Add ERR_raise() errors to fips OSSL_provider_init and self tests.

As the ERR_raise() is setup at this point returng a range of negative values for errors is not required. This will need to be revisited if the code ever moves to running from the DEP. Added a -config option to the fips install so that it can test if a fips module is loadable from configuration. (The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file). Added more failure tests for the raised errors. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12346)
author: Shane Lontis <shane.lontis@oracle.com> 2020-07-21 16:30:02 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2020-07-21 16:30:02 +1000
commit: 9f7bdcf37f9541f7a1e4dc62ebdf97e8d8ccd307 (patch)
tree: 5e68472ae3a8d05c6294c1169b513c0434329a57 /providers/common
parent: 823a113574451ea2e050bee7ce35861948ad55ca (diff)
2 files changed, 20 insertions, 0 deletions
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h
index c21537fd4f..f5fd37d9cc 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/providers/common/include/prov/providercommonerr.h
@@ -78,8 +78,10 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_GENERATE_ERROR                            191
 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE       165
 # define PROV_R_INAVLID_UKM_LENGTH                        146
+# define PROV_R_INDICATOR_INTEGRITY_FAILURE               210
 # define PROV_R_INSUFFICIENT_DRBG_STRENGTH                181
 # define PROV_R_INVALID_AAD                               108
+# define PROV_R_INVALID_CONFIG_DATA                       211
 # define PROV_R_INVALID_CONSTANT_LENGTH                   157
 # define PROV_R_INVALID_CURVE                             176
 # define PROV_R_INVALID_CUSTOM_LENGTH                     111
@@ -102,6 +104,7 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_INVALID_SALT_LENGTH                       112
 # define PROV_R_INVALID_SEED_LENGTH                       154
 # define PROV_R_INVALID_SIGNATURE_SIZE                    179
+# define PROV_R_INVALID_STATE                             212
 # define PROV_R_INVALID_TAG                               110
 # define PROV_R_INVALID_TAGLEN                            118
 # define PROV_R_INVALID_X931_DIGEST                       170
@@ -109,6 +112,7 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_KEY_SIZE_TOO_SMALL                        171
 # define PROV_R_MISSING_CEK_ALG                           144
 # define PROV_R_MISSING_CIPHER                            155
+# define PROV_R_MISSING_CONFIG_DATA                       213
 # define PROV_R_MISSING_CONSTANT                          156
 # define PROV_R_MISSING_KEY                               128
 # define PROV_R_MISSING_MAC                               150
@@ -121,6 +125,7 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_MISSING_SESSION_ID                        133
 # define PROV_R_MISSING_TYPE                              134
 # define PROV_R_MISSING_XCGHASH                           135
+# define PROV_R_MODULE_INTEGRITY_FAILURE                  214
 # define PROV_R_NOT_INSTANTIATED                          193
 # define PROV_R_NOT_SUPPORTED                             136
 # define PROV_R_NOT_XOF_OR_INVALID_LENGTH                 113
@@ -136,6 +141,8 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_REQUEST_TOO_LARGE_FOR_DRBG                196
 # define PROV_R_REQUIRE_CTR_MODE_CIPHER                   206
 # define PROV_R_RESEED_ERROR                              197
+# define PROV_R_SELF_TEST_KAT_FAILURE                     215
+# define PROV_R_SELF_TEST_POST_FAILURE                    216
 # define PROV_R_TAG_NOTSET                                119
 # define PROV_R_TAG_NOT_NEEDED                            120
 # define PROV_R_UNABLE_TO_FIND_CIPHERS                    207
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 7a0e0c595d..7a5c41bfda 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -63,9 +63,13 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "illegal or unsupported padding mode"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INAVLID_UKM_LENGTH),
     "inavlid ukm length"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INDICATOR_INTEGRITY_FAILURE),
+    "indicator integrity failure"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INSUFFICIENT_DRBG_STRENGTH),
     "insufficient drbg strength"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONFIG_DATA),
+    "invalid config data"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CONSTANT_LENGTH),
     "invalid constant length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CURVE), "invalid curve"},
@@ -98,6 +102,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "invalid seed length"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SIGNATURE_SIZE),
     "invalid signature size"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST),
@@ -107,6 +112,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "key size too small"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CIPHER), "missing cipher"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONFIG_DATA),
+    "missing config data"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONSTANT), "missing constant"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_KEY), "missing key"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_MAC), "missing mac"},
@@ -121,6 +128,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "missing session id"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_TYPE), "missing type"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_XCGHASH), "missing xcghash"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MODULE_INTEGRITY_FAILURE),
+    "module integrity failure"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_INSTANTIATED), "not instantiated"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_SUPPORTED), "not supported"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH),
@@ -145,6 +154,10 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_REQUIRE_CTR_MODE_CIPHER),
     "require ctr mode cipher"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_RESEED_ERROR), "reseed error"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_KAT_FAILURE),
+    "self test kat failure"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_SELF_TEST_POST_FAILURE),
+    "self test post failure"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOTSET), "tag notset"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_FIND_CIPHERS),
author	Shane Lontis <shane.lontis@oracle.com>	2020-07-21 16:30:02 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2020-07-21 16:30:02 +1000
commit	9f7bdcf37f9541f7a1e4dc62ebdf97e8d8ccd307 (patch)
tree	5e68472ae3a8d05c6294c1169b513c0434329a57 /providers/common
parent	823a113574451ea2e050bee7ce35861948ad55ca (diff)