/usr/include/openssl/fips.h is in libssl-dev 1.0.2g-1ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 | /* ====================================================================
* Copyright (c) 2003 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#include <stdarg.h>
#ifndef OPENSSL_FIPS
# error FIPS is disabled.
#endif
#ifdef OPENSSL_FIPS
# ifdef __cplusplus
extern "C" {
# endif
struct dsa_st;
struct rsa_st;
struct evp_pkey_st;
struct env_md_st;
struct env_md_ctx_st;
struct evp_cipher_st;
struct evp_cipher_ctx_st;
struct dh_method;
struct CMAC_CTX_st;
struct hmac_ctx_st;
int FIPS_module_mode_set(int onoff, const char *auth);
int FIPS_module_mode(void);
int FIPS_module_installed(void);
const void *FIPS_rand_check(void);
int FIPS_selftest(void);
int FIPS_selftest_failed(void);
void FIPS_corrupt_sha1(void);
int FIPS_selftest_sha1(void);
int FIPS_selftest_sha2(void);
void FIPS_corrupt_aes(void);
int FIPS_selftest_aes_ccm(void);
int FIPS_selftest_aes_gcm(void);
int FIPS_selftest_aes_xts(void);
int FIPS_selftest_aes(void);
void FIPS_corrupt_des(void);
int FIPS_selftest_des(void);
void FIPS_corrupt_rsa(void);
void FIPS_corrupt_rsa_keygen(void);
int FIPS_selftest_rsa(void);
void FIPS_corrupt_dsa(void);
int FIPS_selftest_dsa(void);
int FIPS_selftest_ecdsa(void);
int FIPS_selftest_ecdh(void);
int FIPS_selftest_dh(void);
void FIPS_corrupt_rng(void);
void FIPS_rng_stick(void);
void FIPS_x931_stick(int onoff);
void FIPS_drbg_stick(int onoff);
int FIPS_selftest_rng(void);
int FIPS_selftest_x931(void);
int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_drbg_all(void);
int FIPS_selftest_cmac(void);
void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr);
int fips_check_rsa(struct rsa_st *rsa);
int fips_check_dsa_prng(struct dsa_st *dsa, size_t L, size_t N);
# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
int fips_pkey_signature_test(struct evp_pkey_st *pkey,
const unsigned char *tbs, int tbslen,
const unsigned char *kat,
unsigned int katlen,
const struct env_md_st *digest,
unsigned int md_flags, const char *fail_str);
int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
const struct evp_cipher_st *cipher,
const unsigned char *key,
const unsigned char *iv,
const unsigned char *plaintext,
const unsigned char *ciphertext, int len);
void fips_set_selftest_fail(void);
const struct env_md_st *FIPS_get_digestbynid(int nid);
const struct evp_cipher_st *FIPS_get_cipherbynid(int nid);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_FIPS_strings(void);
/* Error codes for the FIPS functions. */
/* Function codes. */
# define FIPS_F_DH_BUILTIN_GENPARAMS 100
# define FIPS_F_DH_INIT 148
# define FIPS_F_DRBG_RESEED 162
# define FIPS_F_DSA_BUILTIN_PARAMGEN 101
# define FIPS_F_DSA_BUILTIN_PARAMGEN2 102
# define FIPS_F_DSA_DO_SIGN 103
# define FIPS_F_DSA_DO_VERIFY 104
# define FIPS_F_ECDH_COMPUTE_KEY 163
# define FIPS_F_ECDSA_DO_SIGN 164
# define FIPS_F_ECDSA_DO_VERIFY 165
# define FIPS_F_EC_KEY_GENERATE_KEY 166
# define FIPS_F_FIPS_CHECK_DSA 105
# define FIPS_F_FIPS_CHECK_DSA_PRNG 151
# define FIPS_F_FIPS_CHECK_EC 106
# define FIPS_F_FIPS_CHECK_EC_PRNG 152
# define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 107
# define FIPS_F_FIPS_CHECK_RSA 108
# define FIPS_F_FIPS_CHECK_RSA_PRNG 150
# define FIPS_F_FIPS_CIPHER 160
# define FIPS_F_FIPS_CIPHERINIT 109
# define FIPS_F_FIPS_CIPHER_CTX_CTRL 161
# define FIPS_F_FIPS_DIGESTFINAL 158
# define FIPS_F_FIPS_DIGESTINIT 110
# define FIPS_F_FIPS_DIGESTUPDATE 159
# define FIPS_F_FIPS_DRBG_BYTES 111
# define FIPS_F_FIPS_DRBG_CHECK 146
# define FIPS_F_FIPS_DRBG_CPRNG_TEST 112
# define FIPS_F_FIPS_DRBG_ERROR_CHECK 114
# define FIPS_F_FIPS_DRBG_GENERATE 113
# define FIPS_F_FIPS_DRBG_INIT 115
# define FIPS_F_FIPS_DRBG_INSTANTIATE 116
# define FIPS_F_FIPS_DRBG_NEW 117
# define FIPS_F_FIPS_DRBG_RESEED 118
# define FIPS_F_FIPS_DRBG_SINGLE_KAT 119
# define FIPS_F_FIPS_DSA_SIGN_DIGEST 154
# define FIPS_F_FIPS_DSA_VERIFY_DIGEST 155
# define FIPS_F_FIPS_GET_ENTROPY 147
# define FIPS_F_FIPS_MODULE_MODE_SET 120
# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121
# define FIPS_F_FIPS_RAND_ADD 122
# define FIPS_F_FIPS_RAND_BYTES 123
# define FIPS_F_FIPS_RAND_PSEUDO_BYTES 124
# define FIPS_F_FIPS_RAND_SEED 125
# define FIPS_F_FIPS_RAND_SET_METHOD 126
# define FIPS_F_FIPS_RAND_STATUS 127
# define FIPS_F_FIPS_RSA_SIGN_DIGEST 156
# define FIPS_F_FIPS_RSA_VERIFY_DIGEST 157
# define FIPS_F_FIPS_SELFTEST_AES 128
# define FIPS_F_FIPS_SELFTEST_AES_CCM 145
# define FIPS_F_FIPS_SELFTEST_AES_GCM 129
# define FIPS_F_FIPS_SELFTEST_AES_XTS 144
# define FIPS_F_FIPS_SELFTEST_CMAC 130
# define FIPS_F_FIPS_SELFTEST_DES 131
# define FIPS_F_FIPS_SELFTEST_DSA 132
# define FIPS_F_FIPS_SELFTEST_ECDSA 133
# define FIPS_F_FIPS_SELFTEST_HMAC 134
# define FIPS_F_FIPS_SELFTEST_SHA1 135
# define FIPS_F_FIPS_SELFTEST_X931 136
# define FIPS_F_FIPS_SET_PRNG_KEY 153
# define FIPS_F_HASH_FINAL 137
# define FIPS_F_RSA_BUILTIN_KEYGEN 138
# define FIPS_F_RSA_EAY_INIT 149
# define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 139
# define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 140
# define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 141
# define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 142
# define FIPS_F_RSA_X931_GENERATE_KEY_EX 143
# define FIPS_F_EVP_CIPHERINIT_EX 200
# define FIPS_F_EVP_DIGESTINIT_EX 201
# define FIPS_F_FIPS_SELFTEST_SHA2 202
/* Reason codes. */
# define FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED 150
# define FIPS_R_ADDITIONAL_INPUT_TOO_LONG 100
# define FIPS_R_ALREADY_INSTANTIATED 101
# define FIPS_R_AUTHENTICATION_FAILURE 151
# define FIPS_R_CONTRADICTING_EVIDENCE 102
# define FIPS_R_DRBG_NOT_INITIALISED 152
# define FIPS_R_DRBG_STUCK 103
# define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
# define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
# define FIPS_R_ENTROPY_SOURCE_STUCK 142
# define FIPS_R_ERROR_INITIALISING_DRBG 106
# define FIPS_R_ERROR_INSTANTIATING_DRBG 107
# define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 108
# define FIPS_R_ERROR_RETRIEVING_ENTROPY 109
# define FIPS_R_ERROR_RETRIEVING_NONCE 110
# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 111
# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 112
# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 113
# define FIPS_R_FIPS_MODE_ALREADY_SET 114
# define FIPS_R_FIPS_SELFTEST_FAILED 115
# define FIPS_R_FUNCTION_ERROR 116
# define FIPS_R_GENERATE_ERROR 117
# define FIPS_R_GENERATE_ERROR_UNDETECTED 118
# define FIPS_R_INSTANTIATE_ERROR 119
# define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 120
# define FIPS_R_INTERNAL_ERROR 121
# define FIPS_R_INVALID_KEY_LENGTH 122
# define FIPS_R_INVALID_PARAMETERS 144
# define FIPS_R_IN_ERROR_STATE 123
# define FIPS_R_KEY_TOO_SHORT 124
# define FIPS_R_NONCE_ERROR_UNDETECTED 149
# define FIPS_R_NON_FIPS_METHOD 125
# define FIPS_R_NOPR_TEST1_FAILURE 145
# define FIPS_R_NOPR_TEST2_FAILURE 146
# define FIPS_R_NOT_INSTANTIATED 126
# define FIPS_R_PAIRWISE_TEST_FAILED 127
# define FIPS_R_PERSONALISATION_ERROR_UNDETECTED 128
# define FIPS_R_PERSONALISATION_STRING_TOO_LONG 129
# define FIPS_R_PRNG_STRENGTH_TOO_LOW 143
# define FIPS_R_PR_TEST1_FAILURE 147
# define FIPS_R_PR_TEST2_FAILURE 148
# define FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED 130
# define FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG 131
# define FIPS_R_RESEED_COUNTER_ERROR 132
# define FIPS_R_RESEED_ERROR 133
# define FIPS_R_SELFTEST_FAILED 134
# define FIPS_R_SELFTEST_FAILURE 135
# define FIPS_R_STRENGTH_ERROR_UNDETECTED 136
# define FIPS_R_TEST_FAILURE 137
# define FIPS_R_UNINSTANTIATE_ERROR 141
# define FIPS_R_UNINSTANTIATE_ZEROISE_ERROR 138
# define FIPS_R_UNSUPPORTED_DRBG_TYPE 139
# define FIPS_R_UNSUPPORTED_PLATFORM 140
# ifdef __cplusplus
}
# endif
#endif
|