From 66ad63e80198800ad94e4e4168a6b9b6a7c0fcd4 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 28 May 2019 11:25:08 +0100 Subject: [PATCH] Make basic AES ciphers available from within the FIPS providers These ciphers were already provider aware, and were available from the default provider. We move them into the FIPS provider too. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9038) --- crypto/aes/build.info | 4 ++++ crypto/modes/build.info | 4 ++++ providers/common/ciphers/build.info | 3 +++ providers/fips/fipsprov.c | 18 ++++++++++++++++-- 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/crypto/aes/build.info b/crypto/aes/build.info index 1aa7a18dfb..d0801de94c 100644 --- a/crypto/aes/build.info +++ b/crypto/aes/build.info @@ -3,6 +3,10 @@ SOURCE[../../libcrypto]=\ aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \ aes_ige.c aes_wrap.c {- $target{aes_asm_src} -} +SOURCE[../../providers/fips]=\ + aes_misc.c aes_ecb.c \ + {- $target{aes_asm_src} -} + GENERATE[aes-ia64.s]=asm/aes-ia64.S GENERATE[aes-586.s]=asm/aes-586.pl \ diff --git a/crypto/modes/build.info b/crypto/modes/build.info index f015a4c302..d0a8e6935c 100644 --- a/crypto/modes/build.info +++ b/crypto/modes/build.info @@ -4,6 +4,10 @@ SOURCE[../../libcrypto]=\ ccm128.c xts128.c wrap128.c ocb128.c siv128.c \ {- $target{modes_asm_src} -} +SOURCE[../../providers/fips]=\ + cbc128.c ctr128.c cfb128.c ofb128.c \ + {- $target{modes_asm_src} -} + INCLUDE[gcm128.o]=.. GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS) diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info index f4ff2ce875..b8c3172032 100644 --- a/providers/common/ciphers/build.info +++ b/providers/common/ciphers/build.info @@ -2,3 +2,6 @@ LIBS=../../../libcrypto SOURCE[../../../libcrypto]=\ block.c aes.c aes_basic.c INCLUDE[../../../libcrypto]=. ../../../crypto + +SOURCE[../../fips]=\ + block.c aes.c aes_basic.c diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 7842f90f76..37d7c5b3ed 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -20,6 +20,7 @@ #include "internal/cryptlib.h" #include "internal/property.h" #include "internal/evp_int.h" +#include "internal/provider_algs.h" /* Functions provided by the core */ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; @@ -92,13 +93,24 @@ static int fips_get_params(const OSSL_PROVIDER *prov, return 1; } -extern const OSSL_DISPATCH sha256_functions[]; - static const OSSL_ALGORITHM fips_digests[] = { { "SHA256", "fips=yes", sha256_functions }, { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM fips_ciphers[] = { + { "AES-256-ECB", "fips=yes", aes256ecb_functions }, + { "AES-192-ECB", "fips=yes", aes192ecb_functions }, + { "AES-128-ECB", "fips=yes", aes128ecb_functions }, + { "AES-256-CBC", "fips=yes", aes256cbc_functions }, + { "AES-192-CBC", "fips=yes", aes192cbc_functions }, + { "AES-128-CBC", "fips=yes", aes128cbc_functions }, + { "AES-256-CTR", "fips=yes", aes256ctr_functions }, + { "AES-192-CTR", "fips=yes", aes192ctr_functions }, + { "AES-128-CTR", "fips=yes", aes128ctr_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, int operation_id, int *no_cache) @@ -107,6 +119,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, switch (operation_id) { case OSSL_OP_DIGEST: return fips_digests; + case OSSL_OP_CIPHER: + return fips_ciphers; } return NULL; } -- 2.25.1