Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2013 Red Hat |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GnuTLS. |
7 | | * |
8 | | * The GnuTLS is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | #ifndef GNUTLS_LIB_FIPS_H |
24 | | #define GNUTLS_LIB_FIPS_H |
25 | | |
26 | | #include "gnutls_int.h" |
27 | | #include <gnutls/gnutls.h> |
28 | | |
29 | | #define FIPS140_RND_KEY_SIZE 32 |
30 | | |
31 | | typedef enum { |
32 | | LIB_STATE_POWERON, |
33 | | LIB_STATE_INIT, |
34 | | LIB_STATE_SELFTEST, |
35 | | LIB_STATE_OPERATIONAL, |
36 | | LIB_STATE_ERROR, |
37 | | LIB_STATE_SHUTDOWN |
38 | | } gnutls_lib_state_t; |
39 | | |
40 | | /* do not access directly */ |
41 | | extern unsigned int _gnutls_lib_state; |
42 | | extern gnutls_crypto_rnd_st _gnutls_fips_rnd_ops; |
43 | | |
44 | | void _gnutls_switch_fips_state(gnutls_fips140_operation_state_t state); |
45 | | |
46 | | inline static void _gnutls_switch_lib_state(gnutls_lib_state_t state) |
47 | 4 | { |
48 | | /* Once into zombie state no errors can change us */ |
49 | 4 | _gnutls_lib_state = state; |
50 | 4 | } Unexecuted instantiation: crypto-api.c:_gnutls_switch_lib_state Unexecuted instantiation: fips.c:_gnutls_switch_lib_state Unexecuted instantiation: ciphers.c:_gnutls_switch_lib_state Unexecuted instantiation: mac.c:_gnutls_switch_lib_state Unexecuted instantiation: hash_int.c:_gnutls_switch_lib_state Unexecuted instantiation: cipher_int.c:_gnutls_switch_lib_state global.c:_gnutls_switch_lib_state Line | Count | Source | 47 | 4 | { | 48 | | /* Once into zombie state no errors can change us */ | 49 | 4 | _gnutls_lib_state = state; | 50 | 4 | } |
Unexecuted instantiation: random.c:_gnutls_switch_lib_state Unexecuted instantiation: crypto-backend.c:_gnutls_switch_lib_state Unexecuted instantiation: cipher.c:_gnutls_switch_lib_state Unexecuted instantiation: mpi.c:_gnutls_switch_lib_state Unexecuted instantiation: rnd-fuzzer.c:_gnutls_switch_lib_state Unexecuted instantiation: rnd.c:_gnutls_switch_lib_state Unexecuted instantiation: sysrng-linux.c:_gnutls_switch_lib_state Unexecuted instantiation: priority.c:_gnutls_switch_lib_state Unexecuted instantiation: profiles.c:_gnutls_switch_lib_state Unexecuted instantiation: state.c:_gnutls_switch_lib_state Unexecuted instantiation: secrets.c:_gnutls_switch_lib_state Unexecuted instantiation: ocsp.c:_gnutls_switch_lib_state Unexecuted instantiation: output.c:_gnutls_switch_lib_state Unexecuted instantiation: time.c:_gnutls_switch_lib_state Unexecuted instantiation: tls_features.c:_gnutls_switch_lib_state Unexecuted instantiation: verify-high.c:_gnutls_switch_lib_state Unexecuted instantiation: verify.c:_gnutls_switch_lib_state Unexecuted instantiation: virt-san.c:_gnutls_switch_lib_state Unexecuted instantiation: x509.c:_gnutls_switch_lib_state Unexecuted instantiation: x509_ext.c:_gnutls_switch_lib_state Unexecuted instantiation: heartbeat.c:_gnutls_switch_lib_state Unexecuted instantiation: session_ticket.c:_gnutls_switch_lib_state Unexecuted instantiation: psk_passwd.c:_gnutls_switch_lib_state Unexecuted instantiation: cert_types.c:_gnutls_switch_lib_state Unexecuted instantiation: ciphersuites.c:_gnutls_switch_lib_state Unexecuted instantiation: ecc.c:_gnutls_switch_lib_state Unexecuted instantiation: groups.c:_gnutls_switch_lib_state Unexecuted instantiation: kx.c:_gnutls_switch_lib_state Unexecuted instantiation: protocols.c:_gnutls_switch_lib_state Unexecuted instantiation: publickey.c:_gnutls_switch_lib_state Unexecuted instantiation: secparams.c:_gnutls_switch_lib_state Unexecuted instantiation: sign.c:_gnutls_switch_lib_state Unexecuted instantiation: aes-ccm-x86-aesni.c:_gnutls_switch_lib_state Unexecuted instantiation: aes-xts-x86-aesni.c:_gnutls_switch_lib_state Unexecuted instantiation: pk.c:_gnutls_switch_lib_state Unexecuted instantiation: rsa-keygen-fips186.c:_gnutls_switch_lib_state Unexecuted instantiation: tls1-prf.c:_gnutls_switch_lib_state Unexecuted instantiation: record.c:_gnutls_switch_lib_state Unexecuted instantiation: handshake-tls13.c:_gnutls_switch_lib_state Unexecuted instantiation: handshake.c:_gnutls_switch_lib_state Unexecuted instantiation: cert-cred.c:_gnutls_switch_lib_state Unexecuted instantiation: constate.c:_gnutls_switch_lib_state Unexecuted instantiation: tls-sig.c:_gnutls_switch_lib_state Unexecuted instantiation: cert-cred-x509.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey.c:_gnutls_switch_lib_state Unexecuted instantiation: pcert.c:_gnutls_switch_lib_state Unexecuted instantiation: pubkey.c:_gnutls_switch_lib_state Unexecuted instantiation: post_handshake.c:_gnutls_switch_lib_state Unexecuted instantiation: common.c:_gnutls_switch_lib_state Unexecuted instantiation: crl.c:_gnutls_switch_lib_state Unexecuted instantiation: crq.c:_gnutls_switch_lib_state Unexecuted instantiation: dn.c:_gnutls_switch_lib_state Unexecuted instantiation: email-verify.c:_gnutls_switch_lib_state Unexecuted instantiation: extensions.c:_gnutls_switch_lib_state Unexecuted instantiation: hostname-verify.c:_gnutls_switch_lib_state Unexecuted instantiation: key_decode.c:_gnutls_switch_lib_state Unexecuted instantiation: key_encode.c:_gnutls_switch_lib_state Unexecuted instantiation: krb5.c:_gnutls_switch_lib_state Unexecuted instantiation: name_constraints.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs12.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs12_bag.c:_gnutls_switch_lib_state Unexecuted instantiation: pkcs7-crypt.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey_openssl.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey_pkcs8.c:_gnutls_switch_lib_state Unexecuted instantiation: privkey_pkcs8_pbes1.c:_gnutls_switch_lib_state Unexecuted instantiation: prov-seed.c:_gnutls_switch_lib_state Unexecuted instantiation: verify-high2.c:_gnutls_switch_lib_state Unexecuted instantiation: x509_dn.c:_gnutls_switch_lib_state Unexecuted instantiation: x509_write.c:_gnutls_switch_lib_state Unexecuted instantiation: rsa.c:_gnutls_switch_lib_state Unexecuted instantiation: rsa_psk.c:_gnutls_switch_lib_state Unexecuted instantiation: dsa-keygen-fips186.c:_gnutls_switch_lib_state Unexecuted instantiation: dsa-validate.c:_gnutls_switch_lib_state Unexecuted instantiation: provable-prime.c:_gnutls_switch_lib_state Unexecuted instantiation: dh.c:_gnutls_switch_lib_state Unexecuted instantiation: vko.c:_gnutls_switch_lib_state Unexecuted instantiation: attributes.c:_gnutls_switch_lib_state |
51 | | |
52 | | inline static gnutls_lib_state_t _gnutls_get_lib_state(void) |
53 | 0 | { |
54 | 0 | return _gnutls_lib_state; |
55 | 0 | } Unexecuted instantiation: crypto-api.c:_gnutls_get_lib_state Unexecuted instantiation: fips.c:_gnutls_get_lib_state Unexecuted instantiation: ciphers.c:_gnutls_get_lib_state Unexecuted instantiation: mac.c:_gnutls_get_lib_state Unexecuted instantiation: hash_int.c:_gnutls_get_lib_state Unexecuted instantiation: cipher_int.c:_gnutls_get_lib_state Unexecuted instantiation: global.c:_gnutls_get_lib_state Unexecuted instantiation: random.c:_gnutls_get_lib_state Unexecuted instantiation: crypto-backend.c:_gnutls_get_lib_state Unexecuted instantiation: cipher.c:_gnutls_get_lib_state Unexecuted instantiation: mpi.c:_gnutls_get_lib_state Unexecuted instantiation: rnd-fuzzer.c:_gnutls_get_lib_state Unexecuted instantiation: rnd.c:_gnutls_get_lib_state Unexecuted instantiation: sysrng-linux.c:_gnutls_get_lib_state Unexecuted instantiation: priority.c:_gnutls_get_lib_state Unexecuted instantiation: profiles.c:_gnutls_get_lib_state Unexecuted instantiation: state.c:_gnutls_get_lib_state Unexecuted instantiation: secrets.c:_gnutls_get_lib_state Unexecuted instantiation: ocsp.c:_gnutls_get_lib_state Unexecuted instantiation: output.c:_gnutls_get_lib_state Unexecuted instantiation: time.c:_gnutls_get_lib_state Unexecuted instantiation: tls_features.c:_gnutls_get_lib_state Unexecuted instantiation: verify-high.c:_gnutls_get_lib_state Unexecuted instantiation: verify.c:_gnutls_get_lib_state Unexecuted instantiation: virt-san.c:_gnutls_get_lib_state Unexecuted instantiation: x509.c:_gnutls_get_lib_state Unexecuted instantiation: x509_ext.c:_gnutls_get_lib_state Unexecuted instantiation: heartbeat.c:_gnutls_get_lib_state Unexecuted instantiation: session_ticket.c:_gnutls_get_lib_state Unexecuted instantiation: psk_passwd.c:_gnutls_get_lib_state Unexecuted instantiation: cert_types.c:_gnutls_get_lib_state Unexecuted instantiation: ciphersuites.c:_gnutls_get_lib_state Unexecuted instantiation: ecc.c:_gnutls_get_lib_state Unexecuted instantiation: groups.c:_gnutls_get_lib_state Unexecuted instantiation: kx.c:_gnutls_get_lib_state Unexecuted instantiation: protocols.c:_gnutls_get_lib_state Unexecuted instantiation: publickey.c:_gnutls_get_lib_state Unexecuted instantiation: secparams.c:_gnutls_get_lib_state Unexecuted instantiation: sign.c:_gnutls_get_lib_state Unexecuted instantiation: aes-ccm-x86-aesni.c:_gnutls_get_lib_state Unexecuted instantiation: aes-xts-x86-aesni.c:_gnutls_get_lib_state Unexecuted instantiation: pk.c:_gnutls_get_lib_state Unexecuted instantiation: rsa-keygen-fips186.c:_gnutls_get_lib_state Unexecuted instantiation: tls1-prf.c:_gnutls_get_lib_state Unexecuted instantiation: record.c:_gnutls_get_lib_state Unexecuted instantiation: handshake-tls13.c:_gnutls_get_lib_state Unexecuted instantiation: handshake.c:_gnutls_get_lib_state Unexecuted instantiation: cert-cred.c:_gnutls_get_lib_state Unexecuted instantiation: constate.c:_gnutls_get_lib_state Unexecuted instantiation: tls-sig.c:_gnutls_get_lib_state Unexecuted instantiation: cert-cred-x509.c:_gnutls_get_lib_state Unexecuted instantiation: privkey.c:_gnutls_get_lib_state Unexecuted instantiation: pcert.c:_gnutls_get_lib_state Unexecuted instantiation: pubkey.c:_gnutls_get_lib_state Unexecuted instantiation: post_handshake.c:_gnutls_get_lib_state Unexecuted instantiation: common.c:_gnutls_get_lib_state Unexecuted instantiation: crl.c:_gnutls_get_lib_state Unexecuted instantiation: crq.c:_gnutls_get_lib_state Unexecuted instantiation: dn.c:_gnutls_get_lib_state Unexecuted instantiation: email-verify.c:_gnutls_get_lib_state Unexecuted instantiation: extensions.c:_gnutls_get_lib_state Unexecuted instantiation: hostname-verify.c:_gnutls_get_lib_state Unexecuted instantiation: key_decode.c:_gnutls_get_lib_state Unexecuted instantiation: key_encode.c:_gnutls_get_lib_state Unexecuted instantiation: krb5.c:_gnutls_get_lib_state Unexecuted instantiation: name_constraints.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs12.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs12_bag.c:_gnutls_get_lib_state Unexecuted instantiation: pkcs7-crypt.c:_gnutls_get_lib_state Unexecuted instantiation: privkey_openssl.c:_gnutls_get_lib_state Unexecuted instantiation: privkey_pkcs8.c:_gnutls_get_lib_state Unexecuted instantiation: privkey_pkcs8_pbes1.c:_gnutls_get_lib_state Unexecuted instantiation: prov-seed.c:_gnutls_get_lib_state Unexecuted instantiation: verify-high2.c:_gnutls_get_lib_state Unexecuted instantiation: x509_dn.c:_gnutls_get_lib_state Unexecuted instantiation: x509_write.c:_gnutls_get_lib_state Unexecuted instantiation: rsa.c:_gnutls_get_lib_state Unexecuted instantiation: rsa_psk.c:_gnutls_get_lib_state Unexecuted instantiation: dsa-keygen-fips186.c:_gnutls_get_lib_state Unexecuted instantiation: dsa-validate.c:_gnutls_get_lib_state Unexecuted instantiation: provable-prime.c:_gnutls_get_lib_state Unexecuted instantiation: dh.c:_gnutls_get_lib_state Unexecuted instantiation: vko.c:_gnutls_get_lib_state Unexecuted instantiation: attributes.c:_gnutls_get_lib_state |
56 | | |
57 | | int _gnutls_fips_perform_self_checks1(void); |
58 | | int _gnutls_fips_perform_self_checks2(void); |
59 | | void _gnutls_fips_mode_reset_zombie(void); |
60 | | |
61 | | #ifdef ENABLE_FIPS140 |
62 | | unsigned _gnutls_fips_mode_enabled(void); |
63 | | #else |
64 | 0 | #define _gnutls_fips_mode_enabled() 0 |
65 | | #endif |
66 | | |
67 | | #define HAVE_LIB_ERROR() \ |
68 | 0 | unlikely(_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && \ |
69 | 0 | _gnutls_get_lib_state() != LIB_STATE_SELFTEST) |
70 | | |
71 | | #define FAIL_IF_LIB_ERROR \ |
72 | 0 | if (HAVE_LIB_ERROR()) \ |
73 | 0 | return GNUTLS_E_LIB_IN_ERROR_STATE |
74 | | |
75 | | void _gnutls_switch_lib_state(gnutls_lib_state_t state); |
76 | | |
77 | | void _gnutls_lib_simulate_error(void); |
78 | | void _gnutls_lib_force_operational(void); |
79 | | |
80 | | inline static bool |
81 | | is_mac_algo_hmac_approved_in_fips(gnutls_mac_algorithm_t algo) |
82 | 0 | { |
83 | 0 | switch (algo) { |
84 | 0 | case GNUTLS_MAC_SHA1: |
85 | 0 | case GNUTLS_MAC_SHA256: |
86 | 0 | case GNUTLS_MAC_SHA384: |
87 | 0 | case GNUTLS_MAC_SHA512: |
88 | 0 | case GNUTLS_MAC_SHA224: |
89 | 0 | case GNUTLS_MAC_SHA3_224: |
90 | 0 | case GNUTLS_MAC_SHA3_256: |
91 | 0 | case GNUTLS_MAC_SHA3_384: |
92 | 0 | case GNUTLS_MAC_SHA3_512: |
93 | 0 | return true; |
94 | 0 | default: |
95 | 0 | return false; |
96 | 0 | } |
97 | 0 | } Unexecuted instantiation: crypto-api.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: fips.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ciphers.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: mac.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: hash_int.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cipher_int.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: global.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: random.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: crypto-backend.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cipher.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: mpi.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rnd.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: sysrng-linux.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: priority.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: profiles.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: state.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: secrets.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ocsp.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: output.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: time.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: tls_features.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: verify-high.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: verify.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: virt-san.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509_ext.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: heartbeat.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: session_ticket.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: psk_passwd.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cert_types.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ciphersuites.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: ecc.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: groups.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: kx.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: protocols.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: publickey.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: secparams.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: sign.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pk.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: tls1-prf.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: record.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: handshake-tls13.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: handshake.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cert-cred.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: constate.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: tls-sig.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: cert-cred-x509.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pcert.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pubkey.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: post_handshake.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: common.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: crl.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: crq.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dn.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: email-verify.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: extensions.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: hostname-verify.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: key_decode.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: key_encode.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: krb5.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: name_constraints.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs12.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs12_bag.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey_openssl.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: prov-seed.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: verify-high2.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509_dn.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: x509_write.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rsa.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: rsa_psk.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dsa-validate.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: provable-prime.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: dh.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: vko.c:is_mac_algo_hmac_approved_in_fips Unexecuted instantiation: attributes.c:is_mac_algo_hmac_approved_in_fips |
98 | | |
99 | | inline static bool is_mac_algo_approved_in_fips(gnutls_mac_algorithm_t algo) |
100 | 0 | { |
101 | 0 | if (is_mac_algo_hmac_approved_in_fips(algo)) { |
102 | 0 | return true; |
103 | 0 | } |
104 | | |
105 | 0 | switch (algo) { |
106 | 0 | case GNUTLS_MAC_AES_CMAC_128: |
107 | 0 | case GNUTLS_MAC_AES_CMAC_256: |
108 | 0 | case GNUTLS_MAC_AES_GMAC_128: |
109 | 0 | case GNUTLS_MAC_AES_GMAC_192: |
110 | 0 | case GNUTLS_MAC_AES_GMAC_256: |
111 | 0 | return true; |
112 | 0 | default: |
113 | 0 | return false; |
114 | 0 | } |
115 | 0 | } Unexecuted instantiation: crypto-api.c:is_mac_algo_approved_in_fips Unexecuted instantiation: fips.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ciphers.c:is_mac_algo_approved_in_fips Unexecuted instantiation: mac.c:is_mac_algo_approved_in_fips Unexecuted instantiation: hash_int.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cipher_int.c:is_mac_algo_approved_in_fips Unexecuted instantiation: global.c:is_mac_algo_approved_in_fips Unexecuted instantiation: random.c:is_mac_algo_approved_in_fips Unexecuted instantiation: crypto-backend.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cipher.c:is_mac_algo_approved_in_fips Unexecuted instantiation: mpi.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rnd.c:is_mac_algo_approved_in_fips Unexecuted instantiation: sysrng-linux.c:is_mac_algo_approved_in_fips Unexecuted instantiation: priority.c:is_mac_algo_approved_in_fips Unexecuted instantiation: profiles.c:is_mac_algo_approved_in_fips Unexecuted instantiation: state.c:is_mac_algo_approved_in_fips Unexecuted instantiation: secrets.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ocsp.c:is_mac_algo_approved_in_fips Unexecuted instantiation: output.c:is_mac_algo_approved_in_fips Unexecuted instantiation: time.c:is_mac_algo_approved_in_fips Unexecuted instantiation: tls_features.c:is_mac_algo_approved_in_fips Unexecuted instantiation: verify-high.c:is_mac_algo_approved_in_fips Unexecuted instantiation: verify.c:is_mac_algo_approved_in_fips Unexecuted instantiation: virt-san.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509_ext.c:is_mac_algo_approved_in_fips Unexecuted instantiation: heartbeat.c:is_mac_algo_approved_in_fips Unexecuted instantiation: session_ticket.c:is_mac_algo_approved_in_fips Unexecuted instantiation: psk_passwd.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cert_types.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ciphersuites.c:is_mac_algo_approved_in_fips Unexecuted instantiation: ecc.c:is_mac_algo_approved_in_fips Unexecuted instantiation: groups.c:is_mac_algo_approved_in_fips Unexecuted instantiation: kx.c:is_mac_algo_approved_in_fips Unexecuted instantiation: protocols.c:is_mac_algo_approved_in_fips Unexecuted instantiation: publickey.c:is_mac_algo_approved_in_fips Unexecuted instantiation: secparams.c:is_mac_algo_approved_in_fips Unexecuted instantiation: sign.c:is_mac_algo_approved_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_mac_algo_approved_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pk.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_mac_algo_approved_in_fips Unexecuted instantiation: tls1-prf.c:is_mac_algo_approved_in_fips Unexecuted instantiation: record.c:is_mac_algo_approved_in_fips Unexecuted instantiation: handshake-tls13.c:is_mac_algo_approved_in_fips Unexecuted instantiation: handshake.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cert-cred.c:is_mac_algo_approved_in_fips Unexecuted instantiation: constate.c:is_mac_algo_approved_in_fips Unexecuted instantiation: tls-sig.c:is_mac_algo_approved_in_fips Unexecuted instantiation: cert-cred-x509.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pcert.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pubkey.c:is_mac_algo_approved_in_fips Unexecuted instantiation: post_handshake.c:is_mac_algo_approved_in_fips Unexecuted instantiation: common.c:is_mac_algo_approved_in_fips Unexecuted instantiation: crl.c:is_mac_algo_approved_in_fips Unexecuted instantiation: crq.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dn.c:is_mac_algo_approved_in_fips Unexecuted instantiation: email-verify.c:is_mac_algo_approved_in_fips Unexecuted instantiation: extensions.c:is_mac_algo_approved_in_fips Unexecuted instantiation: hostname-verify.c:is_mac_algo_approved_in_fips Unexecuted instantiation: key_decode.c:is_mac_algo_approved_in_fips Unexecuted instantiation: key_encode.c:is_mac_algo_approved_in_fips Unexecuted instantiation: krb5.c:is_mac_algo_approved_in_fips Unexecuted instantiation: name_constraints.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs12.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs12_bag.c:is_mac_algo_approved_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey_openssl.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_mac_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_mac_algo_approved_in_fips Unexecuted instantiation: prov-seed.c:is_mac_algo_approved_in_fips Unexecuted instantiation: verify-high2.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509_dn.c:is_mac_algo_approved_in_fips Unexecuted instantiation: x509_write.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rsa.c:is_mac_algo_approved_in_fips Unexecuted instantiation: rsa_psk.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dsa-validate.c:is_mac_algo_approved_in_fips Unexecuted instantiation: provable-prime.c:is_mac_algo_approved_in_fips Unexecuted instantiation: dh.c:is_mac_algo_approved_in_fips Unexecuted instantiation: vko.c:is_mac_algo_approved_in_fips Unexecuted instantiation: attributes.c:is_mac_algo_approved_in_fips |
116 | | |
117 | | inline static bool is_mac_algo_allowed_in_fips(gnutls_mac_algorithm_t algo) |
118 | 0 | { |
119 | 0 | return is_mac_algo_approved_in_fips(algo); |
120 | 0 | } Unexecuted instantiation: crypto-api.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: fips.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ciphers.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: mac.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: hash_int.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cipher_int.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: global.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: random.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crypto-backend.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cipher.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: mpi.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rnd.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: sysrng-linux.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: priority.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: profiles.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: state.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: secrets.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ocsp.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: output.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: time.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: tls_features.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: verify-high.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: verify.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: virt-san.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509_ext.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: heartbeat.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: session_ticket.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: psk_passwd.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cert_types.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ciphersuites.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: ecc.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: groups.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: kx.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: protocols.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: publickey.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: secparams.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: sign.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pk.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: tls1-prf.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: record.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: handshake-tls13.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: handshake.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cert-cred.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: constate.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: tls-sig.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: cert-cred-x509.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pcert.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pubkey.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: post_handshake.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: common.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crl.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: crq.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dn.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: email-verify.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: extensions.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: hostname-verify.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: key_decode.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: key_encode.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: krb5.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: name_constraints.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs12.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs12_bag.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey_openssl.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: prov-seed.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: verify-high2.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509_dn.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: x509_write.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rsa.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: rsa_psk.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dsa-validate.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: provable-prime.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: dh.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: vko.c:is_mac_algo_allowed_in_fips Unexecuted instantiation: attributes.c:is_mac_algo_allowed_in_fips |
121 | | |
122 | | inline static bool |
123 | | is_cipher_algo_approved_in_fips(gnutls_cipher_algorithm_t algo) |
124 | 0 | { |
125 | 0 | switch (algo) { |
126 | 0 | case GNUTLS_CIPHER_AES_128_CBC: |
127 | 0 | case GNUTLS_CIPHER_AES_256_CBC: |
128 | 0 | case GNUTLS_CIPHER_AES_192_CBC: |
129 | 0 | case GNUTLS_CIPHER_AES_128_CCM: |
130 | 0 | case GNUTLS_CIPHER_AES_256_CCM: |
131 | 0 | case GNUTLS_CIPHER_AES_128_CCM_8: |
132 | 0 | case GNUTLS_CIPHER_AES_256_CCM_8: |
133 | 0 | case GNUTLS_CIPHER_AES_128_CFB8: |
134 | 0 | case GNUTLS_CIPHER_AES_192_CFB8: |
135 | 0 | case GNUTLS_CIPHER_AES_256_CFB8: |
136 | 0 | case GNUTLS_CIPHER_AES_128_XTS: |
137 | 0 | case GNUTLS_CIPHER_AES_256_XTS: |
138 | 0 | return true; |
139 | 0 | default: |
140 | 0 | return false; |
141 | 0 | } |
142 | 0 | } Unexecuted instantiation: crypto-api.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: fips.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ciphers.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: mac.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: hash_int.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cipher_int.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: global.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: random.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: crypto-backend.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cipher.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: mpi.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rnd.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: sysrng-linux.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: priority.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: profiles.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: state.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: secrets.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ocsp.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: output.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: time.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: tls_features.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: verify-high.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: verify.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: virt-san.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509_ext.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: heartbeat.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: session_ticket.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: psk_passwd.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cert_types.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ciphersuites.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: ecc.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: groups.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: kx.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: protocols.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: publickey.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: secparams.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: sign.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pk.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: tls1-prf.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: record.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: handshake-tls13.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: handshake.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cert-cred.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: constate.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: tls-sig.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: cert-cred-x509.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pcert.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pubkey.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: post_handshake.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: common.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: crl.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: crq.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dn.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: email-verify.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: extensions.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: hostname-verify.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: key_decode.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: key_encode.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: krb5.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: name_constraints.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs12.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs12_bag.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey_openssl.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: prov-seed.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: verify-high2.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509_dn.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: x509_write.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rsa.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: rsa_psk.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dsa-validate.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: provable-prime.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: dh.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: vko.c:is_cipher_algo_approved_in_fips Unexecuted instantiation: attributes.c:is_cipher_algo_approved_in_fips |
143 | | |
144 | | inline static bool |
145 | | is_cipher_algo_allowed_in_fips(gnutls_cipher_algorithm_t algo) |
146 | 0 | { |
147 | 0 | if (is_cipher_algo_approved_in_fips(algo)) { |
148 | 0 | return true; |
149 | 0 | } |
150 | 0 |
|
151 | 0 | /* GCM is only approved in TLS */ |
152 | 0 | switch (algo) { |
153 | 0 | case GNUTLS_CIPHER_AES_128_GCM: |
154 | 0 | case GNUTLS_CIPHER_AES_192_GCM: |
155 | 0 | case GNUTLS_CIPHER_AES_256_GCM: |
156 | 0 | return true; |
157 | 0 | default: |
158 | 0 | return false; |
159 | 0 | } |
160 | 0 | } Unexecuted instantiation: crypto-api.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: fips.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ciphers.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: mac.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: hash_int.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cipher_int.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: global.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: random.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crypto-backend.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cipher.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: mpi.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rnd-fuzzer.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rnd.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: sysrng-linux.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: priority.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: profiles.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: state.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: secrets.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ocsp.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: output.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: time.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: tls_features.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: verify-high.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: verify.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: virt-san.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509_ext.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: heartbeat.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: session_ticket.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: psk_passwd.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cert_types.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ciphersuites.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: ecc.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: groups.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: kx.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: protocols.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: publickey.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: secparams.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: sign.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: aes-ccm-x86-aesni.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: aes-xts-x86-aesni.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pk.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rsa-keygen-fips186.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: tls1-prf.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: record.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: handshake-tls13.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: handshake.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cert-cred.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: constate.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: tls-sig.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: cert-cred-x509.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pcert.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pubkey.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: post_handshake.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: common.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crl.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: crq.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dn.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: email-verify.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: extensions.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: hostname-verify.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: key_decode.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: key_encode.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: krb5.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: name_constraints.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs12.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs12_bag.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: pkcs7-crypt.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey_openssl.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: privkey_pkcs8_pbes1.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: prov-seed.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: verify-high2.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509_dn.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: x509_write.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rsa.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: rsa_psk.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dsa-keygen-fips186.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dsa-validate.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: provable-prime.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: dh.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: vko.c:is_cipher_algo_allowed_in_fips Unexecuted instantiation: attributes.c:is_cipher_algo_allowed_in_fips |
161 | | |
162 | | #ifdef ENABLE_FIPS140 |
163 | | /* This will test the condition when in FIPS140-2 mode |
164 | | * and return an error if necessary or ignore */ |
165 | | #define FIPS_RULE(condition, ret_error, ...) \ |
166 | | { \ |
167 | | gnutls_fips_mode_t _mode = _gnutls_fips_mode_enabled(); \ |
168 | | if (_mode != GNUTLS_FIPS140_DISABLED) { \ |
169 | | if (condition) { \ |
170 | | if (_mode == GNUTLS_FIPS140_LOG) { \ |
171 | | _gnutls_audit_log( \ |
172 | | NULL, \ |
173 | | "fips140-2: allowing " __VA_ARGS__); \ |
174 | | } else if (_mode != GNUTLS_FIPS140_LAX) { \ |
175 | | _gnutls_debug_log( \ |
176 | | "fips140-2: disallowing " __VA_ARGS__); \ |
177 | | return ret_error; \ |
178 | | } \ |
179 | | } \ |
180 | | } \ |
181 | | } |
182 | | |
183 | | inline static bool is_mac_algo_allowed(gnutls_mac_algorithm_t algo) |
184 | | { |
185 | | gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled(); |
186 | | if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST && |
187 | | !is_mac_algo_allowed_in_fips(algo)) { |
188 | | switch (mode) { |
189 | | case GNUTLS_FIPS140_LOG: |
190 | | _gnutls_audit_log(NULL, |
191 | | "fips140-2: allowing access to %s\n", |
192 | | gnutls_mac_get_name(algo)); |
193 | | FALLTHROUGH; |
194 | | case GNUTLS_FIPS140_DISABLED: |
195 | | case GNUTLS_FIPS140_LAX: |
196 | | return true; |
197 | | default: |
198 | | return false; |
199 | | } |
200 | | } |
201 | | |
202 | | return true; |
203 | | } |
204 | | |
205 | | inline static bool is_cipher_algo_allowed(gnutls_cipher_algorithm_t algo) |
206 | | { |
207 | | gnutls_fips_mode_t mode = _gnutls_fips_mode_enabled(); |
208 | | if (_gnutls_get_lib_state() != LIB_STATE_SELFTEST && |
209 | | !is_cipher_algo_allowed_in_fips(algo)) { |
210 | | switch (mode) { |
211 | | case GNUTLS_FIPS140_LOG: |
212 | | _gnutls_audit_log(NULL, |
213 | | "fips140-2: allowing access to %s\n", |
214 | | gnutls_cipher_get_name(algo)); |
215 | | FALLTHROUGH; |
216 | | case GNUTLS_FIPS140_DISABLED: |
217 | | case GNUTLS_FIPS140_LAX: |
218 | | return true; |
219 | | default: |
220 | | return false; |
221 | | } |
222 | | } |
223 | | |
224 | | return true; |
225 | | } |
226 | | #else |
227 | 0 | #define is_mac_algo_allowed(x) true |
228 | 0 | #define is_cipher_algo_allowed(x) true |
229 | | #define FIPS_RULE(condition, ret_error, ...) |
230 | | #endif |
231 | | |
232 | | #endif /* GNUTLS_LIB_FIPS_H */ |