Make basic AES ciphers available from within the FIPS providers
authorMatt Caswell <matt@openssl.org>
Tue, 28 May 2019 10:25:08 +0000 (11:25 +0100)
committerMatt Caswell <matt@openssl.org>
Mon, 3 Jun 2019 11:56:53 +0000 (12:56 +0100)
These ciphers were already provider aware, and were available from the
default provider. We move them into the FIPS provider too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

crypto/aes/build.info
crypto/modes/build.info
providers/common/ciphers/build.info
providers/fips/fipsprov.c

index 1aa7a18..d0801de 100644 (file)
@@ -3,6 +3,10 @@ SOURCE[../../libcrypto]=\
         aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \
         aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}
 
         aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \
         aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}
 
+SOURCE[../../providers/fips]=\
+        aes_misc.c aes_ecb.c \
+        {- $target{aes_asm_src} -}
+
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
 GENERATE[aes-586.s]=asm/aes-586.pl \
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
 GENERATE[aes-586.s]=asm/aes-586.pl \
index f015a4c..d0a8e69 100644 (file)
@@ -4,6 +4,10 @@ SOURCE[../../libcrypto]=\
         ccm128.c xts128.c wrap128.c ocb128.c siv128.c \
         {- $target{modes_asm_src} -}
 
         ccm128.c xts128.c wrap128.c ocb128.c siv128.c \
         {- $target{modes_asm_src} -}
 
+SOURCE[../../providers/fips]=\
+        cbc128.c ctr128.c cfb128.c ofb128.c \
+        {- $target{modes_asm_src} -}
+
 INCLUDE[gcm128.o]=..
 
 GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
 INCLUDE[gcm128.o]=..
 
 GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
index f4ff2ce..b8c3172 100644 (file)
@@ -2,3 +2,6 @@ LIBS=../../../libcrypto
 SOURCE[../../../libcrypto]=\
         block.c aes.c aes_basic.c
 INCLUDE[../../../libcrypto]=. ../../../crypto
 SOURCE[../../../libcrypto]=\
         block.c aes.c aes_basic.c
 INCLUDE[../../../libcrypto]=. ../../../crypto
+
+SOURCE[../../fips]=\
+        block.c aes.c aes_basic.c
index 7842f90..37d7c5b 100644 (file)
@@ -20,6 +20,7 @@
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
+#include "internal/provider_algs.h"
 
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
 
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
@@ -92,13 +93,24 @@ static int fips_get_params(const OSSL_PROVIDER *prov,
     return 1;
 }
 
     return 1;
 }
 
-extern const OSSL_DISPATCH sha256_functions[];
-
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA256", "fips=yes", sha256_functions },
     { NULL, NULL, NULL }
 };
 
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA256", "fips=yes", sha256_functions },
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM fips_ciphers[] = {
+    { "AES-256-ECB", "fips=yes", aes256ecb_functions },
+    { "AES-192-ECB", "fips=yes", aes192ecb_functions },
+    { "AES-128-ECB", "fips=yes", aes128ecb_functions },
+    { "AES-256-CBC", "fips=yes", aes256cbc_functions },
+    { "AES-192-CBC", "fips=yes", aes192cbc_functions },
+    { "AES-128-CBC", "fips=yes", aes128cbc_functions },
+    { "AES-256-CTR", "fips=yes", aes256ctr_functions },
+    { "AES-192-CTR", "fips=yes", aes192ctr_functions },
+    { "AES-128-CTR", "fips=yes", aes128ctr_functions },
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
                                          int operation_id,
                                          int *no_cache)
 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
                                          int operation_id,
                                          int *no_cache)
@@ -107,6 +119,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
     switch (operation_id) {
     case OSSL_OP_DIGEST:
         return fips_digests;
     switch (operation_id) {
     case OSSL_OP_DIGEST:
         return fips_digests;
+    case OSSL_OP_CIPHER:
+        return fips_ciphers;
     }
     return NULL;
 }
     }
     return NULL;
 }