mirror of https://github.com/wolfSSL/wolfssl.git
Merge branch 'master' into ti
commit
e30e1c40f7
|
@ -277,6 +277,9 @@ const char* CTaoCryptGetErrorString(int error)
|
|||
case RNG_FAILURE_E:
|
||||
return "Random Number Generator failed";
|
||||
|
||||
case HMAC_MIN_KEYLEN_E:
|
||||
return "FIPS Mode HMAC Minimum Key Length error";
|
||||
|
||||
default:
|
||||
return "unknown error number";
|
||||
|
||||
|
|
|
@ -131,6 +131,11 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length)
|
|||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
if (length < HMAC_FIPS_MIN_KEY)
|
||||
return HMAC_MIN_KEYLEN_E;
|
||||
#endif
|
||||
|
||||
switch (hmac->macType) {
|
||||
#ifndef NO_MD5
|
||||
case MD5:
|
||||
|
|
|
@ -1149,9 +1149,11 @@ int hmac_md5_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
|
||||
if (i == 1)
|
||||
continue; /* driver can't handle keys <= bytes */
|
||||
continue; /* cavium can't handle short keys, fips not allowed */
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
|
||||
return -20009;
|
||||
#endif
|
||||
|
@ -1224,9 +1226,11 @@ int hmac_sha_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
|
||||
if (i == 1)
|
||||
continue; /* driver can't handle keys <= bytes */
|
||||
continue; /* cavium can't handle short keys, fips not allowed */
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
|
||||
return -20010;
|
||||
#endif
|
||||
|
@ -1303,9 +1307,11 @@ int hmac_sha256_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
|
||||
if (i == 1)
|
||||
continue; /* driver can't handle keys <= bytes */
|
||||
continue; /* cavium can't handle short keys, fips not allowed */
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
|
||||
return -20011;
|
||||
#endif
|
||||
|
@ -1382,9 +1388,11 @@ int hmac_blake2b_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#ifdef HAVE_CAVIUM
|
||||
#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
|
||||
if (i == 1)
|
||||
continue; /* driver can't handle keys <= bytes */
|
||||
continue; /* cavium can't handle short keys, fips not allowed */
|
||||
#endif
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0)
|
||||
return -20011;
|
||||
#endif
|
||||
|
@ -1465,6 +1473,10 @@ int hmac_sha384_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#if defined(HAVE_FIPS)
|
||||
if (i == 1)
|
||||
continue; /* fips not allowed */
|
||||
#endif
|
||||
ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i]));
|
||||
if (ret != 0)
|
||||
return -4027;
|
||||
|
@ -1541,6 +1553,10 @@ int hmac_sha512_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#if defined(HAVE_FIPS)
|
||||
if (i == 1)
|
||||
continue; /* fips not allowed */
|
||||
#endif
|
||||
ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i]));
|
||||
if (ret != 0)
|
||||
return -4030;
|
||||
|
|
|
@ -33,7 +33,7 @@
|
|||
|
||||
/* error codes */
|
||||
enum {
|
||||
MAX_CODE_E = -100, /* errors -101 - -199 */
|
||||
MAX_CODE_E = -100, /* errors -101 - -299 */
|
||||
OPEN_RAN_E = -101, /* opening random device error */
|
||||
READ_RAN_E = -102, /* reading random device error */
|
||||
WINCRYPT_E = -103, /* windows crypt init error */
|
||||
|
@ -127,7 +127,9 @@ enum {
|
|||
|
||||
RNG_FAILURE_E = -199, /* RNG Failed, Reinitialize */
|
||||
|
||||
MIN_CODE_E = -200 /* errors -101 - -199 */
|
||||
HMAC_MIN_KEYLEN_E = -200, /* FIPS Mode HMAC Minimum Key Length error */
|
||||
|
||||
MIN_CODE_E = -300 /* errors -101 - -299 */
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -60,6 +60,8 @@
|
|||
#define CYASSL_HMAC_CAVIUM_MAGIC 0xBEEF0005
|
||||
|
||||
enum {
|
||||
HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */
|
||||
|
||||
IPAD = 0x36,
|
||||
OPAD = 0x5C,
|
||||
|
||||
|
|
|
@ -30,99 +30,99 @@
|
|||
#endif
|
||||
|
||||
enum CyaSSL_ErrorCodes {
|
||||
INPUT_CASE_ERROR = -201, /* process input state error */
|
||||
PREFIX_ERROR = -202, /* bad index to key rounds */
|
||||
MEMORY_ERROR = -203, /* out of memory */
|
||||
VERIFY_FINISHED_ERROR = -204, /* verify problem on finished */
|
||||
VERIFY_MAC_ERROR = -205, /* verify mac problem */
|
||||
PARSE_ERROR = -206, /* parse error on header */
|
||||
UNKNOWN_HANDSHAKE_TYPE = -207, /* weird handshake type */
|
||||
SOCKET_ERROR_E = -208, /* error state on socket */
|
||||
SOCKET_NODATA = -209, /* expected data, not there */
|
||||
INCOMPLETE_DATA = -210, /* don't have enough data to
|
||||
INPUT_CASE_ERROR = -301, /* process input state error */
|
||||
PREFIX_ERROR = -302, /* bad index to key rounds */
|
||||
MEMORY_ERROR = -303, /* out of memory */
|
||||
VERIFY_FINISHED_ERROR = -304, /* verify problem on finished */
|
||||
VERIFY_MAC_ERROR = -305, /* verify mac problem */
|
||||
PARSE_ERROR = -306, /* parse error on header */
|
||||
UNKNOWN_HANDSHAKE_TYPE = -307, /* weird handshake type */
|
||||
SOCKET_ERROR_E = -308, /* error state on socket */
|
||||
SOCKET_NODATA = -309, /* expected data, not there */
|
||||
INCOMPLETE_DATA = -310, /* don't have enough data to
|
||||
complete task */
|
||||
UNKNOWN_RECORD_TYPE = -211, /* unknown type in record hdr */
|
||||
DECRYPT_ERROR = -212, /* error during decryption */
|
||||
FATAL_ERROR = -213, /* recvd alert fatal error */
|
||||
ENCRYPT_ERROR = -214, /* error during encryption */
|
||||
FREAD_ERROR = -215, /* fread problem */
|
||||
NO_PEER_KEY = -216, /* need peer's key */
|
||||
NO_PRIVATE_KEY = -217, /* need the private key */
|
||||
RSA_PRIVATE_ERROR = -218, /* error during rsa priv op */
|
||||
NO_DH_PARAMS = -219, /* server missing DH params */
|
||||
BUILD_MSG_ERROR = -220, /* build message failure */
|
||||
UNKNOWN_RECORD_TYPE = -311, /* unknown type in record hdr */
|
||||
DECRYPT_ERROR = -312, /* error during decryption */
|
||||
FATAL_ERROR = -313, /* recvd alert fatal error */
|
||||
ENCRYPT_ERROR = -314, /* error during encryption */
|
||||
FREAD_ERROR = -315, /* fread problem */
|
||||
NO_PEER_KEY = -316, /* need peer's key */
|
||||
NO_PRIVATE_KEY = -317, /* need the private key */
|
||||
RSA_PRIVATE_ERROR = -318, /* error during rsa priv op */
|
||||
NO_DH_PARAMS = -319, /* server missing DH params */
|
||||
BUILD_MSG_ERROR = -320, /* build message failure */
|
||||
|
||||
BAD_HELLO = -221, /* client hello malformed */
|
||||
DOMAIN_NAME_MISMATCH = -222, /* peer subject name mismatch */
|
||||
WANT_READ = -223, /* want read, call again */
|
||||
NOT_READY_ERROR = -224, /* handshake layer not ready */
|
||||
PMS_VERSION_ERROR = -225, /* pre m secret version error */
|
||||
VERSION_ERROR = -226, /* record layer version error */
|
||||
WANT_WRITE = -227, /* want write, call again */
|
||||
BUFFER_ERROR = -228, /* malformed buffer input */
|
||||
VERIFY_CERT_ERROR = -229, /* verify cert error */
|
||||
VERIFY_SIGN_ERROR = -230, /* verify sign error */
|
||||
CLIENT_ID_ERROR = -231, /* psk client identity error */
|
||||
SERVER_HINT_ERROR = -232, /* psk server hint error */
|
||||
PSK_KEY_ERROR = -233, /* psk key error */
|
||||
ZLIB_INIT_ERROR = -234, /* zlib init error */
|
||||
ZLIB_COMPRESS_ERROR = -235, /* zlib compression error */
|
||||
ZLIB_DECOMPRESS_ERROR = -236, /* zlib decompression error */
|
||||
BAD_HELLO = -321, /* client hello malformed */
|
||||
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */
|
||||
WANT_READ = -323, /* want read, call again */
|
||||
NOT_READY_ERROR = -324, /* handshake layer not ready */
|
||||
PMS_VERSION_ERROR = -325, /* pre m secret version error */
|
||||
VERSION_ERROR = -326, /* record layer version error */
|
||||
WANT_WRITE = -327, /* want write, call again */
|
||||
BUFFER_ERROR = -328, /* malformed buffer input */
|
||||
VERIFY_CERT_ERROR = -329, /* verify cert error */
|
||||
VERIFY_SIGN_ERROR = -330, /* verify sign error */
|
||||
CLIENT_ID_ERROR = -331, /* psk client identity error */
|
||||
SERVER_HINT_ERROR = -332, /* psk server hint error */
|
||||
PSK_KEY_ERROR = -333, /* psk key error */
|
||||
ZLIB_INIT_ERROR = -334, /* zlib init error */
|
||||
ZLIB_COMPRESS_ERROR = -335, /* zlib compression error */
|
||||
ZLIB_DECOMPRESS_ERROR = -336, /* zlib decompression error */
|
||||
|
||||
GETTIME_ERROR = -237, /* gettimeofday failed ??? */
|
||||
GETITIMER_ERROR = -238, /* getitimer failed ??? */
|
||||
SIGACT_ERROR = -239, /* sigaction failed ??? */
|
||||
SETITIMER_ERROR = -240, /* setitimer failed ??? */
|
||||
LENGTH_ERROR = -241, /* record layer length error */
|
||||
PEER_KEY_ERROR = -242, /* can't decode peer key */
|
||||
ZERO_RETURN = -243, /* peer sent close notify */
|
||||
SIDE_ERROR = -244, /* wrong client/server type */
|
||||
NO_PEER_CERT = -245, /* peer didn't send key */
|
||||
NTRU_KEY_ERROR = -246, /* NTRU key error */
|
||||
NTRU_DRBG_ERROR = -247, /* NTRU drbg error */
|
||||
NTRU_ENCRYPT_ERROR = -248, /* NTRU encrypt error */
|
||||
NTRU_DECRYPT_ERROR = -249, /* NTRU decrypt error */
|
||||
ECC_CURVETYPE_ERROR = -250, /* Bad ECC Curve Type */
|
||||
ECC_CURVE_ERROR = -251, /* Bad ECC Curve */
|
||||
ECC_PEERKEY_ERROR = -252, /* Bad Peer ECC Key */
|
||||
ECC_MAKEKEY_ERROR = -253, /* Bad Make ECC Key */
|
||||
ECC_EXPORT_ERROR = -254, /* Bad ECC Export Key */
|
||||
ECC_SHARED_ERROR = -255, /* Bad ECC Shared Secret */
|
||||
NOT_CA_ERROR = -257, /* Not a CA cert error */
|
||||
BAD_PATH_ERROR = -258, /* Bad path for opendir */
|
||||
BAD_CERT_MANAGER_ERROR = -259, /* Bad Cert Manager */
|
||||
OCSP_CERT_REVOKED = -260, /* OCSP Certificate revoked */
|
||||
CRL_CERT_REVOKED = -261, /* CRL Certificate revoked */
|
||||
CRL_MISSING = -262, /* CRL Not loaded */
|
||||
MONITOR_RUNNING_E = -263, /* CRL Monitor already running */
|
||||
THREAD_CREATE_E = -264, /* Thread Create Error */
|
||||
OCSP_NEED_URL = -265, /* OCSP need an URL for lookup */
|
||||
OCSP_CERT_UNKNOWN = -266, /* OCSP responder doesn't know */
|
||||
OCSP_LOOKUP_FAIL = -267, /* OCSP lookup not successful */
|
||||
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
|
||||
COOKIE_ERROR = -269, /* dtls cookie error */
|
||||
SEQUENCE_ERROR = -270, /* dtls sequence error */
|
||||
SUITES_ERROR = -271, /* suites pointer error */
|
||||
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
|
||||
OUT_OF_ORDER_E = -273, /* out of order message */
|
||||
BAD_KEA_TYPE_E = -274, /* bad KEA type found */
|
||||
SANITY_CIPHER_E = -275, /* sanity check on cipher error */
|
||||
RECV_OVERFLOW_E = -276, /* RXCB returned more than rqed */
|
||||
GEN_COOKIE_E = -277, /* Generate Cookie Error */
|
||||
NO_PEER_VERIFY = -278, /* Need peer cert verify Error */
|
||||
FWRITE_ERROR = -279, /* fwrite problem */
|
||||
CACHE_MATCH_ERROR = -280, /* chache hdr match error */
|
||||
UNKNOWN_SNI_HOST_NAME_E = -281, /* Unrecognized host name Error */
|
||||
UNKNOWN_MAX_FRAG_LEN_E = -282, /* Unrecognized max frag len Error */
|
||||
KEYUSE_SIGNATURE_E = -283, /* KeyUse digSignature error */
|
||||
KEYUSE_ENCIPHER_E = -285, /* KeyUse keyEncipher error */
|
||||
EXTKEYUSE_AUTH_E = -286, /* ExtKeyUse server|client_auth */
|
||||
SEND_OOB_READ_E = -287, /* Send Cb out of bounds read */
|
||||
GETTIME_ERROR = -337, /* gettimeofday failed ??? */
|
||||
GETITIMER_ERROR = -338, /* getitimer failed ??? */
|
||||
SIGACT_ERROR = -339, /* sigaction failed ??? */
|
||||
SETITIMER_ERROR = -340, /* setitimer failed ??? */
|
||||
LENGTH_ERROR = -341, /* record layer length error */
|
||||
PEER_KEY_ERROR = -342, /* can't decode peer key */
|
||||
ZERO_RETURN = -343, /* peer sent close notify */
|
||||
SIDE_ERROR = -344, /* wrong client/server type */
|
||||
NO_PEER_CERT = -345, /* peer didn't send key */
|
||||
NTRU_KEY_ERROR = -346, /* NTRU key error */
|
||||
NTRU_DRBG_ERROR = -347, /* NTRU drbg error */
|
||||
NTRU_ENCRYPT_ERROR = -348, /* NTRU encrypt error */
|
||||
NTRU_DECRYPT_ERROR = -349, /* NTRU decrypt error */
|
||||
ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */
|
||||
ECC_CURVE_ERROR = -351, /* Bad ECC Curve */
|
||||
ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */
|
||||
ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */
|
||||
ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */
|
||||
ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */
|
||||
NOT_CA_ERROR = -357, /* Not a CA cert error */
|
||||
BAD_PATH_ERROR = -358, /* Bad path for opendir */
|
||||
BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */
|
||||
OCSP_CERT_REVOKED = -360, /* OCSP Certificate revoked */
|
||||
CRL_CERT_REVOKED = -361, /* CRL Certificate revoked */
|
||||
CRL_MISSING = -362, /* CRL Not loaded */
|
||||
MONITOR_RUNNING_E = -363, /* CRL Monitor already running */
|
||||
THREAD_CREATE_E = -364, /* Thread Create Error */
|
||||
OCSP_NEED_URL = -365, /* OCSP need an URL for lookup */
|
||||
OCSP_CERT_UNKNOWN = -366, /* OCSP responder doesn't know */
|
||||
OCSP_LOOKUP_FAIL = -367, /* OCSP lookup not successful */
|
||||
MAX_CHAIN_ERROR = -368, /* max chain depth exceeded */
|
||||
COOKIE_ERROR = -369, /* dtls cookie error */
|
||||
SEQUENCE_ERROR = -370, /* dtls sequence error */
|
||||
SUITES_ERROR = -371, /* suites pointer error */
|
||||
SSL_NO_PEM_HEADER = -372, /* no PEM header found */
|
||||
OUT_OF_ORDER_E = -373, /* out of order message */
|
||||
BAD_KEA_TYPE_E = -374, /* bad KEA type found */
|
||||
SANITY_CIPHER_E = -375, /* sanity check on cipher error */
|
||||
RECV_OVERFLOW_E = -376, /* RXCB returned more than rqed */
|
||||
GEN_COOKIE_E = -377, /* Generate Cookie Error */
|
||||
NO_PEER_VERIFY = -378, /* Need peer cert verify Error */
|
||||
FWRITE_ERROR = -379, /* fwrite problem */
|
||||
CACHE_MATCH_ERROR = -380, /* chache hdr match error */
|
||||
UNKNOWN_SNI_HOST_NAME_E = -381, /* Unrecognized host name Error */
|
||||
UNKNOWN_MAX_FRAG_LEN_E = -382, /* Unrecognized max frag len Error */
|
||||
KEYUSE_SIGNATURE_E = -383, /* KeyUse digSignature error */
|
||||
KEYUSE_ENCIPHER_E = -385, /* KeyUse keyEncipher error */
|
||||
EXTKEYUSE_AUTH_E = -386, /* ExtKeyUse server|client_auth */
|
||||
SEND_OOB_READ_E = -387, /* Send Cb out of bounds read */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
UNSUPPORTED_SUITE = -290, /* unsupported cipher suite */
|
||||
MATCH_SUITE_ERROR = -291 /* can't match cipher suite */
|
||||
UNSUPPORTED_SUITE = -390, /* unsupported cipher suite */
|
||||
MATCH_SUITE_ERROR = -391 /* can't match cipher suite */
|
||||
/* end negotiation parameter errors only 10 for now */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
};
|
||||
|
|
16
tests/hash.c
16
tests/hash.c
|
@ -608,6 +608,10 @@ int hmac_md5_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#if defined(HAVE_FIPS)
|
||||
if (i == 1)
|
||||
continue; /* fips not allowed */
|
||||
#endif
|
||||
ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i]));
|
||||
if (ret != 0)
|
||||
return -4014;
|
||||
|
@ -674,6 +678,10 @@ int hmac_sha_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#if defined(HAVE_FIPS)
|
||||
if (i == 1)
|
||||
continue; /* fips not allowed */
|
||||
#endif
|
||||
ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i]));
|
||||
if (ret != 0)
|
||||
return -4017;
|
||||
|
@ -743,6 +751,10 @@ int hmac_sha256_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#if defined(HAVE_FIPS)
|
||||
if (i == 1)
|
||||
continue; /* fips not allowed */
|
||||
#endif
|
||||
ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i]));
|
||||
if (ret != 0)
|
||||
return -4020;
|
||||
|
@ -816,6 +828,10 @@ int hmac_sha384_test(void)
|
|||
test_hmac[2] = c;
|
||||
|
||||
for (i = 0; i < times; ++i) {
|
||||
#if defined(HAVE_FIPS)
|
||||
if (i == 1)
|
||||
continue; /* fips not allowed */
|
||||
#endif
|
||||
ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i]));
|
||||
if (ret != 0)
|
||||
return -4023;
|
||||
|
|
Loading…
Reference in New Issue