From a4228740f565e7dc50fec1bfd3471ddf07ace942 Mon Sep 17 00:00:00 2001
From: toddouska <todd@wolfssl.com>
Date: Tue, 28 Oct 2014 14:21:55 -0700
Subject: [PATCH] add FIPS pos errors and messages, better output for in core
 check and how to fix

---
 ctaocrypt/src/error.c          | 18 ++++++++++++++++++
 ctaocrypt/test/test.c          |  7 +++++++
 cyassl/ctaocrypt/error-crypt.h |  7 +++++++
 3 files changed, 32 insertions(+)

diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c
index f8d6a9e2f..1d47525f9 100644
--- a/ctaocrypt/src/error.c
+++ b/ctaocrypt/src/error.c
@@ -286,6 +286,24 @@ const char* CTaoCryptGetErrorString(int error)
     case LENGTH_ONLY_E:
         return "Output length only set, not for other use error";
 
+    case IN_CORE_FIPS_E:
+        return "In Core Integrity check FIPS error";
+
+    case AES_KAT_FIPS_E:
+        return "AES Known Answer Test check FIPS error";
+
+    case DES3_KAT_FIPS_E:
+        return "DES3 Known Answer Test check FIPS error";
+
+    case HMAC_KAT_FIPS_E:
+        return "HMAC Known Answer Test check FIPS error";
+
+    case RSA_KAT_FIPS_E:
+        return "RSA Known Answer Test check FIPS error";
+
+    case DRBG_KAT_FIPS_E:
+        return "DRBG Known Answer Test check FIPS error";
+
     default:
         return "unknown error number";
 
diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c
index 089dcd594..58cf4620e 100644
--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
@@ -58,6 +58,7 @@
 #include <cyassl/ctaocrypt/chacha.h>
 #include <cyassl/ctaocrypt/pwdbased.h>
 #include <cyassl/ctaocrypt/ripemd.h>
+#include <cyassl/ctaocrypt/error-crypt.h>
 #ifdef HAVE_ECC
     #include <cyassl/ctaocrypt/ecc.h>
 #endif
@@ -215,7 +216,13 @@ typedef struct func_args {
 static void myFipsCb(int ok, int err, const char* hash)
 {
     printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
+    printf("message = %s\n", CTaoCryptGetErrorString(err));
     printf("hash = %s\n", hash);
+
+    if (err == IN_CORE_FIPS_E) {
+        printf("In core integrity hash check failure, copy above hash\n");
+        printf("into verifyCore[] in fips_test.c and rebuild\n");
+    }
 }
 
 #endif /* HAVE_FIPS */
diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h
index 7ec1e96a1..11b274692 100644
--- a/cyassl/ctaocrypt/error-crypt.h
+++ b/cyassl/ctaocrypt/error-crypt.h
@@ -130,6 +130,13 @@ enum {
     RSA_PAD_E           = -201,  /* RSA Padding Error */
     LENGTH_ONLY_E       = -202,  /* Returning output length only */
 
+    IN_CORE_FIPS_E      = -203,  /* In Core Integrity check failure */
+    AES_KAT_FIPS_E      = -204,  /* AES KAT failure */
+    DES3_KAT_FIPS_E     = -205,  /* AES KAT failure */
+    HMAC_KAT_FIPS_E     = -206,  /* HMAC KAT failure */
+    RSA_KAT_FIPS_E      = -207,  /* RSA KAT failure */
+    DRBG_KAT_FIPS_E     = -208,  /* HASH DRBG KAT failure */
+
     MIN_CODE_E          = -300   /* errors -101 - -299 */
 };