Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2013 Red Hat |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GnuTLS. |
7 | | * |
8 | | * The GnuTLS is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | #ifndef GNUTLS_LIB_FIPS_H |
24 | | #define GNUTLS_LIB_FIPS_H |
25 | | |
26 | | #include "gnutls_int.h" |
27 | | #include <gnutls/gnutls.h> |
28 | | |
29 | | #define FIPS140_RND_KEY_SIZE 32 |
30 | | |
31 | | typedef enum { |
32 | | LIB_STATE_POWERON, |
33 | | LIB_STATE_INIT, |
34 | | LIB_STATE_SELFTEST, |
35 | | LIB_STATE_OPERATIONAL, |
36 | | LIB_STATE_ERROR, |
37 | | LIB_STATE_SHUTDOWN |
38 | | } gnutls_lib_state_t; |
39 | | |
40 | | /* do not access directly */ |
41 | | extern unsigned int _gnutls_lib_state; |
42 | | extern gnutls_crypto_rnd_st _gnutls_fips_rnd_ops; |
43 | | |
44 | | void _gnutls_switch_fips_state(gnutls_fips140_operation_state_t state); |
45 | | |
46 | | inline static void _gnutls_switch_lib_state(gnutls_lib_state_t state) |
47 | 102 | { |
48 | | /* Once into zombie state no errors can change us */ |
49 | 102 | _gnutls_lib_state = state; |
50 | 102 | } Unexecuted instantiation: cert-cred.c:_gnutls_switch_lib_state global.c:_gnutls_switch_lib_state Line | Count | Source | 47 | 102 | { | 48 | | /* Once into zombie state no errors can change us */ | 49 | 102 | _gnutls_lib_state = state; | 50 | 102 | } |
Unexecuted instantiation: cert-cred-x509.c:_gnutls_switch_lib_state Unexecuted instantiation: random.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey.c:_gnutls_switch_lib_state Unexecuted instantiation: pcert.c:_gnutls_switch_lib_state Unexecuted instantiation: pubkey.c:_gnutls_switch_lib_state Unexecuted instantiation: crypto-backend.c:_gnutls_switch_lib_state Unexecuted instantiation: fips.c:_gnutls_switch_lib_state Unexecuted instantiation: common.c:_gnutls_switch_lib_state Unexecuted instantiation: crl.c:_gnutls_switch_lib_state Unexecuted instantiation: crq.c:_gnutls_switch_lib_state Unexecuted instantiation: dn.c:_gnutls_switch_lib_state Unexecuted instantiation: extensions.c:_gnutls_switch_lib_state Unexecuted instantiation: key_decode.c:_gnutls_switch_lib_state Unexecuted instantiation: key_encode.c:_gnutls_switch_lib_state Unexecuted instantiation: mpi.c:_gnutls_switch_lib_state Unexecuted instantiation: output.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs12.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs12_bag.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs7-crypt.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey_openssl.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey_pkcs8.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey_pkcs8_pbes1.c:_gnutls_switch_lib_state Unexecuted instantiation: prov-seed.c:_gnutls_switch_lib_state Unexecuted instantiation: sign.c:_gnutls_switch_lib_state Unexecuted instantiation: spki.c:_gnutls_switch_lib_state Unexecuted instantiation: time.c:_gnutls_switch_lib_state Unexecuted instantiation: tls_features.c:_gnutls_switch_lib_state Unexecuted instantiation: verify-high.c:_gnutls_switch_lib_state Unexecuted instantiation: verify-high2.c:_gnutls_switch_lib_state Unexecuted instantiation: verify.c:_gnutls_switch_lib_state Unexecuted instantiation: virt-san.c:_gnutls_switch_lib_state Unexecuted instantiation: x509.c:_gnutls_switch_lib_state Unexecuted instantiation: x509_dn.c:_gnutls_switch_lib_state Unexecuted instantiation: x509_ext.c:_gnutls_switch_lib_state Unexecuted instantiation: x509_write.c:_gnutls_switch_lib_state Unexecuted instantiation: ciphers.c:_gnutls_switch_lib_state Unexecuted instantiation: ecc.c:_gnutls_switch_lib_state Unexecuted instantiation: mac.c:_gnutls_switch_lib_state Unexecuted instantiation: publickey.c:_gnutls_switch_lib_state Unexecuted instantiation: secparams.c:_gnutls_switch_lib_state Unexecuted instantiation: cipher.c:_gnutls_switch_lib_state Unexecuted instantiation: pk.c:_gnutls_switch_lib_state Unexecuted instantiation: rnd-fuzzer.c:_gnutls_switch_lib_state Unexecuted instantiation: rnd.c:_gnutls_switch_lib_state Unexecuted instantiation: rsa-keygen-fips186.c:_gnutls_switch_lib_state Unexecuted instantiation: sysrng-linux.c:_gnutls_switch_lib_state Unexecuted instantiation: dh.c:_gnutls_switch_lib_state Unexecuted instantiation: priority.c:_gnutls_switch_lib_state Unexecuted instantiation: hash_int.c:_gnutls_switch_lib_state Unexecuted instantiation: cipher_int.c:_gnutls_switch_lib_state Unexecuted instantiation: profiles.c:_gnutls_switch_lib_state Unexecuted instantiation: state.c:_gnutls_switch_lib_state Unexecuted instantiation: crypto-api.c:_gnutls_switch_lib_state Unexecuted instantiation: secrets.c:_gnutls_switch_lib_state Unexecuted instantiation: attributes.c:_gnutls_switch_lib_state Unexecuted instantiation: email-verify.c:_gnutls_switch_lib_state Unexecuted instantiation: hostname-verify.c:_gnutls_switch_lib_state Unexecuted instantiation: krb5.c:_gnutls_switch_lib_state Unexecuted instantiation: name_constraints.c:_gnutls_switch_lib_state Unexecuted instantiation: ocsp.c:_gnutls_switch_lib_state Unexecuted instantiation: heartbeat.c:_gnutls_switch_lib_state Unexecuted instantiation: session_ticket.c:_gnutls_switch_lib_state Unexecuted instantiation: psk_passwd.c:_gnutls_switch_lib_state Unexecuted instantiation: cert_types.c:_gnutls_switch_lib_state Unexecuted instantiation: ciphersuites.c:_gnutls_switch_lib_state Unexecuted instantiation: groups.c:_gnutls_switch_lib_state Unexecuted instantiation: kx.c:_gnutls_switch_lib_state Unexecuted instantiation: protocols.c:_gnutls_switch_lib_state Unexecuted instantiation: aes-ccm-x86-aesni.c:_gnutls_switch_lib_state Unexecuted instantiation: aes-xts-x86-aesni.c:_gnutls_switch_lib_state Unexecuted instantiation: dsa-keygen-fips186.c:_gnutls_switch_lib_state Unexecuted instantiation: dsa-validate.c:_gnutls_switch_lib_state Unexecuted instantiation: provable-prime.c:_gnutls_switch_lib_state Unexecuted instantiation: tls1-prf.c:_gnutls_switch_lib_state Unexecuted instantiation: record.c:_gnutls_switch_lib_state Unexecuted instantiation: handshake-tls13.c:_gnutls_switch_lib_state Unexecuted instantiation: handshake.c:_gnutls_switch_lib_state Unexecuted instantiation: constate.c:_gnutls_switch_lib_state Unexecuted instantiation: tls-sig.c:_gnutls_switch_lib_state Unexecuted instantiation: post_handshake.c:_gnutls_switch_lib_state Unexecuted instantiation: rsa.c:_gnutls_switch_lib_state Unexecuted instantiation: rsa_psk.c:_gnutls_switch_lib_state Unexecuted instantiation: vko.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs7-output.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs7.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs7-attrs.c:_gnutls_switch_lib_state |
51 | | |
52 | | inline static gnutls_lib_state_t _gnutls_get_lib_state(void) |
53 | 38.1M | { |
54 | 38.1M | return _gnutls_lib_state; |
55 | 38.1M | } Unexecuted instantiation: cert-cred.c:_gnutls_get_lib_state Unexecuted instantiation: global.c:_gnutls_get_lib_state Unexecuted instantiation: cert-cred-x509.c:_gnutls_get_lib_state random.c:_gnutls_get_lib_state Line | Count | Source | 53 | 173k | { | 54 | 173k | return _gnutls_lib_state; | 55 | 173k | } |
privkey.c:_gnutls_get_lib_state Line | Count | Source | 53 | 114k | { | 54 | 114k | return _gnutls_lib_state; | 55 | 114k | } |
Unexecuted instantiation: pcert.c:_gnutls_get_lib_state pubkey.c:_gnutls_get_lib_state Line | Count | Source | 53 | 64.6k | { | 54 | 64.6k | return _gnutls_lib_state; | 55 | 64.6k | } |
Unexecuted instantiation: crypto-backend.c:_gnutls_get_lib_state Unexecuted instantiation: fips.c:_gnutls_get_lib_state Unexecuted instantiation: common.c:_gnutls_get_lib_state crl.c:_gnutls_get_lib_state Line | Count | Source | 53 | 4.62k | { | 54 | 4.62k | return _gnutls_lib_state; | 55 | 4.62k | } |
crq.c:_gnutls_get_lib_state Line | Count | Source | 53 | 4.96k | { | 54 | 4.96k | return _gnutls_lib_state; | 55 | 4.96k | } |
Unexecuted instantiation: dn.c:_gnutls_get_lib_state Unexecuted instantiation: extensions.c:_gnutls_get_lib_state Unexecuted instantiation: key_decode.c:_gnutls_get_lib_state Unexecuted instantiation: key_encode.c:_gnutls_get_lib_state Unexecuted instantiation: mpi.c:_gnutls_get_lib_state Unexecuted instantiation: output.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs12.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs12_bag.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs7-crypt.c:_gnutls_get_lib_state Unexecuted instantiation: privkey_openssl.c:_gnutls_get_lib_state Unexecuted instantiation: privkey_pkcs8.c:_gnutls_get_lib_state Unexecuted instantiation: privkey_pkcs8_pbes1.c:_gnutls_get_lib_state Unexecuted instantiation: prov-seed.c:_gnutls_get_lib_state Unexecuted instantiation: sign.c:_gnutls_get_lib_state Unexecuted instantiation: spki.c:_gnutls_get_lib_state Unexecuted instantiation: time.c:_gnutls_get_lib_state Unexecuted instantiation: tls_features.c:_gnutls_get_lib_state verify-high.c:_gnutls_get_lib_state Line | Count | Source | 53 | 33.6k | { | 54 | 33.6k | return _gnutls_lib_state; | 55 | 33.6k | } |
Unexecuted instantiation: verify-high2.c:_gnutls_get_lib_state Unexecuted instantiation: verify.c:_gnutls_get_lib_state Unexecuted instantiation: virt-san.c:_gnutls_get_lib_state x509.c:_gnutls_get_lib_state Line | Count | Source | 53 | 79.6k | { | 54 | 79.6k | return _gnutls_lib_state; | 55 | 79.6k | } |
Unexecuted instantiation: x509_dn.c:_gnutls_get_lib_state Unexecuted instantiation: x509_ext.c:_gnutls_get_lib_state Unexecuted instantiation: x509_write.c:_gnutls_get_lib_state Unexecuted instantiation: ciphers.c:_gnutls_get_lib_state Unexecuted instantiation: ecc.c:_gnutls_get_lib_state Unexecuted instantiation: mac.c:_gnutls_get_lib_state Unexecuted instantiation: publickey.c:_gnutls_get_lib_state Unexecuted instantiation: secparams.c:_gnutls_get_lib_state Unexecuted instantiation: cipher.c:_gnutls_get_lib_state pk.c:_gnutls_get_lib_state Line | Count | Source | 53 | 378k | { | 54 | 378k | return _gnutls_lib_state; | 55 | 378k | } |
Unexecuted instantiation: rnd-fuzzer.c:_gnutls_get_lib_state Unexecuted instantiation: rnd.c:_gnutls_get_lib_state Unexecuted instantiation: rsa-keygen-fips186.c:_gnutls_get_lib_state Unexecuted instantiation: sysrng-linux.c:_gnutls_get_lib_state Unexecuted instantiation: dh.c:_gnutls_get_lib_state Unexecuted instantiation: priority.c:_gnutls_get_lib_state hash_int.c:_gnutls_get_lib_state Line | Count | Source | 53 | 37.1M | { | 54 | 37.1M | return _gnutls_lib_state; | 55 | 37.1M | } |
cipher_int.c:_gnutls_get_lib_state Line | Count | Source | 53 | 58.5k | { | 54 | 58.5k | return _gnutls_lib_state; | 55 | 58.5k | } |
Unexecuted instantiation: profiles.c:_gnutls_get_lib_state state.c:_gnutls_get_lib_state Line | Count | Source | 53 | 36.5k | { | 54 | 36.5k | return _gnutls_lib_state; | 55 | 36.5k | } |
Unexecuted instantiation: crypto-api.c:_gnutls_get_lib_state Unexecuted instantiation: secrets.c:_gnutls_get_lib_state Unexecuted instantiation: attributes.c:_gnutls_get_lib_state Unexecuted instantiation: email-verify.c:_gnutls_get_lib_state Unexecuted instantiation: hostname-verify.c:_gnutls_get_lib_state Unexecuted instantiation: krb5.c:_gnutls_get_lib_state Unexecuted instantiation: name_constraints.c:_gnutls_get_lib_state Unexecuted instantiation: ocsp.c:_gnutls_get_lib_state Unexecuted instantiation: heartbeat.c:_gnutls_get_lib_state Unexecuted instantiation: session_ticket.c:_gnutls_get_lib_state Unexecuted instantiation: psk_passwd.c:_gnutls_get_lib_state Unexecuted instantiation: cert_types.c:_gnutls_get_lib_state Unexecuted instantiation: ciphersuites.c:_gnutls_get_lib_state Unexecuted instantiation: groups.c:_gnutls_get_lib_state Unexecuted instantiation: kx.c:_gnutls_get_lib_state Unexecuted instantiation: protocols.c:_gnutls_get_lib_state Unexecuted instantiation: aes-ccm-x86-aesni.c:_gnutls_get_lib_state Unexecuted instantiation: aes-xts-x86-aesni.c:_gnutls_get_lib_state Unexecuted instantiation: dsa-keygen-fips186.c:_gnutls_get_lib_state Unexecuted instantiation: dsa-validate.c:_gnutls_get_lib_state Unexecuted instantiation: provable-prime.c:_gnutls_get_lib_state Unexecuted instantiation: tls1-prf.c:_gnutls_get_lib_state Unexecuted instantiation: record.c:_gnutls_get_lib_state Unexecuted instantiation: handshake-tls13.c:_gnutls_get_lib_state Unexecuted instantiation: handshake.c:_gnutls_get_lib_state Unexecuted instantiation: constate.c:_gnutls_get_lib_state Unexecuted instantiation: tls-sig.c:_gnutls_get_lib_state Unexecuted instantiation: post_handshake.c:_gnutls_get_lib_state Unexecuted instantiation: rsa.c:_gnutls_get_lib_state Unexecuted instantiation: rsa_psk.c:_gnutls_get_lib_state Unexecuted instantiation: vko.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs7-output.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs7.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs7-attrs.c:_gnutls_get_lib_state |
56 | | |
57 | | int _gnutls_fips_perform_self_checks1(void); |
58 | | int _gnutls_fips_perform_self_checks2(void); |
59 | | void _gnutls_fips_mode_reset_zombie(void); |
60 | | |
61 | | #ifdef ENABLE_FIPS140 |
62 | | unsigned _gnutls_fips_mode_enabled(void); |
63 | | #else |
64 | 67.7k | #define _gnutls_fips_mode_enabled() 0 |
65 | | #endif |
66 | | |
67 | | #define HAVE_LIB_ERROR() \ |
68 | 38.0M | unlikely(_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && \ |
69 | 38.0M | _gnutls_get_lib_state() != LIB_STATE_SELFTEST) |
70 | | |
71 | | #define FAIL_IF_LIB_ERROR \ |
72 | 38.0M | if (HAVE_LIB_ERROR()) \ |
73 | 38.0M | return GNUTLS_E_LIB_IN_ERROR_STATE |
74 | | |
75 | | void _gnutls_lib_simulate_error(void); |
76 | | void _gnutls_lib_force_operational(void); |
77 | | |
78 | | inline static bool |
79 | | is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo) |
80 | 2.85M | { |
81 | 2.85M | switch (algo) { |
82 | 64.8k | case GNUTLS_MAC_SHA1: |
83 | 208k | case GNUTLS_MAC_SHA256: |
84 | 270k | case GNUTLS_MAC_SHA384: |
85 | 270k | case GNUTLS_MAC_SHA512: |
86 | 270k | case GNUTLS_MAC_SHA224: |
87 | 270k | case GNUTLS_MAC_SHA3_224: |
88 | 270k | case GNUTLS_MAC_SHA3_256: |
89 | 270k | case GNUTLS_MAC_SHA3_384: |
90 | 270k | case GNUTLS_MAC_SHA3_512: |
91 | 270k | return true; |
92 | 2.58M | default: |
93 | 2.58M | return false; |
94 | 2.85M | } |
95 | 2.85M | } Unexecuted instantiation: cert-cred.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: global.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cert-cred-x509.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: random.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pcert.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pubkey.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: crypto-backend.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: fips.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: common.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: crl.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: crq.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dn.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: extensions.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: key_decode.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: key_encode.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: mpi.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: output.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs12.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs12_bag.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey_openssl.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: prov-seed.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: sign.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: spki.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: time.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: tls_features.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: verify-high.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: verify-high2.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: verify.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: virt-san.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509_dn.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509_ext.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509_write.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ciphers.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ecc.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: mac.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: publickey.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: secparams.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cipher.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pk.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rnd.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: sysrng-linux.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dh.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: priority.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: hash_int.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cipher_int.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: profiles.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: state.c:is_mac_algo_hmac_approved_in_fips crypto-api.c:is_mac_algo_hmac_approved_in_fips Line | Count | Source | 80 | 2.85M | { | 81 | 2.85M | switch (algo) { | 82 | 64.8k | case GNUTLS_MAC_SHA1: | 83 | 208k | case GNUTLS_MAC_SHA256: | 84 | 270k | case GNUTLS_MAC_SHA384: | 85 | 270k | case GNUTLS_MAC_SHA512: | 86 | 270k | case GNUTLS_MAC_SHA224: | 87 | 270k | case GNUTLS_MAC_SHA3_224: | 88 | 270k | case GNUTLS_MAC_SHA3_256: | 89 | 270k | case GNUTLS_MAC_SHA3_384: | 90 | 270k | case GNUTLS_MAC_SHA3_512: | 91 | 270k | return true; | 92 | 2.58M | default: | 93 | | return false; | 94 | 2.85M | } | 95 | 2.85M | } |
Unexecuted instantiation: secrets.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: attributes.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: email-verify.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: hostname-verify.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: krb5.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: name_constraints.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ocsp.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: heartbeat.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: session_ticket.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: psk_passwd.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cert_types.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ciphersuites.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: groups.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: kx.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: protocols.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dsa-validate.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: provable-prime.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: tls1-prf.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: record.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: handshake-tls13.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: handshake.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: constate.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: tls-sig.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: post_handshake.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rsa.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rsa_psk.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: vko.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs7-output.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs7.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs7-attrs.c:is_mac_algo_hmac_approved_in_fips |
96 | | |
97 | | inline static bool is_mac_algo_approved_in_fips(gnutls_mac_algorithm_t algo) |
98 | 2.85M | { |
99 | 2.85M | if (is_mac_algo_hmac_approved_in_fips(algo)) { |
100 | 264k | return true; |
101 | 264k | } |
102 | | |
103 | 2.58M | switch (algo) { |
104 | 0 | case GNUTLS_MAC_AES_CMAC_128: |
105 | 0 | case GNUTLS_MAC_AES_CMAC_256: |
106 | 0 | case GNUTLS_MAC_AES_GMAC_128: |
107 | 0 | case GNUTLS_MAC_AES_GMAC_192: |
108 | 0 | case GNUTLS_MAC_AES_GMAC_256: |
109 | | /* They are not a MAC algorithm, but go through the same check */ |
110 | 0 | case GNUTLS_MAC_SHAKE_128: |
111 | 0 | case GNUTLS_MAC_SHAKE_256: |
112 | 0 | return true; |
113 | 2.58M | default: |
114 | 2.58M | return false; |
115 | 2.58M | } |
116 | 2.58M | } Unexecuted instantiation: cert-cred.c:is_mac_algo_approved_in_fips Unexecuted instantiation: global.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cert-cred-x509.c:is_mac_algo_approved_in_fips Unexecuted instantiation: random.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pcert.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pubkey.c:is_mac_algo_approved_in_fips Unexecuted instantiation: crypto-backend.c:is_mac_algo_approved_in_fips Unexecuted instantiation: fips.c:is_mac_algo_approved_in_fips Unexecuted instantiation: common.c:is_mac_algo_approved_in_fips Unexecuted instantiation: crl.c:is_mac_algo_approved_in_fips Unexecuted instantiation: crq.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dn.c:is_mac_algo_approved_in_fips Unexecuted instantiation: extensions.c:is_mac_algo_approved_in_fips Unexecuted instantiation: key_decode.c:is_mac_algo_approved_in_fips Unexecuted instantiation: key_encode.c:is_mac_algo_approved_in_fips Unexecuted instantiation: mpi.c:is_mac_algo_approved_in_fips Unexecuted instantiation: output.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs12.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs12_bag.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey_openssl.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_mac_algo_approved_in_fips Unexecuted instantiation: prov-seed.c:is_mac_algo_approved_in_fips Unexecuted instantiation: sign.c:is_mac_algo_approved_in_fips Unexecuted instantiation: spki.c:is_mac_algo_approved_in_fips Unexecuted instantiation: time.c:is_mac_algo_approved_in_fips Unexecuted instantiation: tls_features.c:is_mac_algo_approved_in_fips Unexecuted instantiation: verify-high.c:is_mac_algo_approved_in_fips Unexecuted instantiation: verify-high2.c:is_mac_algo_approved_in_fips Unexecuted instantiation: verify.c:is_mac_algo_approved_in_fips Unexecuted instantiation: virt-san.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509_dn.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509_ext.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509_write.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ciphers.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ecc.c:is_mac_algo_approved_in_fips Unexecuted instantiation: mac.c:is_mac_algo_approved_in_fips Unexecuted instantiation: publickey.c:is_mac_algo_approved_in_fips Unexecuted instantiation: secparams.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cipher.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pk.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rnd.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_mac_algo_approved_in_fips Unexecuted instantiation: sysrng-linux.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dh.c:is_mac_algo_approved_in_fips Unexecuted instantiation: priority.c:is_mac_algo_approved_in_fips Unexecuted instantiation: hash_int.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cipher_int.c:is_mac_algo_approved_in_fips Unexecuted instantiation: profiles.c:is_mac_algo_approved_in_fips Unexecuted instantiation: state.c:is_mac_algo_approved_in_fips crypto-api.c:is_mac_algo_approved_in_fips Line | Count | Source | 98 | 2.85M | { | 99 | 2.85M | if (is_mac_algo_hmac_approved_in_fips(algo)) { | 100 | 264k | return true; | 101 | 264k | } | 102 | | | 103 | 2.58M | switch (algo) { | 104 | 0 | case GNUTLS_MAC_AES_CMAC_128: | 105 | 0 | case GNUTLS_MAC_AES_CMAC_256: | 106 | 0 | case GNUTLS_MAC_AES_GMAC_128: | 107 | 0 | case GNUTLS_MAC_AES_GMAC_192: | 108 | 0 | case GNUTLS_MAC_AES_GMAC_256: | 109 | | /* They are not a MAC algorithm, but go through the same check */ | 110 | 0 | case GNUTLS_MAC_SHAKE_128: | 111 | 0 | case GNUTLS_MAC_SHAKE_256: | 112 | 0 | return true; | 113 | 2.58M | default: | 114 | | return false; | 115 | 2.58M | } | 116 | 2.58M | } |
Unexecuted instantiation: secrets.c:is_mac_algo_approved_in_fips Unexecuted instantiation: attributes.c:is_mac_algo_approved_in_fips Unexecuted instantiation: email-verify.c:is_mac_algo_approved_in_fips Unexecuted instantiation: hostname-verify.c:is_mac_algo_approved_in_fips Unexecuted instantiation: krb5.c:is_mac_algo_approved_in_fips Unexecuted instantiation: name_constraints.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ocsp.c:is_mac_algo_approved_in_fips Unexecuted instantiation: heartbeat.c:is_mac_algo_approved_in_fips Unexecuted instantiation: session_ticket.c:is_mac_algo_approved_in_fips Unexecuted instantiation: psk_passwd.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cert_types.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ciphersuites.c:is_mac_algo_approved_in_fips Unexecuted instantiation: groups.c:is_mac_algo_approved_in_fips Unexecuted instantiation: kx.c:is_mac_algo_approved_in_fips Unexecuted instantiation: protocols.c:is_mac_algo_approved_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_mac_algo_approved_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dsa-validate.c:is_mac_algo_approved_in_fips Unexecuted instantiation: provable-prime.c:is_mac_algo_approved_in_fips Unexecuted instantiation: tls1-prf.c:is_mac_algo_approved_in_fips Unexecuted instantiation: record.c:is_mac_algo_approved_in_fips Unexecuted instantiation: handshake-tls13.c:is_mac_algo_approved_in_fips Unexecuted instantiation: handshake.c:is_mac_algo_approved_in_fips Unexecuted instantiation: constate.c:is_mac_algo_approved_in_fips Unexecuted instantiation: tls-sig.c:is_mac_algo_approved_in_fips Unexecuted instantiation: post_handshake.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rsa.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rsa_psk.c:is_mac_algo_approved_in_fips Unexecuted instantiation: vko.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs7-output.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs7.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs7-attrs.c:is_mac_algo_approved_in_fips |
117 | | |
118 | | inline static bool is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo) |
119 | 0 | { |
120 | 0 | return is_mac_algo_approved_in_fips(algo); |
121 | 0 | } Unexecuted instantiation: cert-cred.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: global.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cert-cred-x509.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: random.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pcert.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pubkey.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crypto-backend.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: fips.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: common.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crl.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crq.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dn.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: extensions.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: key_decode.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: key_encode.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: mpi.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: output.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs12.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs12_bag.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey_openssl.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: prov-seed.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: sign.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: spki.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: time.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: tls_features.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: verify-high.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: verify-high2.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: verify.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: virt-san.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509_dn.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509_ext.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509_write.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ciphers.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ecc.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: mac.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: publickey.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: secparams.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cipher.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pk.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rnd.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: sysrng-linux.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dh.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: priority.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: hash_int.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cipher_int.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: profiles.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: state.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crypto-api.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: secrets.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: attributes.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: email-verify.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: hostname-verify.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: krb5.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: name_constraints.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ocsp.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: heartbeat.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: session_ticket.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: psk_passwd.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cert_types.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ciphersuites.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: groups.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: kx.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: protocols.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dsa-validate.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: provable-prime.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: tls1-prf.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: record.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: handshake-tls13.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: handshake.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: constate.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: tls-sig.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: post_handshake.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rsa.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rsa_psk.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: vko.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs7-output.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs7.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs7-attrs.c:is_mac_algo_allowed_in_fips |
122 | | |
123 | | inline static bool |
124 | | is_cipher_algo_approved_in_fips(gnutls_cipher_algorithm_t algo) |
125 | 13.2k | { |
126 | 13.2k | switch (algo) { |
127 | 5.29k | case GNUTLS_CIPHER_AES_128_CBC: |
128 | 5.65k | case GNUTLS_CIPHER_AES_256_CBC: |
129 | 5.66k | case GNUTLS_CIPHER_AES_192_CBC: |
130 | 5.66k | case GNUTLS_CIPHER_AES_128_CCM: |
131 | 5.66k | case GNUTLS_CIPHER_AES_256_CCM: |
132 | 5.66k | case GNUTLS_CIPHER_AES_128_CCM_8: |
133 | 5.66k | case GNUTLS_CIPHER_AES_256_CCM_8: |
134 | 5.66k | case GNUTLS_CIPHER_AES_128_CFB8: |
135 | 5.66k | case GNUTLS_CIPHER_AES_192_CFB8: |
136 | 5.66k | case GNUTLS_CIPHER_AES_256_CFB8: |
137 | 5.66k | case GNUTLS_CIPHER_AES_128_CFB: |
138 | 5.66k | case GNUTLS_CIPHER_AES_192_CFB: |
139 | 5.66k | case GNUTLS_CIPHER_AES_256_CFB: |
140 | 5.66k | case GNUTLS_CIPHER_AES_128_XTS: |
141 | 5.66k | case GNUTLS_CIPHER_AES_256_XTS: |
142 | 5.66k | return true; |
143 | 7.53k | default: |
144 | 7.53k | return false; |
145 | 13.2k | } |
146 | 13.2k | } Unexecuted instantiation: cert-cred.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: global.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cert-cred-x509.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: random.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pcert.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pubkey.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: crypto-backend.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: fips.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: common.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: crl.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: crq.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dn.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: extensions.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: key_decode.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: key_encode.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: mpi.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: output.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs12.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs12_bag.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey_openssl.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: prov-seed.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: sign.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: spki.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: time.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: tls_features.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: verify-high.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: verify-high2.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: verify.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: virt-san.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509_dn.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509_ext.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509_write.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ciphers.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ecc.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: mac.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: publickey.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: secparams.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cipher.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pk.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rnd.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: sysrng-linux.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dh.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: priority.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: hash_int.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cipher_int.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: profiles.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: state.c:is_cipher_algo_approved_in_fips crypto-api.c:is_cipher_algo_approved_in_fips Line | Count | Source | 125 | 13.2k | { | 126 | 13.2k | switch (algo) { | 127 | 5.29k | case GNUTLS_CIPHER_AES_128_CBC: | 128 | 5.65k | case GNUTLS_CIPHER_AES_256_CBC: | 129 | 5.66k | case GNUTLS_CIPHER_AES_192_CBC: | 130 | 5.66k | case GNUTLS_CIPHER_AES_128_CCM: | 131 | 5.66k | case GNUTLS_CIPHER_AES_256_CCM: | 132 | 5.66k | case GNUTLS_CIPHER_AES_128_CCM_8: | 133 | 5.66k | case GNUTLS_CIPHER_AES_256_CCM_8: | 134 | 5.66k | case GNUTLS_CIPHER_AES_128_CFB8: | 135 | 5.66k | case GNUTLS_CIPHER_AES_192_CFB8: | 136 | 5.66k | case GNUTLS_CIPHER_AES_256_CFB8: | 137 | 5.66k | case GNUTLS_CIPHER_AES_128_CFB: | 138 | 5.66k | case GNUTLS_CIPHER_AES_192_CFB: | 139 | 5.66k | case GNUTLS_CIPHER_AES_256_CFB: | 140 | 5.66k | case GNUTLS_CIPHER_AES_128_XTS: | 141 | 5.66k | case GNUTLS_CIPHER_AES_256_XTS: | 142 | 5.66k | return true; | 143 | 7.53k | default: | 144 | | return false; | 145 | 13.2k | } | 146 | 13.2k | } |
Unexecuted instantiation: secrets.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: attributes.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: email-verify.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: hostname-verify.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: krb5.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: name_constraints.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ocsp.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: heartbeat.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: session_ticket.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: psk_passwd.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cert_types.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ciphersuites.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: groups.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: kx.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: protocols.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dsa-validate.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: provable-prime.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: tls1-prf.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: record.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: handshake-tls13.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: handshake.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: constate.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: tls-sig.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: post_handshake.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rsa.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rsa_psk.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: vko.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs7-output.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs7.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs7-attrs.c:is_cipher_algo_approved_in_fips |
147 | | |
148 | | inline static bool |
149 | | is_cipher_algo_allowed_in_fips(gnutls_cipher_algorithm_t algo) |
150 | 0 | { |
151 | 0 | if (is_cipher_algo_approved_in_fips(algo)) { |
152 | 0 | return true; |
153 | 0 | } |
154 | 0 |
|
155 | 0 | /* GCM is only approved in TLS */ |
156 | 0 | switch (algo) { |
157 | 0 | case GNUTLS_CIPHER_AES_128_GCM: |
158 | 0 | case GNUTLS_CIPHER_AES_192_GCM: |
159 | 0 | case GNUTLS_CIPHER_AES_256_GCM: |
160 | 0 | return true; |
161 | 0 | default: |
162 | 0 | return false; |
163 | 0 | } |
164 | 0 | } Unexecuted instantiation: cert-cred.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: global.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cert-cred-x509.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: random.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pcert.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pubkey.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crypto-backend.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: fips.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: common.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crl.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crq.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dn.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: extensions.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: key_decode.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: key_encode.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: mpi.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: output.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs12.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs12_bag.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey_openssl.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: prov-seed.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: sign.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: spki.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: time.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: tls_features.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: verify-high.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: verify-high2.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: verify.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: virt-san.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509_dn.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509_ext.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509_write.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ciphers.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ecc.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: mac.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: publickey.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: secparams.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cipher.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pk.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rnd.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: sysrng-linux.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dh.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: priority.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: hash_int.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cipher_int.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: profiles.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: state.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crypto-api.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: secrets.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: attributes.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: email-verify.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: hostname-verify.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: krb5.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: name_constraints.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ocsp.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: heartbeat.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: session_ticket.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: psk_passwd.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cert_types.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ciphersuites.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: groups.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: kx.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: protocols.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dsa-validate.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: provable-prime.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: tls1-prf.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: record.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: handshake-tls13.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: handshake.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: constate.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: tls-sig.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: post_handshake.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rsa.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rsa_psk.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: vko.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs7-output.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs7.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs7-attrs.c:is_cipher_algo_allowed_in_fips |
165 | | |
166 | | #ifdef ENABLE_FIPS140 |
167 | | /* This will test the condition when in FIPS140-2 mode |
168 | | * and return an error if necessary or ignore */ |
169 | | #define FIPS_RULE(condition, ret_error, ...) \ |
170 | | { \ |
171 | | gnutls_fips_mode_t _mode = _gnutls_fips_mode_enabled(); \ |
172 | | if (_mode != GNUTLS_FIPS140_DISABLED) { \ |
173 | | if (condition) { \ |
174 | | if (_mode == GNUTLS_FIPS140_LOG) { \ |
175 | | _gnutls_audit_log( \ |
176 | | NULL, \ |
177 | | "fips140-2: allowing " __VA_ARGS__); \ |
178 | | } else if (_mode != GNUTLS_FIPS140_LAX) { \ |
179 | | _gnutls_debug_log( \ |
180 | | "fips140-2: disallowing " __VA_ARGS__); \ |
181 | | return ret_error; \ |
182 | | } \ |
183 | | } \ |
184 | | } \ |
185 | | } |
186 | | |
187 | | inline static bool is_mac_algo_allowed(gnutls_mac_algorithm_t algo) |
188 | | { |
189 | | gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled(); |
190 | | if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST && |
191 | | !is_mac_algo_allowed_in_fips(algo)) { |
192 | | switch (mode) { |
193 | | case GNUTLS_FIPS140_LOG: |
194 | | _gnutls_audit_log(NULL, |
195 | | "fips140-2: allowing access to %s\n", |
196 | | gnutls_mac_get_name(algo)); |
197 | | FALLTHROUGH; |
198 | | case GNUTLS_FIPS140_DISABLED: |
199 | | case GNUTLS_FIPS140_LAX: |
200 | | return true; |
201 | | default: |
202 | | return false; |
203 | | } |
204 | | } |
205 | | |
206 | | return true; |
207 | | } |
208 | | |
209 | | inline static bool is_cipher_algo_allowed(gnutls_cipher_algorithm_t algo) |
210 | | { |
211 | | gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled(); |
212 | | if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST && |
213 | | !is_cipher_algo_allowed_in_fips(algo)) { |
214 | | switch (mode) { |
215 | | case GNUTLS_FIPS140_LOG: |
216 | | _gnutls_audit_log(NULL, |
217 | | "fips140-2: allowing access to %s\n", |
218 | | gnutls_cipher_get_name(algo)); |
219 | | FALLTHROUGH; |
220 | | case GNUTLS_FIPS140_DISABLED: |
221 | | case GNUTLS_FIPS140_LAX: |
222 | | return true; |
223 | | default: |
224 | | return false; |
225 | | } |
226 | | } |
227 | | |
228 | | return true; |
229 | | } |
230 | | #else |
231 | 3.01M | #define is_mac_algo_allowed(x) true |
232 | 38.3k | #define is_cipher_algo_allowed(x) true |
233 | | #define FIPS_RULE(condition, ret_error, ...) |
234 | | #endif |
235 | | |
236 | | #endif /* GNUTLS_LIB_FIPS_H */ |