{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_check_incore_fingerprint"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "fips_check_rsa"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA_PRNG), "fips_check_rsa_prng"},
+{ERR_FUNC(FIPS_F_FIPS_CIPHER), "FIPS_CIPHER"},
{ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"},
+{ERR_FUNC(FIPS_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
+{ERR_FUNC(FIPS_F_FIPS_DIGESTFINAL), "FIPS_DIGESTFINAL"},
{ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"},
+{ERR_FUNC(FIPS_F_FIPS_DIGESTUPDATE), "FIPS_DIGESTUPDATE"},
{ERR_FUNC(FIPS_F_FIPS_DRBG_BYTES), "FIPS_DRBG_BYTES"},
{ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK), "FIPS_DRBG_CHECK"},
{ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST), "FIPS_DRBG_CPRNG_TEST"},
{ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"},
{ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"},
{ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"},
+{ERR_FUNC(FIPS_F_FIPS_DSA_SIGN_DIGEST), "FIPS_dsa_sign_digest"},
+{ERR_FUNC(FIPS_F_FIPS_DSA_VERIFY_DIGEST), "FIPS_dsa_verify_digest"},
{ERR_FUNC(FIPS_F_FIPS_GET_ENTROPY), "FIPS_GET_ENTROPY"},
{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"},
{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
{ERR_FUNC(FIPS_F_FIPS_RAND_SEED), "FIPS_rand_seed"},
{ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD), "FIPS_rand_set_method"},
{ERR_FUNC(FIPS_F_FIPS_RAND_STATUS), "FIPS_rand_status"},
+{ERR_FUNC(FIPS_F_FIPS_RSA_SIGN_DIGEST), "FIPS_rsa_sign_digest"},
+{ERR_FUNC(FIPS_F_FIPS_RSA_VERIFY_DIGEST), "FIPS_rsa_verify_digest"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_CCM), "FIPS_selftest_aes_ccm"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
{ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931), "FIPS_selftest_x931"},
+{ERR_FUNC(FIPS_F_FIPS_SET_PRNG_KEY), "FIPS_SET_PRNG_KEY"},
{ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"},
{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(FIPS_F_RSA_EAY_INIT), "RSA_EAY_INIT"},
* project 2007.
*/
/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen)
{
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_DSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
+ return NULL;
+ }
return dsa->meth->dsa_do_sign(dig, dlen, dsa);
}
int FIPS_dsa_verify_digest(DSA *dsa,
const unsigned char *dig, int dlen, DSA_SIG *s)
{
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_DSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
+ return -1;
+ }
return dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
}
#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 107
#define FIPS_F_FIPS_CHECK_RSA 108
#define FIPS_F_FIPS_CHECK_RSA_PRNG 150
+#define FIPS_F_FIPS_CIPHER 160
#define FIPS_F_FIPS_CIPHERINIT 109
+#define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
+#define FIPS_F_FIPS_DIGESTFINAL 158
#define FIPS_F_FIPS_DIGESTINIT 110
+#define FIPS_F_FIPS_DIGESTUPDATE 159
#define FIPS_F_FIPS_DRBG_BYTES 111
#define FIPS_F_FIPS_DRBG_CHECK 146
#define FIPS_F_FIPS_DRBG_CPRNG_TEST 112
#define FIPS_F_FIPS_DRBG_NEW 117
#define FIPS_F_FIPS_DRBG_RESEED 118
#define FIPS_F_FIPS_DRBG_SINGLE_KAT 119
+#define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
+#define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
#define FIPS_F_FIPS_GET_ENTROPY 147
#define FIPS_F_FIPS_MODE_SET 120
#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121
#define FIPS_F_FIPS_RAND_SEED 125
#define FIPS_F_FIPS_RAND_SET_METHOD 126
#define FIPS_F_FIPS_RAND_STATUS 127
+#define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
+#define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
#define FIPS_F_FIPS_SELFTEST_AES 128
#define FIPS_F_FIPS_SELFTEST_AES_CCM 145
#define FIPS_F_FIPS_SELFTEST_AES_GCM 129
#define FIPS_F_FIPS_SELFTEST_HMAC 134
#define FIPS_F_FIPS_SELFTEST_SHA1 135
#define FIPS_F_FIPS_SELFTEST_X931 136
+#define FIPS_F_FIPS_SET_PRNG_KEY 153
#define FIPS_F_HASH_FINAL 137
#define FIPS_F_RSA_BUILTIN_KEYGEN 138
#define FIPS_F_RSA_EAY_INIT 149
static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
const unsigned char *key, unsigned int keylen)
{
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_SET_PRNG_KEY, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
if (keylen != 16 && keylen != 24 && keylen != 32)
{
/* error: invalid key size */
/* Largest DigestInfo: 19 (max encoding) + max MD */
unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_RSA_SIGN_DIGEST, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
md_type = M_EVP_MD_type(mhash);
int md_type;
int rsa_dec_pad_mode;
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_RSA_VERIFY_DIGEST, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_FIPS_RSA_VERIFY_DIGEST,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
- FIPS_selftest_check();
-
md_type = M_EVP_MD_type(mhash);
s= OPENSSL_malloc((unsigned int)siglen);
int FIPS_cipher_ctx_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
int ret;
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_CIPHER_CTX_CTRL, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
if(!ctx->cipher) {
EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
return 0;
}
- FIPS_selftest_check();
if(!ctx->cipher->ctrl) {
EVPerr(EVP_F_FIPS_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
int FIPS_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
const unsigned char *in, unsigned int inl)
{
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_CIPHER, FIPS_R_SELFTEST_FAILED);
+ return -1;
+ }
return ctx->cipher->do_cipher(ctx,out,in,inl);
}
int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count)
{
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_DIGESTUPDATE, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
return ctx->update(ctx,data,count);
}
{
int ret;
- FIPS_selftest_check();
+ if (FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_FIPS_DIGESTFINAL, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
ret=ctx->digest->final(ctx,md);
projects / openssl.git / commitdiff