Commit 5e4eb995 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

add authentication parameter to FIPS_module_mode_set

parent 227a822a

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -4,6 +4,9 @@ 


 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]



  *) Add authorisation parameter to FIPS_module_mode_set().

     [Steve Henson]



  *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.

     [Steve Henson]

Configure

+19 −0
Original line number Diff line number Diff line
@@ -1169,6 +1169,10 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") 
  or $perl="perl";

my $make = $ENV{'MAKE'} || "make";



my $fips_auth_key = $ENV{'FIPS_AUTH_KEY'};

my $fips_auth_officer = $ENV{'FIPS_AUTH_OFFICER'};

my $fips_auth_user = $ENV{'FIPS_AUTH_USER'};



$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";



chop $openssldir if $openssldir =~ /\/$/;
@@ -1621,6 +1625,21 @@ if ($strict_warnings) 
		}

	}



if ($fipscanisterinternal eq "y")

	{

	open(IN,"<fips/fips_auth.in") || die "can't open fips_auth.in";

	open(OUT,">fips/fips_auth.h") || die "can't open fips_auth.h";

	while(<IN>)

		{

		s/FIPS_AUTH_KEY.*$/FIPS_AUTH_KEY $fips_auth_key/ if defined $fips_auth_key;

		s/FIPS_AUTH_CRYPTO_OFFICER.*$/FIPS_AUTH_CRYPTO_OFFICER $fips_auth_officer/ if defined $fips_auth_officer;

		s/FIPS_AUTH_CRYPTO_USER.*$/FIPS_AUTH_CRYPTO_USER $fips_auth_user/ if defined $fips_auth_user;

		print OUT $_;

		}

	close IN;

	close OUT;

	}



my $mforg = $fipscanisteronly ? "Makefile.fips" : "Makefile.org";



open(IN,"<$mforg") || die "unable to read $mforg:$!\n";

crypto/fips_err.h

+2 −1
Original line number Diff line number Diff line
@@ -93,7 +93,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= 
{ERR_FUNC(FIPS_F_FIPS_DRBG_CHECK),	"FIPS_DRBG_CHECK"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_CPRNG_TEST),	"FIPS_DRBG_CPRNG_TEST"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE),	"FIPS_drbg_generate"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK),	"FIPS_DRBG_HEALTH_CHECK"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK),	"FIPS_drbg_health_check"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_INIT),	"FIPS_drbg_init"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE),	"FIPS_drbg_instantiate"},

{ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),	"FIPS_drbg_new"},
@@ -140,6 +140,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]= 
{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),"additional input error undetected"},

{ERR_REASON(FIPS_R_ADDITIONAL_INPUT_TOO_LONG),"additional input too long"},

{ERR_REASON(FIPS_R_ALREADY_INSTANTIATED) ,"already instantiated"},

{ERR_REASON(FIPS_R_AUTHENTICATION_FAILURE),"authentication failure"},

{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},

{ERR_REASON(FIPS_R_DRBG_STUCK)           ,"drbg stuck"},

{ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"},

fips/.cvsignore

+1 −0
Original line number Diff line number Diff line
@@ -4,5 +4,6 @@ fips_test_suite 
fips_premain_dso

fips_standalone_sha1

fipscanister.o.sha1

fips_auth.h

*.flc

semantic.cache

fips/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -50,7 +50,7 @@ FIPS_OBJ_LISTS=sha/lib hmac/lib rand/lib des/lib aes/lib dsa/lib rsa/lib \ 
SRC= $(LIBSRC)



EXHEADER=fips.h fipssyms.h

HEADER=$(EXHEADER) fips_utl.h fips_locl.h

HEADER=$(EXHEADER) fips_utl.h fips_locl.h fips_auth.h

EXE=fipsld fips_standalone_sha1



ALL=    $(GENERAL) $(SRC) $(HEADER)