From 1a58139aaae3fa6e4067fe442ad74d7f8d0c2691 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 14 Aug 2007 13:20:42 +0000 Subject: [PATCH] More function code correction. --- fips-1.0/dh/fips_dh_gen.c | 4 +-- fips-1.0/dh/fips_dh_key.c | 6 ++-- fips-1.0/dsa/fips_dsa_gen.c | 4 +-- fips-1.0/dsa/fips_dsa_key.c | 2 +- fips-1.0/dsa/fips_dsa_ossl.c | 2 +- fips-1.0/fips.c | 19 ++++-------- fips-1.0/fips.h | 47 +++++++++++++++--------------- fips-1.0/hmac/fips_hmac_selftest.c | 2 +- fips-1.0/rsa/fips_rsa_eay.c | 12 ++++---- fips-1.0/rsa/fips_rsa_gen.c | 4 +-- fips-1.0/rsa/fips_rsa_sign.c | 24 +++++++-------- fips-1.0/rsa/fips_rsa_x931g.c | 8 ++--- fips-1.0/sha/fips_sha1_selftest.c | 2 +- 13 files changed, 63 insertions(+), 73 deletions(-) diff --git a/fips-1.0/dh/fips_dh_gen.c b/fips-1.0/dh/fips_dh_gen.c index 3f852f1af9..d115f9d5d2 100644 --- a/fips-1.0/dh/fips_dh_gen.c +++ b/fips-1.0/dh/fips_dh_gen.c @@ -111,13 +111,13 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_DH_GENERATE_PARAMETERS,FIPS_R_FIPS_SELFTEST_FAILED); + FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) { - DHerr(DH_F_GENERATE_PARAMETERS, DH_R_KEY_SIZE_TOO_SMALL); + DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL); goto err; } diff --git a/fips-1.0/dh/fips_dh_key.c b/fips-1.0/dh/fips_dh_key.c index 6c590d0e98..390f6d9a11 100644 --- a/fips-1.0/dh/fips_dh_key.c +++ b/fips-1.0/dh/fips_dh_key.c @@ -169,7 +169,7 @@ static int generate_key(DH *dh) ok=1; err: if (ok != 1) - DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); + DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB); if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); @@ -203,7 +203,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (dh->priv_key == NULL) { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); + DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); goto err; } @@ -223,7 +223,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) { - DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); + DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB); goto err; } diff --git a/fips-1.0/dsa/fips_dsa_gen.c b/fips-1.0/dsa/fips_dsa_gen.c index e0a0e1c56b..c666e5b752 100644 --- a/fips-1.0/dsa/fips_dsa_gen.c +++ b/fips-1.0/dsa/fips_dsa_gen.c @@ -119,14 +119,14 @@ static int dsa_builtin_paramgen(DSA *ret, int bits, if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_DSA_GENERATE_PARAMETERS, + FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { - DSAerr(DSA_F_DSA_GENERATE_PARAMETERS, DSA_R_KEY_SIZE_TOO_SMALL); + DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL); goto err; } diff --git a/fips-1.0/dsa/fips_dsa_key.c b/fips-1.0/dsa/fips_dsa_key.c index 05c06ab67d..3798f488fb 100644 --- a/fips-1.0/dsa/fips_dsa_key.c +++ b/fips-1.0/dsa/fips_dsa_key.c @@ -80,7 +80,7 @@ int fips_check_dsa(DSA *dsa) if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_dss1(), 0, NULL)) { - FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED); + FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED); return 0; } return 1; diff --git a/fips-1.0/dsa/fips_dsa_ossl.c b/fips-1.0/dsa/fips_dsa_ossl.c index 18e14691a5..6e3747a205 100644 --- a/fips-1.0/dsa/fips_dsa_ossl.c +++ b/fips-1.0/dsa/fips_dsa_ossl.c @@ -134,7 +134,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { - DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); + DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL); return NULL; } diff --git a/fips-1.0/fips.c b/fips-1.0/fips.c index cf6489672f..7c6236d5ab 100644 --- a/fips-1.0/fips.c +++ b/fips-1.0/fips.c @@ -208,7 +208,7 @@ int FIPS_check_incore_fingerprint(void) if (FIPS_text_start()==NULL) { - FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM); + FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM); return 0; } @@ -218,11 +218,11 @@ int FIPS_check_incore_fingerprint(void) memcmp(FIPS_signature,sig,sizeof(FIPS_signature))) { if (FIPS_signature>=FIPS_rodata_start && FIPS_signaturepkey.rsa)); if (!sig) { - FIPSerr(FIPS_F_FIPS_CHECK_PK_SIG,ERR_R_MALLOC_FAILURE); + FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE); return 0; } } diff --git a/fips-1.0/fips.h b/fips-1.0/fips.h index 1ae60e39c1..394b31040a 100644 --- a/fips-1.0/fips.h +++ b/fips-1.0/fips.h @@ -103,30 +103,29 @@ void ERR_load_FIPS_strings(void); /* Error codes for the FIPS functions. */ /* Function codes. */ -#define FIPS_F_DH_GENERATE_PARAMETERS 117 -#define FIPS_F_DSA_DO_SIGN 111 -#define FIPS_F_DSA_DO_VERIFY 112 -#define FIPS_F_DSA_GENERATE_PARAMETERS 110 -#define FIPS_F_FIPS_CHECK_DSA 116 -#define FIPS_F_FIPS_CHECK_DSO 120 -#define FIPS_F_FIPS_CHECK_EXE 106 -#define FIPS_F_FIPS_CHECK_FINGERPRINT 121 -#define FIPS_F_FIPS_CHECK_PK_SIG 122 -#define FIPS_F_FIPS_CHECK_RSA 115 -#define FIPS_F_FIPS_DSA_CHECK 102 -#define FIPS_F_FIPS_MODE_SET 105 -#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 123 -#define FIPS_F_FIPS_SELFTEST_AES 104 -#define FIPS_F_FIPS_SELFTEST_DES 107 -#define FIPS_F_FIPS_SELFTEST_DSA 109 -#define FIPS_F_FIPS_SELFTEST_RNG 118 -#define FIPS_F_FIPS_SELFTEST_RSA 108 -#define FIPS_F_FIPS_SELFTEST_SHA 103 -#define FIPS_F_HASH_FINAL 100 -#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 114 -#define FIPS_F_RSA_GENERATE_KEY 113 -#define FIPS_F_RSA_X931_GENERATE_KEY 119 -#define FIPS_F_SSLEAY_RAND_BYTES 101 +#define FIPS_F_DH_BUILTIN_GENPARAMS 100 +#define FIPS_F_DSA_BUILTIN_PARAMGEN 101 +#define FIPS_F_DSA_DO_SIGN 102 +#define FIPS_F_DSA_DO_VERIFY 103 +#define FIPS_F_FIPS_CHECK_DSA 104 +#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105 +#define FIPS_F_FIPS_CHECK_RSA 106 +#define FIPS_F_FIPS_DSA_CHECK 107 +#define FIPS_F_FIPS_MODE_SET 108 +#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 +#define FIPS_F_FIPS_SELFTEST_AES 110 +#define FIPS_F_FIPS_SELFTEST_DES 111 +#define FIPS_F_FIPS_SELFTEST_DSA 112 +#define FIPS_F_FIPS_SELFTEST_HMAC 113 +#define FIPS_F_FIPS_SELFTEST_RNG 114 +#define FIPS_F_FIPS_SELFTEST_SHA1 115 +#define FIPS_F_RSA_BUILTIN_KEYGEN 116 +#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117 +#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118 +#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119 +#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120 +#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121 +#define FIPS_F_SSLEAY_RAND_BYTES 122 /* Reason codes. */ #define FIPS_R_CANNOT_READ_EXE 103 diff --git a/fips-1.0/hmac/fips_hmac_selftest.c b/fips-1.0/hmac/fips_hmac_selftest.c index fc599b75ef..a697770732 100644 --- a/fips-1.0/hmac/fips_hmac_selftest.c +++ b/fips-1.0/hmac/fips_hmac_selftest.c @@ -126,7 +126,7 @@ int FIPS_selftest_hmac() if(memcmp(out,t->kaval,outlen)) { - FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED); + FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED); return 0; } } diff --git a/fips-1.0/rsa/fips_rsa_eay.c b/fips-1.0/rsa/fips_rsa_eay.c index 69015f82a0..937a14e684 100644 --- a/fips-1.0/rsa/fips_rsa_eay.c +++ b/fips-1.0/rsa/fips_rsa_eay.c @@ -376,13 +376,13 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } @@ -519,13 +519,13 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); + FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } @@ -658,13 +658,13 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED); + FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED); goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; } diff --git a/fips-1.0/rsa/fips_rsa_gen.c b/fips-1.0/rsa/fips_rsa_gen.c index 7dab88b2d0..7ea6873419 100644 --- a/fips-1.0/rsa/fips_rsa_gen.c +++ b/fips-1.0/rsa/fips_rsa_gen.c @@ -118,13 +118,13 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED); + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } if (FIPS_mode() && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { - FIPSerr(FIPS_F_RSA_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT); + FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT); return 0; } diff --git a/fips-1.0/rsa/fips_rsa_sign.c b/fips-1.0/rsa/fips_rsa_sign.c index 6415b5b48e..2236699c00 100644 --- a/fips-1.0/rsa/fips_rsa_sign.c +++ b/fips-1.0/rsa/fips_rsa_sign.c @@ -218,7 +218,7 @@ static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y, hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx)); if (hash_id == -1) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); return 0; } tmpdinfo[m_len] = (unsigned char)hash_id; @@ -232,7 +232,7 @@ static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y, if (!der) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); return 0; } memcpy(tmpdinfo, der, dlen); @@ -255,7 +255,7 @@ static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y, saltlen = -2; if (!sbuf) { - RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); + RSAerr(RSA_F_FIPS_RSA_SIGN,ERR_R_MALLOC_FAILURE); goto psserr; } if (!RSA_padding_add_PKCS1_PSS(rsa, sbuf, md, @@ -277,7 +277,7 @@ static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y, j=RSA_size(rsa); if (i > (j-RSA_PKCS1_PADDING_SIZE)) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); goto done; } /* NB: call underlying method directly to avoid FIPS blocking */ @@ -309,7 +309,7 @@ static int fips_rsa_verify(int dtype, if (siglen != (unsigned int)RSA_size(sv->key)) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); return(0); } @@ -325,7 +325,7 @@ static int fips_rsa_verify(int dtype, s= OPENSSL_malloc((unsigned int)siglen); if (s == NULL) { - RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,ERR_R_MALLOC_FAILURE); goto err; } if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931) @@ -345,23 +345,23 @@ static int fips_rsa_verify(int dtype, int hash_id; if (i != (int)(diglen + 1)) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; } hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx)); if (hash_id == -1) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE); goto err; } if (s[diglen] != (unsigned char)hash_id) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; } if (memcmp(s, dig, diglen)) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; } ret = 1; @@ -373,7 +373,7 @@ static int fips_rsa_verify(int dtype, if (!der) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE); return(0); } @@ -388,7 +388,7 @@ static int fips_rsa_verify(int dtype, if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen) || memcmp(s + dlen, dig, diglen)) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; } ret = 1; diff --git a/fips-1.0/rsa/fips_rsa_x931g.c b/fips-1.0/rsa/fips_rsa_x931g.c index 2d0ae0bb77..d9f9a81235 100644 --- a/fips-1.0/rsa/fips_rsa_x931g.c +++ b/fips-1.0/rsa/fips_rsa_x931g.c @@ -207,21 +207,21 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) BIGNUM *Xp = NULL, *Xq = NULL; BN_CTX *ctx = NULL; - if (bits < 1024) + if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) { - FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_KEY_TOO_SHORT); + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); return 0; } if (bits & 0xff) { - FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_INVALID_KEY_LENGTH); + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH); return 0; } if(FIPS_selftest_failed()) { - FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY,FIPS_R_FIPS_SELFTEST_FAILED); + FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } diff --git a/fips-1.0/sha/fips_sha1_selftest.c b/fips-1.0/sha/fips_sha1_selftest.c index efae7470aa..ba6a29ed94 100644 --- a/fips-1.0/sha/fips_sha1_selftest.c +++ b/fips-1.0/sha/fips_sha1_selftest.c @@ -87,7 +87,7 @@ int FIPS_selftest_sha1() EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL); if(memcmp(md,ret[n],sizeof md)) { - FIPSerr(FIPS_F_FIPS_SELFTEST_SHA,FIPS_R_SELFTEST_FAILED); + FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED); return 0; } } -- 2.25.1