPHER_CTX_copy FIPS_cipher_ctx_copy
+#define EVP_CIPHER_CTX_set_key_length FIPS_cipher_ctx_set_key_length
 
 #define DSA_SIG_new FIPS_dsa_sig_new
 #define DSA_SIG_free FIPS_dsa_sig_free
 
+#define ECDSA_SIG_new FIPS_ecdsa_sig_new
+#define ECDSA_SIG_free FIPS_ecdsa_sig_free
+
+#define ecdsa_check fips_ecdsa_check
+#define ecdh_check fips_ecdh_check
+
+#define RAND_bytes FIPS_rand_bytes
+#define RAND_pseudo_bytes FIPS_rand_pseudo_bytes
+#define RAND_add FIPS_rand_add
+#define RAND_seed FIPS_rand_seed
+#define RAND_status FIPS_rand_status
+
 #endif
 
 /* BEGIN ERROR CODES */
@@ -163,51 +234,94 @@ void ERR_load_FIPS_strings(void);
 /* Function codes. */
 #define FIPS_F_DH_BUILTIN_GENPARAMS			 100
 #define FIPS_F_DSA_BUILTIN_PARAMGEN			 101
-#define FIPS_F_DSA_BUILTIN_PARAMGEN2			 126
-#define FIPS_F_DSA_DO_SIGN				 102
-#define FIPS_F_DSA_DO_VERIFY				 103
-#define FIPS_F_EVP_CIPHERINIT_EX			 124
-#define FIPS_F_EVP_DIGESTINIT_EX			 125
-#define FIPS_F_FIPS_CHECK_DSA				 104
-#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 105
-#define FIPS_F_FIPS_CHECK_RSA				 106
-#define FIPS_F_FIPS_DSA_CHECK				 107
-#define FIPS_F_FIPS_MODE_SET				 108
-#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 109
-#define FIPS_F_FIPS_SELFTEST_AES			 110
-#define FIPS_F_FIPS_SELFTEST_DES			 111
-#define FIPS_F_FIPS_SELFTEST_DSA			 112
-#define FIPS_F_FIPS_SELFTEST_HMAC			 113
-#define FIPS_F_FIPS_SELFTEST_RNG			 114
-#define FIPS_F_FIPS_SELFTEST_SHA1			 115
-#define FIPS_F_HASH_FINAL				 123
-#define FIPS_F_RSA_BUILTIN_KEYGEN			 116
-#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 117
-#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 118
-#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 119
-#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 120
-#define FIPS_F_RSA_X931_GENERATE_KEY_EX			 121
-#define FIPS_F_SSLEAY_RAND_BYTES			 122
+#define FIPS_F_DSA_BUILTIN_PARAMGEN2			 102
+#define FIPS_F_DSA_DO_SIGN				 103
+#define FIPS_F_DSA_DO_VERIFY				 104
+#define FIPS_F_FIPS_CHECK_DSA				 105
+#define FIPS_F_FIPS_CHECK_EC				 106
+#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT		 107
+#define FIPS_F_FIPS_CHECK_RSA				 108
+#define FIPS_F_FIPS_CIPHERINIT				 109
+#define FIPS_F_FIPS_DIGESTINIT				 110
+#define FIPS_F_FIPS_DRBG_BYTES				 111
+#define FIPS_F_FIPS_DRBG_CPRNG_TEST			 112
+#define FIPS_F_FIPS_DRBG_GENERATE			 113
+#define FIPS_F_FIPS_DRBG_HEALTH_CHECK			 114
+#define FIPS_F_FIPS_DRBG_INIT				 115
+#define FIPS_F_FIPS_DRBG_INSTANTIATE			 116
+#define FIPS_F_FIPS_DRBG_NEW				 117
+#define FIPS_F_FIPS_DRBG_RESEED				 118
+#define FIPS_F_FIPS_DRBG_SINGLE_KAT			 119
+#define FIPS_F_FIPS_MODE_SET				 120
+#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST			 121
+#define FIPS_F_FIPS_RAND_ADD				 122
+#define FIPS_F_FIPS_RAND_BYTES				 123
+#define FIPS_F_FIPS_RAND_PSEUDO_BYTES			 124
+#define FIPS_F_FIPS_RAND_SEED				 125
+#define FIPS_F_FIPS_RAND_SET_METHOD			 126
+#define FIPS_F_FIPS_RAND_STATUS				 127
+#define FIPS_F_FIPS_SELFTEST_AES			 128
+#define FIPS_F_FIPS_SELFTEST_AES_CCM			 145
+#define FIPS_F_FIPS_SELFTEST_AES_GCM			 129
+#define FIPS_F_FIPS_SELFTEST_AES_XTS			 144
+#define FIPS_F_FIPS_SELFTEST_CMAC			 130
+#define FIPS_F_FIPS_SELFTEST_DES			 131
+#define FIPS_F_FIPS_SELFTEST_DSA			 132
+#define FIPS_F_FIPS_SELFTEST_ECDSA			 133
+#define FIPS_F_FIPS_SELFTEST_HMAC			 134
+#define FIPS_F_FIPS_SELFTEST_SHA1			 135
+#define FIPS_F_FIPS_SELFTEST_X931			 136
+#define FIPS_F_HASH_FINAL				 137
+#define FIPS_F_RSA_BUILTIN_KEYGEN			 138
+#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 139
+#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 140
+#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 141
+#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT			 142
+#define FIPS_F_RSA_X931_GENERATE_KEY_EX			 143
 
 /* Reason codes. */
-#define FIPS_R_CANNOT_READ_EXE				 103
-#define FIPS_R_CANNOT_READ_EXE_DIGEST			 104
-#define FIPS_R_CONTRADICTING_EVIDENCE			 114
-#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH		 105
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH		 110
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
-#define FIPS_R_FIPS_MODE_ALREADY_SET			 102
-#define FIPS_R_FIPS_SELFTEST_FAILED			 106
-#define FIPS_R_INVALID_KEY_LENGTH			 109
-#define FIPS_R_KEY_TOO_SHORT				 108
-#define FIPS_R_NON_FIPS_METHOD				 100
-#define FIPS_R_PAIRWISE_TEST_FAILED			 107
-#define FIPS_R_RSA_DECRYPT_ERROR			 115
-#define FIPS_R_RSA_ENCRYPT_ERROR			 116
-#define FIPS_R_SELFTEST_FAILED				 101
-#define FIPS_R_TEST_FAILURE				 117
-#define FIPS_R_UNSUPPORTED_PLATFORM			 113
+#define FIPS_R_ADDITIONAL_INPUT_TOO_LONG		 100
+#define FIPS_R_ALREADY_INSTANTIATED			 101
+#define FIPS_R_CONTRADICTING_EVIDENCE			 102
+#define FIPS_R_DRBG_STUCK				 103
+#define FIPS_R_ENTROPY_ERROR_UNDETECTED			 104
+#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED		 105
+#define FIPS_R_ERROR_INITIALISING_DRBG			 106
+#define FIPS_R_ERROR_INSTANTIATING_DRBG			 107
+#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT	 108
+#define FIPS_R_ERROR_RETRIEVING_ENTROPY			 109
+#define FIPS_R_ERROR_RETRIEVING_NONCE			 110
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH		 111
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 112
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 113
+#define FIPS_R_FIPS_MODE_ALREADY_SET			 114
+#define FIPS_R_FIPS_SELFTEST_FAILED			 115
+#define FIPS_R_FUNCTION_ERROR				 116
+#define FIPS_R_GENERATE_ERROR				 117
+#define FIPS_R_GENERATE_ERROR_UNDETECTED		 118
+#define FIPS_R_INSTANTIATE_ERROR			 119
+#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH		 120
+#define FIPS_R_INTERNAL_ERROR				 121
+#define FIPS_R_INVALID_KEY_LENGTH			 122
+#define FIPS_R_IN_ERROR_STATE				 123
+#define FIPS_R_KEY_TOO_SHORT				 124
+#define FIPS_R_NON_FIPS_METHOD				 125
+#define FIPS_R_NOT_INSTANTIATED				 126
+#define FIPS_R_PAIRWISE_TEST_FAILED			 127
+#define FIPS_R_PERSONALISATION_ERROR_UNDETECTED		 128
+#define FIPS_R_PERSONALISATION_STRING_TOO_LONG		 129
+#define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED		 130
+#define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG		 131
+#define FIPS_R_RESEED_COUNTER_ERROR			 132
+#define FIPS_R_RESEED_ERROR				 133
+#define FIPS_R_SELFTEST_FAILED				 134
+#define FIPS_R_SELFTEST_FAILURE				 135
+#define FIPS_R_STRENGTH_ERROR_UNDETECTED		 136
+#define FIPS_R_TEST_FAILURE				 137
+#define FIPS_R_UNINSTANTIATE_ERROR			 141
+#define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR		 138
+#define FIPS_R_UNSUPPORTED_DRBG_TYPE			 139
+#define FIPS_R_UNSUPPORTED_PLATFORM			 140
 
 #ifdef  __cplusplus
 }