Loading CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) Extensive self tests and health checking required by SP800-90 DRBG. Remove strength parameter from FIPS_drbg_instantiate and always instantiate at maximum supported strength. [Steve Henson] *) Add SRP support. [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] Loading crypto/fips_err.h +10 −0 Original line number Diff line number Diff line Loading @@ -84,6 +84,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, {ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK), "FIPS_DRBG_HEALTH_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, Loading Loading @@ -117,6 +118,8 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"}, {ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"}, {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"}, {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"}, {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"}, {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY),"error retrieving entropy"}, Loading @@ -127,7 +130,9 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"}, {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"}, {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"}, {ERR_REASON(FIPS_R_FUNCTION_ERROR) ,"function error"}, {ERR_REASON(FIPS_R_GENERATE_ERROR) ,"generate error"}, {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),"generate error undetected"}, {ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"}, {ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),"insufficient security strength"}, {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, Loading @@ -136,13 +141,18 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(FIPS_R_NOT_INSTANTIATED) ,"not instantiated"}, {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"}, {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"}, {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"}, {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"}, {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"}, {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"}, {ERR_REASON(FIPS_R_RESEED_ERROR) ,"reseed error"}, {ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa decrypt error"}, {ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa encrypt error"}, {ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"}, {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"}, {ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"}, {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"}, {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"}, {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"}, {0,NULL} Loading fips/ecdh/fips_ecdhvs.c +1 −1 Original line number Diff line number Diff line Loading @@ -279,7 +279,7 @@ int main(int argc,char **argv) int argn = argc - 1; FILE *in, *out; char buf[2048], lbuf[2048]; unsigned char *rhash; unsigned char *rhash = NULL; long rhashlen; BIGNUM *cx = NULL, *cy = NULL; BIGNUM *id = NULL, *ix = NULL, *iy = NULL; Loading fips/ecdsa/fips_ecdsavs.c +1 −1 Original line number Diff line number Diff line Loading @@ -460,7 +460,7 @@ static int SigVer(FILE *in, FILE *out) int main(int argc, char **argv) { FILE *in, *out; FILE *in = NULL, *out = NULL; const char *cmd = argv[1]; int rv = 0; fips_set_error_print(); Loading fips/fips.h +10 −0 Original line number Diff line number Diff line Loading @@ -194,6 +194,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_CIPHERINIT 128 #define FIPS_F_FIPS_DIGESTINIT 127 #define FIPS_F_FIPS_DRBG_GENERATE 132 #define FIPS_F_FIPS_DRBG_HEALTH_CHECK 137 #define FIPS_F_FIPS_DRBG_INIT 136 #define FIPS_F_FIPS_DRBG_INSTANTIATE 133 #define FIPS_F_FIPS_DRBG_NEW 134 Loading Loading @@ -224,6 +225,8 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_CANNOT_READ_EXE 103 #define FIPS_R_CANNOT_READ_EXE_DIGEST 104 #define FIPS_R_CONTRADICTING_EVIDENCE 114 #define FIPS_R_ENTROPY_ERROR_UNDETECTED 133 #define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 134 #define FIPS_R_ERROR_INITIALISING_DRBG 120 #define FIPS_R_ERROR_INSTANTIATING_DRBG 121 #define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 Loading @@ -234,7 +237,9 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 #define FIPS_R_FIPS_MODE_ALREADY_SET 102 #define FIPS_R_FIPS_SELFTEST_FAILED 106 #define FIPS_R_FUNCTION_ERROR 135 #define FIPS_R_GENERATE_ERROR 124 #define FIPS_R_GENERATE_ERROR_UNDETECTED 136 #define FIPS_R_INSTANTIATE_ERROR 125 #define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 132 #define FIPS_R_INVALID_KEY_LENGTH 109 Loading @@ -243,13 +248,18 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_NON_FIPS_METHOD 100 #define FIPS_R_NOT_INSTANTIATED 127 #define FIPS_R_PAIRWISE_TEST_FAILED 107 #define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 137 #define FIPS_R_PERSONALISATION_STRING_TOO_LONG 128 #define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 138 #define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 129 #define FIPS_R_RESEED_COUNTER_ERROR 139 #define FIPS_R_RESEED_ERROR 130 #define FIPS_R_RSA_DECRYPT_ERROR 115 #define FIPS_R_RSA_ENCRYPT_ERROR 116 #define FIPS_R_SELFTEST_FAILED 101 #define FIPS_R_STRENGTH_ERROR_UNDETECTED 140 #define FIPS_R_TEST_FAILURE 117 #define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 141 #define FIPS_R_UNSUPPORTED_DRBG_TYPE 131 #define FIPS_R_UNSUPPORTED_PLATFORM 113 Loading Loading
CHANGES +5 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,11 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) Extensive self tests and health checking required by SP800-90 DRBG. Remove strength parameter from FIPS_drbg_instantiate and always instantiate at maximum supported strength. [Steve Henson] *) Add SRP support. [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] Loading
crypto/fips_err.h +10 −0 Original line number Diff line number Diff line Loading @@ -84,6 +84,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, {ERR_FUNC(FIPS_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_GENERATE), "FIPS_drbg_generate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_HEALTH_CHECK), "FIPS_DRBG_HEALTH_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_INIT), "FIPS_drbg_init"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, Loading Loading @@ -117,6 +118,8 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"}, {ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"}, {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"}, {ERR_REASON(FIPS_R_ENTROPY_ERROR_UNDETECTED),"entropy error undetected"}, {ERR_REASON(FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),"entropy not requested for reseed"}, {ERR_REASON(FIPS_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(FIPS_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(FIPS_R_ERROR_RETRIEVING_ENTROPY),"error retrieving entropy"}, Loading @@ -127,7 +130,9 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"}, {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"}, {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"}, {ERR_REASON(FIPS_R_FUNCTION_ERROR) ,"function error"}, {ERR_REASON(FIPS_R_GENERATE_ERROR) ,"generate error"}, {ERR_REASON(FIPS_R_GENERATE_ERROR_UNDETECTED),"generate error undetected"}, {ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"}, {ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),"insufficient security strength"}, {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, Loading @@ -136,13 +141,18 @@ static ERR_STRING_DATA FIPS_str_reasons[]= {ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"}, {ERR_REASON(FIPS_R_NOT_INSTANTIATED) ,"not instantiated"}, {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"}, {ERR_REASON(FIPS_R_PERSONALISATION_ERROR_UNDETECTED),"personalisation error undetected"}, {ERR_REASON(FIPS_R_PERSONALISATION_STRING_TOO_LONG),"personalisation string too long"}, {ERR_REASON(FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),"request length error undetected"}, {ERR_REASON(FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),"request too large for drbg"}, {ERR_REASON(FIPS_R_RESEED_COUNTER_ERROR) ,"reseed counter error"}, {ERR_REASON(FIPS_R_RESEED_ERROR) ,"reseed error"}, {ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa decrypt error"}, {ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa encrypt error"}, {ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"}, {ERR_REASON(FIPS_R_STRENGTH_ERROR_UNDETECTED),"strength error undetected"}, {ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"}, {ERR_REASON(FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),"uninstantiate zeroise error"}, {ERR_REASON(FIPS_R_UNSUPPORTED_DRBG_TYPE),"unsupported drbg type"}, {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"}, {0,NULL} Loading
fips/ecdh/fips_ecdhvs.c +1 −1 Original line number Diff line number Diff line Loading @@ -279,7 +279,7 @@ int main(int argc,char **argv) int argn = argc - 1; FILE *in, *out; char buf[2048], lbuf[2048]; unsigned char *rhash; unsigned char *rhash = NULL; long rhashlen; BIGNUM *cx = NULL, *cy = NULL; BIGNUM *id = NULL, *ix = NULL, *iy = NULL; Loading
fips/ecdsa/fips_ecdsavs.c +1 −1 Original line number Diff line number Diff line Loading @@ -460,7 +460,7 @@ static int SigVer(FILE *in, FILE *out) int main(int argc, char **argv) { FILE *in, *out; FILE *in = NULL, *out = NULL; const char *cmd = argv[1]; int rv = 0; fips_set_error_print(); Loading
fips/fips.h +10 −0 Original line number Diff line number Diff line Loading @@ -194,6 +194,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_CIPHERINIT 128 #define FIPS_F_FIPS_DIGESTINIT 127 #define FIPS_F_FIPS_DRBG_GENERATE 132 #define FIPS_F_FIPS_DRBG_HEALTH_CHECK 137 #define FIPS_F_FIPS_DRBG_INIT 136 #define FIPS_F_FIPS_DRBG_INSTANTIATE 133 #define FIPS_F_FIPS_DRBG_NEW 134 Loading Loading @@ -224,6 +225,8 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_CANNOT_READ_EXE 103 #define FIPS_R_CANNOT_READ_EXE_DIGEST 104 #define FIPS_R_CONTRADICTING_EVIDENCE 114 #define FIPS_R_ENTROPY_ERROR_UNDETECTED 133 #define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 134 #define FIPS_R_ERROR_INITIALISING_DRBG 120 #define FIPS_R_ERROR_INSTANTIATING_DRBG 121 #define FIPS_R_ERROR_RETRIEVING_ENTROPY 122 Loading @@ -234,7 +237,9 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112 #define FIPS_R_FIPS_MODE_ALREADY_SET 102 #define FIPS_R_FIPS_SELFTEST_FAILED 106 #define FIPS_R_FUNCTION_ERROR 135 #define FIPS_R_GENERATE_ERROR 124 #define FIPS_R_GENERATE_ERROR_UNDETECTED 136 #define FIPS_R_INSTANTIATE_ERROR 125 #define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 132 #define FIPS_R_INVALID_KEY_LENGTH 109 Loading @@ -243,13 +248,18 @@ void ERR_load_FIPS_strings(void); #define FIPS_R_NON_FIPS_METHOD 100 #define FIPS_R_NOT_INSTANTIATED 127 #define FIPS_R_PAIRWISE_TEST_FAILED 107 #define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 137 #define FIPS_R_PERSONALISATION_STRING_TOO_LONG 128 #define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 138 #define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 129 #define FIPS_R_RESEED_COUNTER_ERROR 139 #define FIPS_R_RESEED_ERROR 130 #define FIPS_R_RSA_DECRYPT_ERROR 115 #define FIPS_R_RSA_ENCRYPT_ERROR 116 #define FIPS_R_SELFTEST_FAILED 101 #define FIPS_R_STRENGTH_ERROR_UNDETECTED 140 #define FIPS_R_TEST_FAILURE 117 #define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 141 #define FIPS_R_UNSUPPORTED_DRBG_TYPE 131 #define FIPS_R_UNSUPPORTED_PLATFORM 113 Loading
