forked from pool/openssl-1_1
Pedro Monreal Gonzalez
8f01c56ec8
- Update to 1.1.1w: * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. (CVE-2023-4807) - Add missing FIPS patches from SLE: * Add patches: - bsc1185319-FIPS-KAT-for-ECDSA.patch - bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch - openssl-1.1.1-fips-fix-memory-leaks.patch - openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch - openssl-1_1-FIPS_drbg-rewire.patch - openssl-1_1-Zeroization.patch - openssl-1_1-fips-drbg-selftest.patch - openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch - openssl-1_1-jitterentropy-3.4.0.patch - openssl-1_1-ossl-sli-000-fix-build-error.patch OBS-URL: https://build.opensuse.org/request/show/1111331 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=144
947 lines
47 KiB
Diff
947 lines
47 KiB
Diff
---
|
|
apps/openssl-vms.cnf | 18 ++++
|
|
crypto/dh/dh_err.c | 8 -
|
|
crypto/dsa/dsa_err.c | 8 +
|
|
crypto/ec/ec_err.c | 29 ++++++-
|
|
crypto/err/openssl.txt | 40 +++++++++
|
|
crypto/evp/evp_err.c | 6 -
|
|
crypto/fips/fips_ers.c | 189 +++++++++++++++++++++++++++++++++++++++++++++--
|
|
crypto/rsa/rsa_err.c | 23 +++--
|
|
include/openssl/dherr.h | 15 +--
|
|
include/openssl/dsaerr.h | 18 +---
|
|
include/openssl/ecerr.h | 7 -
|
|
include/openssl/evperr.h | 19 ++--
|
|
include/openssl/rsaerr.h | 32 +++----
|
|
13 files changed, 333 insertions(+), 79 deletions(-)
|
|
|
|
--- a/apps/openssl-vms.cnf
|
|
+++ b/apps/openssl-vms.cnf
|
|
@@ -11,6 +11,24 @@
|
|
# defined.
|
|
HOME = .
|
|
|
|
+openssl_conf = openssl_init
|
|
+
|
|
+[ openssl_init ]
|
|
+
|
|
+engines = engine_section
|
|
+
|
|
+[ engine_section ]
|
|
+
|
|
+# This include will look through the directory that will contain the
|
|
+# engine declarations for any engines provided by other packages.
|
|
+.include /etc/ssl/engines.d
|
|
+
|
|
+# This include will look through the directory that will contain the
|
|
+# definitions of the engines declared in the engine section.
|
|
+.include /etc/ssl/engdef.d
|
|
+
|
|
+[ oid_section ]
|
|
+
|
|
# Extra OBJECT IDENTIFIER info:
|
|
#oid_file = $ENV::HOME/.oid
|
|
oid_section = new_oids
|
|
--- a/crypto/dh/dh_err.c
|
|
+++ b/crypto/dh/dh_err.c
|
|
@@ -26,8 +26,8 @@ static const ERR_STRING_DATA DH_str_func
|
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
|
|
"dh_cms_set_shared_info"},
|
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_COMPUTE_KEY, 0), "DH_compute_key"},
|
|
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_KEY, 0), "DH_generate_key"},
|
|
- {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0), "DH_generate_parameters_ex"},
|
|
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_GENERATE_PARAMETERS_EX, 0),
|
|
+ "DH_generate_parameters_ex"},
|
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
|
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
|
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
|
|
@@ -78,11 +78,11 @@ static const ERR_STRING_DATA DH_str_reas
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
|
|
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non fips method"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
|
|
"not suitable generator"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
|
|
- {ERR_PACK(ERR_LIB_DH, 0, DH_R_NON_FIPS_METHOD), "non FIPS method"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
|
"parameter encoding error"},
|
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
|
--- a/crypto/dsa/dsa_err.c
|
|
+++ b/crypto/dsa/dsa_err.c
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -24,7 +24,8 @@ static const ERR_STRING_DATA DSA_str_fun
|
|
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
|
|
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
|
|
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_KEY, 0), "DSA_generate_key"},
|
|
- {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0), "DSA_generate_parameters_ex"},
|
|
+ {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_GENERATE_PARAMETERS_EX, 0),
|
|
+ "DSA_generate_parameters_ex"},
|
|
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
|
|
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
|
|
{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
|
|
@@ -60,8 +61,9 @@ static const ERR_STRING_DATA DSA_str_rea
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
|
|
"missing private key"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
|
|
+ {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD),
|
|
+ "non fips dsa method"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
|
|
- {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NON_FIPS_DSA_METHOD), "non FIPS DSA method"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
|
|
"parameter encoding error"},
|
|
{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
|
|
--- a/crypto/ec/ec_err.c
|
|
+++ b/crypto/ec/ec_err.c
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -27,9 +27,19 @@ static const ERR_STRING_DATA EC_str_func
|
|
"ecdh_simple_compute_key"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_SIGN_SIG, 0),
|
|
+ "ecdsa_s390x_nistp_sign_sig"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_S390X_NISTP_VERIFY_SIG, 0),
|
|
+ "ecdsa_s390x_nistp_verify_sig"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SETUP, 0),
|
|
+ "ecdsa_simple_sign_setup"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_SIGN_SIG, 0),
|
|
+ "ecdsa_simple_sign_sig"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
|
|
+ "ecdsa_simple_verify_sig"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
|
|
@@ -193,6 +203,7 @@ static const ERR_STRING_DATA EC_str_func
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PUBLIC_CHECK, 0), "ec_key_public_check"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
|
|
"EC_KEY_set_public_key_affine_coordinates"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
|
|
@@ -266,6 +277,8 @@ static const ERR_STRING_DATA EC_str_func
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
|
|
"ossl_ecdh_compute_key"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SETUP, 0),
|
|
+ "ossl_ecdsa_sign_setup"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
|
|
"ossl_ecdsa_verify_sig"},
|
|
@@ -284,6 +297,18 @@ static const ERR_STRING_DATA EC_str_func
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN25519, 0),
|
|
+ "s390x_pkey_ecd_digestsign25519"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_DIGESTSIGN448, 0),
|
|
+ "s390x_pkey_ecd_digestsign448"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN25519, 0),
|
|
+ "s390x_pkey_ecd_keygen25519"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECD_KEYGEN448, 0),
|
|
+ "s390x_pkey_ecd_keygen448"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN25519, 0),
|
|
+ "s390x_pkey_ecx_keygen25519"},
|
|
+ {ERR_PACK(ERR_LIB_EC, EC_F_S390X_PKEY_ECX_KEYGEN448, 0),
|
|
+ "s390x_pkey_ecx_keygen448"},
|
|
{ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
|
|
{0, NULL}
|
|
};
|
|
@@ -298,6 +323,8 @@ static const ERR_STRING_DATA EC_str_reas
|
|
"coordinates out of range"},
|
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
|
|
"curve does not support ecdh"},
|
|
+ {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA),
|
|
+ "curve does not support ecdsa"},
|
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
|
|
"curve does not support signing"},
|
|
{ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
|
|
--- a/crypto/err/openssl.txt
|
|
+++ b/crypto/err/openssl.txt
|
|
@@ -408,6 +408,8 @@ DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pu
|
|
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
|
|
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
|
|
DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
|
|
+DH_F_DH_COMPUTE_KEY:126:DH_compute_key
|
|
+DH_F_DH_GENERATE_PARAMETERS_EX:127:DH_generate_parameters_ex
|
|
DH_F_DH_METH_DUP:117:DH_meth_dup
|
|
DH_F_DH_METH_NEW:118:DH_meth_new
|
|
DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
|
|
@@ -427,10 +429,13 @@ DH_F_PKEY_DH_INIT:125:pkey_dh_init
|
|
DH_F_PKEY_DH_KEYGEN:113:pkey_dh_keygen
|
|
DSA_F_DSAPARAMS_PRINT:100:DSAparams_print
|
|
DSA_F_DSAPARAMS_PRINT_FP:101:DSAparams_print_fp
|
|
+DSA_F_DSA_BUILTIN_KEYGEN:108:dsa_builtin_keygen
|
|
DSA_F_DSA_BUILTIN_PARAMGEN:125:dsa_builtin_paramgen
|
|
DSA_F_DSA_BUILTIN_PARAMGEN2:126:dsa_builtin_paramgen2
|
|
DSA_F_DSA_DO_SIGN:112:DSA_do_sign
|
|
DSA_F_DSA_DO_VERIFY:113:DSA_do_verify
|
|
+DSA_F_DSA_GENERATE_KEY:109:DSA_generate_key
|
|
+DSA_F_DSA_GENERATE_PARAMETERS_EX:110:DSA_generate_parameters_ex
|
|
DSA_F_DSA_METH_DUP:127:DSA_meth_dup
|
|
DSA_F_DSA_METH_NEW:128:DSA_meth_new
|
|
DSA_F_DSA_METH_SET1_NAME:129:DSA_meth_set1_name
|
|
@@ -494,15 +499,15 @@ EC_F_ECDH_COMPUTE_KEY:246:ECDH_compute_k
|
|
EC_F_ECDH_SIMPLE_COMPUTE_KEY:257:ecdh_simple_compute_key
|
|
EC_F_ECDSA_DO_SIGN_EX:251:ECDSA_do_sign_ex
|
|
EC_F_ECDSA_DO_VERIFY:252:ECDSA_do_verify
|
|
+EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
|
|
+EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
|
|
EC_F_ECDSA_SIGN_EX:254:ECDSA_sign_ex
|
|
EC_F_ECDSA_SIGN_SETUP:248:ECDSA_sign_setup
|
|
EC_F_ECDSA_SIG_NEW:265:ECDSA_SIG_new
|
|
-EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
|
EC_F_ECDSA_SIMPLE_SIGN_SETUP:310:ecdsa_simple_sign_setup
|
|
EC_F_ECDSA_SIMPLE_SIGN_SIG:311:ecdsa_simple_sign_sig
|
|
EC_F_ECDSA_SIMPLE_VERIFY_SIG:312:ecdsa_simple_verify_sig
|
|
-EC_F_ECDSA_S390X_NISTP_SIGN_SIG:313:ecdsa_s390x_nistp_sign_sig
|
|
-EC_F_ECDSA_S390X_NISTP_VERIFY_SIG:314:ecdsa_s390x_nistp_verify_sig
|
|
+EC_F_ECDSA_VERIFY:253:ECDSA_verify
|
|
EC_F_ECD_ITEM_VERIFY:270:ecd_item_verify
|
|
EC_F_ECKEY_PARAM2TYPE:223:eckey_param2type
|
|
EC_F_ECKEY_PARAM_DECODE:212:eckey_param_decode
|
|
@@ -610,6 +615,7 @@ EC_F_EC_KEY_PRINT:180:EC_KEY_print
|
|
EC_F_EC_KEY_PRINT_FP:181:EC_KEY_print_fp
|
|
EC_F_EC_KEY_PRIV2BUF:279:EC_KEY_priv2buf
|
|
EC_F_EC_KEY_PRIV2OCT:256:EC_KEY_priv2oct
|
|
+EC_F_EC_KEY_PUBLIC_CHECK:299:ec_key_public_check
|
|
EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES:229:\
|
|
EC_KEY_set_public_key_affine_coordinates
|
|
EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
|
|
@@ -735,6 +741,7 @@ EVP_F_AES_OCB_CIPHER:169:aes_ocb_cipher
|
|
EVP_F_AES_T4_INIT_KEY:178:aes_t4_init_key
|
|
EVP_F_AES_T4_XTS_INIT_KEY:208:aes_t4_xts_init_key
|
|
EVP_F_AES_WRAP_CIPHER:170:aes_wrap_cipher
|
|
+EVP_F_AES_XTS_CIPHER:210:aes_xts_cipher
|
|
EVP_F_AES_XTS_INIT_KEY:209:aes_xts_init_key
|
|
EVP_F_ALG_MODULE_INIT:177:alg_module_init
|
|
EVP_F_ARIA_CCM_INIT_KEY:175:aria_ccm_init_key
|
|
@@ -844,6 +851,8 @@ FIPS_F_EVP_CIPHER_CTX_NEW:137:EVP_CIPHER
|
|
FIPS_F_EVP_CIPHER_CTX_RESET:122:EVP_CIPHER_CTX_reset
|
|
FIPS_F_EVP_CIPHERINIT_EX:124:EVP_CipherInit_ex
|
|
FIPS_F_EVP_DIGESTINIT_EX:125:EVP_DigestInit_ex
|
|
+FIPS_F_ECDSA_SIMPLE_SIGN_SIG:104:ecdsa_simple_sign_sig
|
|
+FIPS_F_ECDSA_SIMPLE_VERIFY_SIG:105:ecdsa_simple_verify_sig
|
|
FIPS_F_FIPS_CHECK_DSA:104:fips_check_dsa
|
|
FIPS_F_FIPS_CHECK_EC:142:fips_check_ec
|
|
FIPS_F_FIPS_CHECK_RSA:106:fips_check_rsa
|
|
@@ -874,9 +883,15 @@ FIPS_F_FIPS_SELFTEST_CMAC:130:FIPS_selft
|
|
FIPS_F_FIPS_SELFTEST_DES:111:FIPS_selftest_des
|
|
FIPS_F_FIPS_SELFTEST_DSA:112:FIPS_selftest_dsa
|
|
FIPS_F_FIPS_SELFTEST_ECDSA:133:FIPS_selftest_ecdsa
|
|
+FIPS_F_FIPS_SELFTEST_HKDF:136:FIPS_selftest_hkdf
|
|
FIPS_F_FIPS_SELFTEST_HMAC:113:FIPS_selftest_hmac
|
|
+FIPS_F_FIPS_SELFTEST_PBKDF2:138:FIPS_selftest_pbkdf2
|
|
FIPS_F_FIPS_SELFTEST_SHA1:115:FIPS_selftest_sha1
|
|
FIPS_F_FIPS_SELFTEST_SHA2:105:FIPS_selftest_sha2
|
|
+FIPS_F_FIPS_SELFTEST_SHA3:141:FIPS_selftest_sha3
|
|
+FIPS_F_FIPS_SELFTEST_SSH:142:FIPS_selftest_ssh
|
|
+FIPS_F_FIPS_SELFTEST_TLS:143:FIPS_selftest_tls
|
|
+FIPS_F_OSSL_ECDH_COMPUTE_KEY:144:ossl_ecdh_compute_key
|
|
FIPS_F_OSSL_ECDSA_SIGN_SIG:143:ossl_ecdsa_sign_sig
|
|
FIPS_F_OSSL_ECDSA_VERIFY_SIG:148:ossl_ecdsa_verify_sig
|
|
FIPS_F_RSA_BUILTIN_KEYGEN:116:rsa_builtin_keygen
|
|
@@ -1126,6 +1141,7 @@ RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo
|
|
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
|
|
RSA_F_CHECK_PADDING_MD:140:check_padding_md
|
|
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
|
|
+RSA_F_FIPS_RSA_BUILTIN_KEYGEN:168:fips_rsa_builtin_keygen
|
|
RSA_F_INT_RSA_VERIFY:145:int_rsa_verify
|
|
RSA_F_OLD_RSA_PRIV_DECODE:147:old_rsa_priv_decode
|
|
RSA_F_PKEY_PSS_INIT:165:pkey_pss_init
|
|
@@ -1140,6 +1156,8 @@ RSA_F_RSA_CHECK_KEY:123:RSA_check_key
|
|
RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
|
|
RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
|
|
RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
|
|
+RSA_F_RSA_GENERATE_KEY_EX:169:RSA_generate_key_ex
|
|
+RSA_F_RSA_GENERATE_MULTI_PRIME_KEY:170:RSA_generate_multi_prime_key
|
|
RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
|
|
RSA_F_RSA_METH_DUP:161:RSA_meth_dup
|
|
RSA_F_RSA_METH_NEW:162:RSA_meth_new
|
|
@@ -1175,12 +1193,18 @@ RSA_F_RSA_PADDING_CHECK_X931:128:RSA_pad
|
|
RSA_F_RSA_PARAM_DECODE:164:rsa_param_decode
|
|
RSA_F_RSA_PRINT:115:RSA_print
|
|
RSA_F_RSA_PRINT_FP:116:RSA_print_fp
|
|
+RSA_F_RSA_PRIVATE_DECRYPT:171:RSA_private_decrypt
|
|
+RSA_F_RSA_PRIVATE_ENCRYPT:172:RSA_private_encrypt
|
|
RSA_F_RSA_PRIV_DECODE:150:rsa_priv_decode
|
|
RSA_F_RSA_PRIV_ENCODE:138:rsa_priv_encode
|
|
RSA_F_RSA_PSS_GET_PARAM:151:rsa_pss_get_param
|
|
RSA_F_RSA_PSS_TO_CTX:155:rsa_pss_to_ctx
|
|
+RSA_F_RSA_PUBLIC_DECRYPT:173:RSA_public_decrypt
|
|
+RSA_F_RSA_PUBLIC_ENCRYPT:174:RSA_public_encrypt
|
|
RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
|
|
RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
|
|
+RSA_F_RSA_SET_DEFAULT_METHOD:175:RSA_set_default_method
|
|
+RSA_F_RSA_SET_METHOD:176:RSA_set_method
|
|
RSA_F_RSA_SIGN:117:RSA_sign
|
|
RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
|
|
RSA_F_RSA_VERIFY:119:RSA_verify
|
|
@@ -2189,8 +2213,10 @@ DH_R_INVALID_PARAMETER_NID:114:invalid p
|
|
DH_R_INVALID_PUBKEY:102:invalid public key
|
|
DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
|
|
DH_R_KEYS_NOT_SET:108:keys not set
|
|
+DH_R_KEY_SIZE_TOO_SMALL:126:key size too small
|
|
DH_R_MISSING_PUBKEY:125:missing pubkey
|
|
DH_R_MODULUS_TOO_LARGE:103:modulus too large
|
|
+DH_R_NON_FIPS_METHOD:127:non fips method
|
|
DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
|
|
DH_R_NO_PARAMETERS_SET:107:no parameters set
|
|
DH_R_NO_PRIVATE_VALUE:100:no private value
|
|
@@ -2204,9 +2230,12 @@ DSA_R_BN_ERROR:109:bn error
|
|
DSA_R_DECODE_ERROR:104:decode error
|
|
DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type
|
|
DSA_R_INVALID_PARAMETERS:112:invalid parameters
|
|
+DSA_R_KEY_SIZE_INVALID:114:key size invalid
|
|
+DSA_R_KEY_SIZE_TOO_SMALL:115:key size too small
|
|
DSA_R_MISSING_PARAMETERS:101:missing parameters
|
|
DSA_R_MISSING_PRIVATE_KEY:111:missing private key
|
|
DSA_R_MODULUS_TOO_LARGE:103:modulus too large
|
|
+DSA_R_NON_FIPS_DSA_METHOD:116:non fips dsa method
|
|
DSA_R_NO_PARAMETERS_SET:107:no parameters set
|
|
DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
|
DSA_R_Q_NOT_PRIME:113:q not prime
|
|
@@ -2344,6 +2373,7 @@ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:
|
|
EVP_R_DECODE_ERROR:114:decode error
|
|
EVP_R_DIFFERENT_KEY_TYPES:101:different key types
|
|
EVP_R_DIFFERENT_PARAMETERS:153:different parameters
|
|
+EVP_R_DISABLED_FOR_FIPS:185:disabled for fips
|
|
EVP_R_ERROR_LOADING_SECTION:165:error loading section
|
|
EVP_R_ERROR_SETTING_FIPS_MODE:166:error setting fips mode
|
|
EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key
|
|
@@ -2389,6 +2419,7 @@ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREA
|
|
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
|
|
EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error
|
|
EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa
|
|
+EVP_R_TOO_LARGE:186:too large
|
|
EVP_R_UNKNOWN_CIPHER:160:unknown cipher
|
|
EVP_R_UNKNOWN_DIGEST:161:unknown digest
|
|
EVP_R_UNKNOWN_OPTION:169:unknown option
|
|
@@ -2711,11 +2742,13 @@ RSA_R_MODULUS_TOO_LARGE:105:modulus too
|
|
RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r
|
|
RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d
|
|
RSA_R_MP_R_NOT_PRIME:170:mp r not prime
|
|
+RSA_R_NON_FIPS_RSA_METHOD:171:non fips rsa method
|
|
RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent
|
|
RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing
|
|
RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes
|
|
RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q
|
|
RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error
|
|
+RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE:173:operation not allowed in fips mode
|
|
RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\
|
|
operation not supported for this keytype
|
|
RSA_R_PADDING_CHECK_FAILED:114:padding check failed
|
|
@@ -2737,6 +2770,7 @@ RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:un
|
|
RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source
|
|
RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm
|
|
RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter
|
|
+RSA_R_UNSUPPORTED_PARAMETERS:174:unsupported parameters
|
|
RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type
|
|
RSA_R_VALUE_MISSING:147:value missing
|
|
RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length
|
|
--- a/crypto/evp/evp_err.c
|
|
+++ b/crypto/evp/evp_err.c
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -192,7 +192,7 @@ static const ERR_STRING_DATA EVP_str_rea
|
|
"different key types"},
|
|
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
|
|
"different parameters"},
|
|
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for FIPS"},
|
|
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
|
|
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
|
|
"error loading section"},
|
|
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
|
|
@@ -286,8 +286,6 @@ static const ERR_STRING_DATA EVP_str_rea
|
|
"wrap mode not allowed"},
|
|
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
|
|
"wrong final block length"},
|
|
- {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE),
|
|
- "xts data unit is too large"},
|
|
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
|
|
"xts duplicated keys"},
|
|
{0, NULL}
|
|
--- a/crypto/fips/fips_ers.c
|
|
+++ b/crypto/fips/fips_ers.c
|
|
@@ -1,7 +1,186 @@
|
|
-#include <openssl/opensslconf.h>
|
|
+/*
|
|
+ * Generated by util/mkerr.pl DO NOT EDIT
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ *
|
|
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
|
+ * this file except in compliance with the License. You can obtain a copy
|
|
+ * in the file LICENSE in the source distribution or at
|
|
+ * https://www.openssl.org/source/license.html
|
|
+ */
|
|
|
|
-#ifdef OPENSSL_FIPS
|
|
-# include "fips_err.h"
|
|
-#else
|
|
-static void *dummy = &dummy;
|
|
+#include <openssl/err.h>
|
|
+#include "crypto/fipserr.h"
|
|
+
|
|
+#ifndef OPENSSL_NO_ERR
|
|
+
|
|
+static const ERR_STRING_DATA FIPS_str_functs[] = {
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DRBG_RESEED, 0), "drbg_reseed"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_BUILTIN_PARAMGEN2, 0),
|
|
+ "dsa_builtin_paramgen2"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_SIGN_SIG, 0),
|
|
+ "ecdsa_simple_sign_sig"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_ECDSA_SIMPLE_VERIFY_SIG, 0),
|
|
+ "ecdsa_simple_verify_sig"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_NEW, 0),
|
|
+ "EVP_CIPHER_CTX_new"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_CIPHER_CTX_RESET, 0),
|
|
+ "EVP_CIPHER_CTX_reset"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_DSA, 0), "fips_check_dsa"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_EC, 0), "fips_check_ec"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_CHECK_RSA, 0), "fips_check_rsa"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_BYTES, 0), "fips_drbg_bytes"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_CHECK, 0), "fips_drbg_check"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_ERROR_CHECK, 0),
|
|
+ "fips_drbg_error_check"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_GENERATE, 0),
|
|
+ "FIPS_drbg_generate"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INIT, 0), "FIPS_drbg_init"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_INSTANTIATE, 0),
|
|
+ "FIPS_drbg_instantiate"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_NEW, 0), "FIPS_drbg_new"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_DRBG_SINGLE_KAT, 0),
|
|
+ "fips_drbg_single_kat"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_GET_ENTROPY, 0), "fips_get_entropy"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_MODULE_MODE_SET, 0),
|
|
+ "FIPS_module_mode_set"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_PKEY_SIGNATURE_TEST, 0),
|
|
+ "fips_pkey_signature_test"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_BYTES, 0), "FIPS_rand_bytes"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SEED, 0), "FIPS_rand_seed"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_SET_METHOD, 0),
|
|
+ "FIPS_rand_set_method"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RAND_STATUS, 0), "FIPS_rand_status"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, 0),
|
|
+ "fips_rsa_builtin_keygen"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES, 0), "FIPS_selftest_aes"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_CCM, 0),
|
|
+ "FIPS_selftest_aes_ccm"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_GCM, 0),
|
|
+ "FIPS_selftest_aes_gcm"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_AES_XTS, 0),
|
|
+ "FIPS_selftest_aes_xts"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_CMAC, 0),
|
|
+ "FIPS_selftest_cmac"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_DES, 0), "FIPS_selftest_des"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_ECDSA, 0),
|
|
+ "FIPS_selftest_ecdsa"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HKDF, 0),
|
|
+ "FIPS_selftest_hkdf"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_HMAC, 0),
|
|
+ "FIPS_selftest_hmac"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_PBKDF2, 0),
|
|
+ "FIPS_selftest_pbkdf2"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA1, 0),
|
|
+ "FIPS_selftest_sha1"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA2, 0),
|
|
+ "FIPS_selftest_sha2"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SHA3, 0),
|
|
+ "FIPS_selftest_sha3"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_SSH, 0), "FIPS_selftest_ssh"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_FIPS_SELFTEST_TLS, 0), "FIPS_selftest_tls"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_OSSL_ECDH_COMPUTE_KEY, 0),
|
|
+ "ossl_ecdh_compute_key"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
|
|
+ "rsa_ossl_private_decrypt"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
|
|
+ "rsa_ossl_private_encrypt"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
|
|
+ "rsa_ossl_public_decrypt"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, FIPS_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
|
|
+ "rsa_ossl_public_encrypt"},
|
|
+ {0, NULL}
|
|
+};
|
|
+
|
|
+static const ERR_STRING_DATA FIPS_str_reasons[] = {
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED),
|
|
+ "additional input error undetected"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ADDITIONAL_INPUT_TOO_LONG),
|
|
+ "additional input too long"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ALREADY_INSTANTIATED),
|
|
+ "already instantiated"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_DRBG_NOT_INITIALISED),
|
|
+ "drbg not initialised"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_ERROR_UNDETECTED),
|
|
+ "entropy error undetected"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED),
|
|
+ "entropy not requested for reseed"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ENTROPY_SOURCE_STUCK),
|
|
+ "entropy source stuck"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INITIALISING_DRBG),
|
|
+ "error initialising drbg"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_INSTANTIATING_DRBG),
|
|
+ "error instantiating drbg"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
|
|
+ "error retrieving additional input"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_ENTROPY),
|
|
+ "error retrieving entropy"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_ERROR_RETRIEVING_NONCE),
|
|
+ "error retrieving nonce"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
|
|
+ "fingerprint does not match"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_MODE_ALREADY_SET),
|
|
+ "fips mode already set"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FIPS_SELFTEST_FAILED),
|
|
+ "fips selftest failed"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_FUNCTION_ERROR), "function error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR), "generate error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_GENERATE_ERROR_UNDETECTED),
|
|
+ "generate error undetected"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INSTANTIATE_ERROR), "instantiate error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_INVALID_KEY_LENGTH),
|
|
+ "invalid key length"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_IN_ERROR_STATE), "in error state"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_KEY_TOO_SHORT), "key too short"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NONCE_ERROR_UNDETECTED),
|
|
+ "nonce error undetected"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NON_FIPS_METHOD), "non fips method"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST1_FAILURE),
|
|
+ "nopr test1 failure"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOPR_TEST2_FAILURE),
|
|
+ "nopr test2 failure"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_NOT_INSTANTIATED), "not instantiated"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PAIRWISE_TEST_FAILED),
|
|
+ "pairwise test failed"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_ERROR_UNDETECTED),
|
|
+ "personalisation error undetected"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PERSONALISATION_STRING_TOO_LONG),
|
|
+ "personalisation string too long"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST1_FAILURE), "pr test1 failure"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_PR_TEST2_FAILURE), "pr test2 failure"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_LENGTH_ERROR_UNDETECTED),
|
|
+ "request length error undetected"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG),
|
|
+ "request too large for drbg"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_COUNTER_ERROR),
|
|
+ "reseed counter error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_RESEED_ERROR), "reseed error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILED), "selftest failed"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_SELFTEST_FAILURE), "selftest failure"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_TEST_FAILURE), "test failure"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ERROR),
|
|
+ "uninstantiate error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNINSTANTIATE_ZEROISE_ERROR),
|
|
+ "uninstantiate zeroise error"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_DRBG_TYPE),
|
|
+ "unsupported drbg type"},
|
|
+ {ERR_PACK(ERR_LIB_FIPS, 0, FIPS_R_UNSUPPORTED_PLATFORM),
|
|
+ "unsupported platform"},
|
|
+ {0, NULL}
|
|
+};
|
|
+
|
|
+#endif
|
|
+
|
|
+int ERR_load_FIPS_strings(void)
|
|
+{
|
|
+#ifndef OPENSSL_NO_ERR
|
|
+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
|
|
+ ERR_load_strings_const(FIPS_str_functs);
|
|
+ ERR_load_strings_const(FIPS_str_reasons);
|
|
+ }
|
|
#endif
|
|
+ return 1;
|
|
+}
|
|
--- a/crypto/rsa/rsa_err.c
|
|
+++ b/crypto/rsa/rsa_err.c
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -34,7 +34,8 @@ static const ERR_STRING_DATA RSA_str_fun
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
|
|
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0), "RSA_generate_key_ex"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_KEY_EX, 0),
|
|
+ "RSA_generate_key_ex"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_GENERATE_MULTI_PRIME_KEY, 0),
|
|
"RSA_generate_multi_prime_key"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
|
|
@@ -93,16 +94,21 @@ static const ERR_STRING_DATA RSA_str_fun
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0),
|
|
+ "RSA_private_decrypt"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0),
|
|
+ "RSA_private_encrypt"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
|
|
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_DECRYPT, 0), "RSA_private_decrypt"},
|
|
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_private_encrypt"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
|
|
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_DECRYPT, 0), "RSA_public_decrypt"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_public_encrypt"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0),
|
|
+ "RSA_set_default_method"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
|
|
"RSA_sign_ASN1_OCTET_STRING"},
|
|
@@ -111,8 +117,6 @@ static const ERR_STRING_DATA RSA_str_fun
|
|
"RSA_verify_ASN1_OCTET_STRING"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
|
|
"RSA_verify_PKCS1_PSS_mgf1"},
|
|
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_DEFAULT_METHOD, 0), "RSA_set_default_method"},
|
|
- {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SET_METHOD, 0), "RSA_set_method"},
|
|
{ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
|
|
{0, NULL}
|
|
};
|
|
@@ -193,8 +197,9 @@ static const ERR_STRING_DATA RSA_str_rea
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
|
|
"mp exponent not congruent to d"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
|
|
+ {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD),
|
|
+ "non fips rsa method"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
|
|
- {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NON_FIPS_RSA_METHOD), "non FIPS rsa method"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
|
|
"null before block missing"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
|
|
@@ -204,7 +209,7 @@ static const ERR_STRING_DATA RSA_str_rea
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
|
|
"oaep decoding error"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
|
|
- "operation not allowed in FIPS mode"},
|
|
+ "operation not allowed in fips mode"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
|
|
"operation not supported for this keytype"},
|
|
{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
|
|
--- a/include/openssl/dherr.h
|
|
+++ b/include/openssl/dherr.h
|
|
@@ -11,9 +11,7 @@
|
|
#ifndef HEADER_DHERR_H
|
|
# define HEADER_DHERR_H
|
|
|
|
-# ifndef HEADER_SYMHACKS_H
|
|
-# include <openssl/symhacks.h>
|
|
-# endif
|
|
+# include <openssl/symhacks.h>
|
|
|
|
# include <openssl/opensslconf.h>
|
|
|
|
@@ -36,9 +34,8 @@ int ERR_load_DH_strings(void);
|
|
# define DH_F_DH_CMS_DECRYPT 114
|
|
# define DH_F_DH_CMS_SET_PEERKEY 115
|
|
# define DH_F_DH_CMS_SET_SHARED_INFO 116
|
|
-# define DH_F_DH_COMPUTE_KEY 203
|
|
-# define DH_F_DH_GENERATE_KEY 202
|
|
-# define DH_F_DH_GENERATE_PARAMETERS_EX 201
|
|
+# define DH_F_DH_COMPUTE_KEY 126
|
|
+# define DH_F_DH_GENERATE_PARAMETERS_EX 127
|
|
# define DH_F_DH_METH_DUP 117
|
|
# define DH_F_DH_METH_NEW 118
|
|
# define DH_F_DH_METH_SET1_NAME 119
|
|
@@ -76,14 +73,14 @@ int ERR_load_DH_strings(void);
|
|
# define DH_R_INVALID_PARAMETER_NID 114
|
|
# define DH_R_INVALID_PUBKEY 102
|
|
# define DH_R_KDF_PARAMETER_ERROR 112
|
|
-# define DH_R_KEY_SIZE_TOO_SMALL 201
|
|
# define DH_R_KEYS_NOT_SET 108
|
|
+# define DH_R_KEY_SIZE_TOO_SMALL 126
|
|
# define DH_R_MISSING_PUBKEY 125
|
|
# define DH_R_MODULUS_TOO_LARGE 103
|
|
+# define DH_R_NON_FIPS_METHOD 127
|
|
# define DH_R_NOT_SUITABLE_GENERATOR 120
|
|
# define DH_R_NO_PARAMETERS_SET 107
|
|
# define DH_R_NO_PRIVATE_VALUE 100
|
|
-# define DH_R_NON_FIPS_METHOD 202
|
|
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
|
# define DH_R_PEER_KEY_ERROR 111
|
|
# define DH_R_SHARED_INFO_ERROR 113
|
|
--- a/include/openssl/dsaerr.h
|
|
+++ b/include/openssl/dsaerr.h
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -11,9 +11,7 @@
|
|
#ifndef HEADER_DSAERR_H
|
|
# define HEADER_DSAERR_H
|
|
|
|
-# ifndef HEADER_SYMHACKS_H
|
|
-# include <openssl/symhacks.h>
|
|
-# endif
|
|
+# include <openssl/symhacks.h>
|
|
|
|
# include <openssl/opensslconf.h>
|
|
|
|
@@ -29,13 +27,13 @@ int ERR_load_DSA_strings(void);
|
|
*/
|
|
# define DSA_F_DSAPARAMS_PRINT 100
|
|
# define DSA_F_DSAPARAMS_PRINT_FP 101
|
|
-# define DSA_F_DSA_BUILTIN_KEYGEN 202
|
|
+# define DSA_F_DSA_BUILTIN_KEYGEN 108
|
|
# define DSA_F_DSA_BUILTIN_PARAMGEN 125
|
|
# define DSA_F_DSA_BUILTIN_PARAMGEN2 126
|
|
-# define DSA_F_DSA_GENERATE_KEY 201
|
|
-# define DSA_F_DSA_GENERATE_PARAMETERS_EX 200
|
|
# define DSA_F_DSA_DO_SIGN 112
|
|
# define DSA_F_DSA_DO_VERIFY 113
|
|
+# define DSA_F_DSA_GENERATE_KEY 109
|
|
+# define DSA_F_DSA_GENERATE_PARAMETERS_EX 110
|
|
# define DSA_F_DSA_METH_DUP 127
|
|
# define DSA_F_DSA_METH_NEW 128
|
|
# define DSA_F_DSA_METH_SET1_NAME 129
|
|
@@ -63,13 +61,13 @@ int ERR_load_DSA_strings(void);
|
|
# define DSA_R_DECODE_ERROR 104
|
|
# define DSA_R_INVALID_DIGEST_TYPE 106
|
|
# define DSA_R_INVALID_PARAMETERS 112
|
|
-# define DSA_R_KEY_SIZE_INVALID 201
|
|
-# define DSA_R_KEY_SIZE_TOO_SMALL 202
|
|
+# define DSA_R_KEY_SIZE_INVALID 114
|
|
+# define DSA_R_KEY_SIZE_TOO_SMALL 115
|
|
# define DSA_R_MISSING_PARAMETERS 101
|
|
# define DSA_R_MISSING_PRIVATE_KEY 111
|
|
# define DSA_R_MODULUS_TOO_LARGE 103
|
|
+# define DSA_R_NON_FIPS_DSA_METHOD 116
|
|
# define DSA_R_NO_PARAMETERS_SET 107
|
|
-# define DSA_R_NON_FIPS_DSA_METHOD 200
|
|
# define DSA_R_PARAMETER_ENCODING_ERROR 105
|
|
# define DSA_R_Q_NOT_PRIME 113
|
|
# define DSA_R_SEED_LEN_SMALL 110
|
|
--- a/include/openssl/ecerr.h
|
|
+++ b/include/openssl/ecerr.h
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -11,9 +11,7 @@
|
|
#ifndef HEADER_ECERR_H
|
|
# define HEADER_ECERR_H
|
|
|
|
-# ifndef HEADER_SYMHACKS_H
|
|
-# include <openssl/symhacks.h>
|
|
-# endif
|
|
+# include <openssl/symhacks.h>
|
|
|
|
# include <openssl/opensslconf.h>
|
|
|
|
@@ -143,6 +141,7 @@ int ERR_load_EC_strings(void);
|
|
# define EC_F_EC_KEY_PRINT_FP 181
|
|
# define EC_F_EC_KEY_PRIV2BUF 279
|
|
# define EC_F_EC_KEY_PRIV2OCT 256
|
|
+# define EC_F_EC_KEY_PUBLIC_CHECK 299
|
|
# define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229
|
|
# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258
|
|
# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259
|
|
--- a/include/openssl/evperr.h
|
|
+++ b/include/openssl/evperr.h
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -22,15 +22,15 @@ int ERR_load_EVP_strings(void);
|
|
* EVP function codes.
|
|
*/
|
|
# define EVP_F_AESNI_INIT_KEY 165
|
|
-# define EVP_F_AESNI_XTS_INIT_KEY 233
|
|
+# define EVP_F_AESNI_XTS_INIT_KEY 207
|
|
# define EVP_F_AES_GCM_CTRL 196
|
|
# define EVP_F_AES_INIT_KEY 133
|
|
# define EVP_F_AES_OCB_CIPHER 169
|
|
# define EVP_F_AES_T4_INIT_KEY 178
|
|
-# define EVP_F_AES_T4_XTS_INIT_KEY 234
|
|
+# define EVP_F_AES_T4_XTS_INIT_KEY 208
|
|
# define EVP_F_AES_WRAP_CIPHER 170
|
|
-# define EVP_F_AES_XTS_CIPHER 229
|
|
-# define EVP_F_AES_XTS_INIT_KEY 235
|
|
+# define EVP_F_AES_XTS_CIPHER 210
|
|
+# define EVP_F_AES_XTS_INIT_KEY 209
|
|
# define EVP_F_ALG_MODULE_INIT 177
|
|
# define EVP_F_ARIA_CCM_INIT_KEY 175
|
|
# define EVP_F_ARIA_GCM_CTRL 197
|
|
@@ -146,9 +146,9 @@ int ERR_load_EVP_strings(void);
|
|
# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
|
|
# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
|
|
# define EVP_R_DECODE_ERROR 114
|
|
-# define EVP_R_DISABLED_FOR_FIPS 200
|
|
# define EVP_R_DIFFERENT_KEY_TYPES 101
|
|
# define EVP_R_DIFFERENT_PARAMETERS 153
|
|
+# define EVP_R_DISABLED_FOR_FIPS 185
|
|
# define EVP_R_ERROR_LOADING_SECTION 165
|
|
# define EVP_R_ERROR_SETTING_FIPS_MODE 166
|
|
# define EVP_R_EXPECTING_AN_HMAC_KEY 174
|
|
@@ -184,15 +184,15 @@ int ERR_load_EVP_strings(void);
|
|
# define EVP_R_ONLY_ONESHOT_SUPPORTED 177
|
|
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
|
|
# define EVP_R_OPERATON_NOT_INITIALIZED 151
|
|
-# define EVP_R_PARAMETER_TOO_LARGE 187
|
|
# define EVP_R_OUTPUT_WOULD_OVERFLOW 184
|
|
+# define EVP_R_PARAMETER_TOO_LARGE 187
|
|
# define EVP_R_PARTIALLY_OVERLAPPING 162
|
|
# define EVP_R_PBKDF2_ERROR 181
|
|
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
|
|
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
|
|
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
|
|
# define EVP_R_PUBLIC_KEY_NOT_RSA 106
|
|
-# define EVP_R_TOO_LARGE 201
|
|
+# define EVP_R_TOO_LARGE 186
|
|
# define EVP_R_UNKNOWN_CIPHER 160
|
|
# define EVP_R_UNKNOWN_DIGEST 161
|
|
# define EVP_R_UNKNOWN_OPTION 169
|
|
@@ -208,7 +208,6 @@ int ERR_load_EVP_strings(void);
|
|
# define EVP_R_UNSUPPORTED_SALT_TYPE 126
|
|
# define EVP_R_WRAP_MODE_NOT_ALLOWED 170
|
|
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
|
|
-# define EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE 191
|
|
-# define EVP_R_XTS_DUPLICATED_KEYS 192
|
|
+# define EVP_R_XTS_DUPLICATED_KEYS 183
|
|
|
|
#endif
|
|
--- a/include/openssl/rsaerr.h
|
|
+++ b/include/openssl/rsaerr.h
|
|
@@ -1,6 +1,6 @@
|
|
/*
|
|
* Generated by util/mkerr.pl DO NOT EDIT
|
|
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
@@ -11,9 +11,7 @@
|
|
#ifndef HEADER_RSAERR_H
|
|
# define HEADER_RSAERR_H
|
|
|
|
-# ifndef HEADER_SYMHACKS_H
|
|
-# include <openssl/symhacks.h>
|
|
-# endif
|
|
+# include <openssl/symhacks.h>
|
|
|
|
# ifdef __cplusplus
|
|
extern "C"
|
|
@@ -25,7 +23,7 @@ int ERR_load_RSA_strings(void);
|
|
*/
|
|
# define RSA_F_CHECK_PADDING_MD 140
|
|
# define RSA_F_ENCODE_PKCS1 146
|
|
-# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 206
|
|
+# define RSA_F_FIPS_RSA_BUILTIN_KEYGEN 168
|
|
# define RSA_F_INT_RSA_VERIFY 145
|
|
# define RSA_F_OLD_RSA_PRIV_DECODE 147
|
|
# define RSA_F_PKEY_PSS_INIT 165
|
|
@@ -40,8 +38,8 @@ int ERR_load_RSA_strings(void);
|
|
# define RSA_F_RSA_CHECK_KEY_EX 160
|
|
# define RSA_F_RSA_CMS_DECRYPT 159
|
|
# define RSA_F_RSA_CMS_VERIFY 158
|
|
-# define RSA_F_RSA_GENERATE_KEY_EX 204
|
|
-# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 207
|
|
+# define RSA_F_RSA_GENERATE_KEY_EX 169
|
|
+# define RSA_F_RSA_GENERATE_MULTI_PRIME_KEY 170
|
|
# define RSA_F_RSA_ITEM_VERIFY 148
|
|
# define RSA_F_RSA_METH_DUP 161
|
|
# define RSA_F_RSA_METH_NEW 162
|
|
@@ -77,18 +75,18 @@ int ERR_load_RSA_strings(void);
|
|
# define RSA_F_RSA_PARAM_DECODE 164
|
|
# define RSA_F_RSA_PRINT 115
|
|
# define RSA_F_RSA_PRINT_FP 116
|
|
+# define RSA_F_RSA_PRIVATE_DECRYPT 171
|
|
+# define RSA_F_RSA_PRIVATE_ENCRYPT 172
|
|
# define RSA_F_RSA_PRIV_DECODE 150
|
|
# define RSA_F_RSA_PRIV_ENCODE 138
|
|
-# define RSA_F_RSA_PRIVATE_DECRYPT 200
|
|
-# define RSA_F_RSA_PRIVATE_ENCRYPT 201
|
|
# define RSA_F_RSA_PSS_GET_PARAM 151
|
|
# define RSA_F_RSA_PSS_TO_CTX 155
|
|
+# define RSA_F_RSA_PUBLIC_DECRYPT 173
|
|
+# define RSA_F_RSA_PUBLIC_ENCRYPT 174
|
|
# define RSA_F_RSA_PUB_DECODE 139
|
|
-# define RSA_F_RSA_PUBLIC_DECRYPT 202
|
|
-# define RSA_F_RSA_PUBLIC_ENCRYPT 203
|
|
# define RSA_F_RSA_SETUP_BLINDING 136
|
|
-# define RSA_F_RSA_SET_DEFAULT_METHOD 205
|
|
-# define RSA_F_RSA_SET_METHOD 204
|
|
+# define RSA_F_RSA_SET_DEFAULT_METHOD 175
|
|
+# define RSA_F_RSA_SET_METHOD 176
|
|
# define RSA_F_RSA_SIGN 117
|
|
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
|
|
# define RSA_F_RSA_VERIFY 119
|
|
@@ -139,19 +137,19 @@ int ERR_load_RSA_strings(void);
|
|
# define RSA_R_KEY_PRIME_NUM_INVALID 165
|
|
# define RSA_R_KEY_SIZE_TOO_SMALL 120
|
|
# define RSA_R_LAST_OCTET_INVALID 134
|
|
-# define RSA_R_MISSING_PRIVATE_KEY 179
|
|
# define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152
|
|
+# define RSA_R_MISSING_PRIVATE_KEY 179
|
|
# define RSA_R_MODULUS_TOO_LARGE 105
|
|
# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R 168
|
|
# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D 169
|
|
# define RSA_R_MP_R_NOT_PRIME 170
|
|
+# define RSA_R_NON_FIPS_RSA_METHOD 171
|
|
# define RSA_R_NO_PUBLIC_EXPONENT 140
|
|
-# define RSA_R_NON_FIPS_RSA_METHOD 200
|
|
# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
|
|
# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES 172
|
|
# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
|
|
# define RSA_R_OAEP_DECODING_ERROR 121
|
|
-# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 201
|
|
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 173
|
|
# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
|
|
# define RSA_R_PADDING_CHECK_FAILED 114
|
|
# define RSA_R_PKCS_DECODING_ERROR 159
|
|
@@ -171,7 +169,7 @@ int ERR_load_RSA_strings(void);
|
|
# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
|
|
# define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
|
|
# define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
|
|
-# define RSA_R_UNSUPPORTED_PARAMETERS 202
|
|
+# define RSA_R_UNSUPPORTED_PARAMETERS 174
|
|
# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
|
|
# define RSA_R_VALUE_MISSING 147
|
|
# define RSA_R_WRONG_SIGNATURE_LENGTH 119
|