diff options
author | Pauli <paul.dale@oracle.com> | 2020-09-10 07:08:57 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-09-12 16:46:51 +1000 |
commit | 5736923f12af58fea158c86291307c41c9f2c859 (patch) | |
tree | 4dc1a82976e0f0bbb5572989e1eb79aba21cf9bd /providers/common | |
parent | f99d3eedf7c3e1e2b10aad911f469f1fc783a395 (diff) |
FIPS: error mode is set from failed self tests and produced a limited number of errors when algorithm accesses are attempted
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/include/prov/providercommon.h | 4 | ||||
-rw-r--r-- | providers/common/include/prov/providercommonerr.h | 2 | ||||
-rw-r--r-- | providers/common/provider_err.c | 4 |
3 files changed, 10 insertions, 0 deletions
diff --git a/providers/common/include/prov/providercommon.h b/providers/common/include/prov/providercommon.h index f6d27dabab..280d2d2072 100644 --- a/providers/common/include/prov/providercommon.h +++ b/providers/common/include/prov/providercommon.h @@ -19,4 +19,8 @@ int cipher_capable_aes_cbc_hmac_sha256(void); OSSL_FUNC_provider_get_capabilities_fn provider_get_capabilities; +/* Set the error state if this is a FIPS module */ +void ossl_set_error_state(void); + +/* Return true if the module is in a usable condition */ int ossl_prov_is_running(void); diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index 68bcfb4828..d4d3c7e8e8 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -75,6 +75,8 @@ int ERR_load_PROV_strings(void); # define PROV_R_FAILED_TO_GET_PARAMETER 103 # define PROV_R_FAILED_TO_SET_PARAMETER 104 # define PROV_R_FAILED_TO_SIGN 175 +# define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 +# define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 # define PROV_R_GENERATE_ERROR 191 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 # define PROV_R_INAVLID_UKM_LENGTH 146 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 75f24f88d7..329bb279eb 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -58,6 +58,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), "failed to set parameter"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SIGN), "failed to sign"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE), + "fips module entering error state"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FIPS_MODULE_IN_ERROR_STATE), + "fips module in error state"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_GENERATE_ERROR), "generate error"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"}, |