WARNING! Gitlab maintenance operation scheduled for Monday, 20 April between 12:00 and 14:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit ac892b7a authored Apr 14, 2011 by Dr. Stephen Henson

Initial incomplete POST overhaul: add support for POST callback to

allow status of POST to be monitored and/or failures induced.

parent 77394d7e

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,11 @@

		Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]

		*) Initial version of POST overhaul. Add POST callback to allow the status
		of POST to be monitored and/or failures induced. Modify fips_test_suite
		to use callback. Always run all selftests even if one fails.
		[Steve Henson]

		*) Provisional XTS support. Note: this does increase the maximum key
		length from 32 to 64 bytes but there should be no binary compatibility
		issues as existing applications will never use XTS mode.

crypto/dsa/dsa_key.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -85,7 +85,8 @@ static int fips_check_dsa(DSA *dsa)
		pk.type = EVP_PKEY_DSA;
		pk.pkey.dsa = dsa;

		if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
		if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,
		&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
		{
		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
		fips_set_selftest_fail();

crypto/ec/ec_key.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -250,7 +250,8 @@ static int fips_check_ec(EC_KEY *key)
		pk.type = EVP_PKEY_EC;
		pk.pkey.ec = key;

		if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
		if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,
		&pk, tbs, -1, NULL, 0, NULL, 0, NULL))
		{
		FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);
		fips_set_selftest_fail();

crypto/evp/evp.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -460,6 +460,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX ctx, const char pass, int passlen,
		#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
		#define M_EVP_MD_CTX_md(e) ((e)->digest)

		#define M_EVP_CIPHER_nid(e) ((e)->nid)
		#define M_EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len)
		#define M_EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags)
		#define M_EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)

crypto/rsa/rsa_gen.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -93,11 +93,11 @@ int fips_check_rsa(RSA *rsa)
		pk.pkey.rsa = rsa;

		/* Perform pairwise consistency signature test */
		if (!fips_pkey_signature_test(&pk, tbs, -1,
		if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, -1,
		NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)
		\|\| !fips_pkey_signature_test(&pk, tbs, -1,
		\|\| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, -1,
		NULL, 0, NULL, RSA_X931_PADDING, NULL)
		\|\| !fips_pkey_signature_test(&pk, tbs, -1,
		\|\| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, -1,
		NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))
		goto err;
		/* Now perform pairwise consistency encrypt/decrypt test */