Commit ac892b7a authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Initial incomplete POST overhaul: add support for POST callback to 

allow status of POST to be monitored and/or failures induced.
parent 77394d7e

CHANGES

+5 −0
Original line number Diff line number Diff line
@@ -4,6 +4,11 @@ 


 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]



  *) Initial version of POST overhaul. Add POST callback to allow the status

     of POST to be monitored and/or failures induced. Modify fips_test_suite

     to use callback. Always run all selftests even if one fails.

     [Steve Henson]



  *) Provisional XTS support. Note: this does increase the maximum key

     length from 32 to 64 bytes but there should be no binary compatibility

     issues as existing applications will never use XTS mode.

crypto/dsa/dsa_key.c

+2 −1
Original line number Diff line number Diff line
@@ -85,7 +85,8 @@ static int fips_check_dsa(DSA *dsa) 
    	pk.type = EVP_PKEY_DSA;

    	pk.pkey.dsa = dsa;



	if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))

	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,

					&pk, tbs, -1, NULL, 0, NULL, 0, NULL))

		{

		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);

		fips_set_selftest_fail();

crypto/ec/ec_key.c

+2 −1
Original line number Diff line number Diff line
@@ -250,7 +250,8 @@ static int fips_check_ec(EC_KEY *key) 
    	pk.type = EVP_PKEY_EC;

    	pk.pkey.ec = key;



	if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, NULL, 0, NULL))

	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,

					&pk, tbs, -1, NULL, 0, NULL, 0, NULL))

		{

		FIPSerr(FIPS_F_FIPS_CHECK_EC,FIPS_R_PAIRWISE_TEST_FAILED);

		fips_set_selftest_fail();

crypto/evp/evp.h

+1 −0
Original line number Diff line number Diff line
@@ -460,6 +460,7 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 
#define M_EVP_MD_CTX_type(e)		M_EVP_MD_type(M_EVP_MD_CTX_md(e))

#define M_EVP_MD_CTX_md(e)			((e)->digest)



#define M_EVP_CIPHER_nid(e)		((e)->nid)

#define M_EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)

#define M_EVP_CIPHER_CTX_flags(e)	((e)->cipher->flags)

#define M_EVP_CIPHER_CTX_block_size(e)	((e)->cipher->block_size)

crypto/rsa/rsa_gen.c

+3 −3
Original line number Diff line number Diff line
@@ -93,11 +93,11 @@ int fips_check_rsa(RSA *rsa) 
    	pk.pkey.rsa = rsa;



	/* Perform pairwise consistency signature test */

	if (!fips_pkey_signature_test(&pk, tbs, -1,

	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, -1,

			NULL, 0, NULL, RSA_PKCS1_PADDING, NULL)

		|| !fips_pkey_signature_test(&pk, tbs, -1,

		|| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, -1,

			NULL, 0, NULL, RSA_X931_PADDING, NULL)

		|| !fips_pkey_signature_test(&pk, tbs, -1,

		|| !fips_pkey_signature_test(FIPS_TEST_PAIRWISE, &pk, tbs, -1,

			NULL, 0, NULL, RSA_PKCS1_PSS_PADDING, NULL))

		goto err;

	/* Now perform pairwise consistency encrypt/decrypt test */