#ifndef OPENSSL_NO_EC
/* Do some dummy EC calls */
- key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
+ key = EC_KEY_new_by_curve_name_with_libctx(libctx, NULL, NID_X9_62_prime256v1);
if (key == NULL)
goto err;
{ "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
{ "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
- /* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */
- { "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions },
+ { "SHAKE-128:SHAKE128", "provider=fips,fips=yes", shake_128_functions },
+ { "SHAKE-256:SHAKE256", "provider=fips,fips=yes", shake_256_functions },
+
+ /*
+ * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
+ * KMAC128 and KMAC256.
+ */
+ { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes",
+ keccak_kmac_128_functions },
+ { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes",
+ keccak_kmac_256_functions },
{ NULL, NULL, NULL }
};
static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
static const OSSL_ALGORITHM fips_macs[] = {
+#ifndef OPENSSL_NO_CMAC
+ { "CMAC", "provider=fips,fips=yes", cmac_functions },
+#endif
{ "GMAC", "provider=fips,fips=yes", gmac_functions },
{ "HMAC", "provider=fips,fips=yes", hmac_functions },
+ { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
+ { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
{ NULL, NULL, NULL }
};
{ "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
{ "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
{ "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
+ { "SSHKDF", "provider=fips,fips=yes", kdf_sshkdf_functions },
+ { "X963KDF", "provider=fips,fips=yes", kdf_x963_kdf_functions },
{ "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
+ { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
+ { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM fips_rands[] = {
+ { "CTR-DRBG", "provider=fips", drbg_ctr_functions },
+ { "HASH-DRBG", "provider=fips", drbg_hash_functions },
+ { "HMAC-DRBG", "provider=fips", drbg_hmac_functions },
+ { "TEST-RAND", "provider=fips", test_rng_functions },
{ NULL, NULL, NULL }
};
{ "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
#endif
{ "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
- { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions },
+ { "RSA-PSS:RSASSA-PSS", "provider=fips,fips=yes",
+ rsapss_keymgmt_functions },
#ifndef OPENSSL_NO_EC
{ "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
{ "X25519", "provider=fips,fips=no", x25519_keymgmt_functions },
return fips_macs;
case OSSL_OP_KDF:
return fips_kdfs;
+ case OSSL_OP_RAND:
+ return fips_rands;
case OSSL_OP_KEYMGMT:
return fips_keymgmt;
case OSSL_OP_KEYEXCH:
{ OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
{ OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
+ { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))provider_get_capabilities },
{ 0, NULL }
};