Commit 66ad63e8 authored by Matt Caswell's avatar Matt Caswell
Browse files

Make basic AES ciphers available from within the FIPS providers 



These ciphers were already provider aware, and were available from the
default provider. We move them into the FIPS provider too.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)
parent a77b4dba

crypto/aes/build.info

+4 −0
Original line number Diff line number Diff line
@@ -3,6 +3,10 @@ SOURCE[../../libcrypto]=\ 
        aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \

        aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}



SOURCE[../../providers/fips]=\

        aes_misc.c aes_ecb.c \

        {- $target{aes_asm_src} -}



GENERATE[aes-ia64.s]=asm/aes-ia64.S



GENERATE[aes-586.s]=asm/aes-586.pl \

crypto/modes/build.info

+4 −0
Original line number Diff line number Diff line
@@ -4,6 +4,10 @@ SOURCE[../../libcrypto]=\ 
        ccm128.c xts128.c wrap128.c ocb128.c siv128.c \

        {- $target{modes_asm_src} -}



SOURCE[../../providers/fips]=\

        cbc128.c ctr128.c cfb128.c ofb128.c \

        {- $target{modes_asm_src} -}



INCLUDE[gcm128.o]=..



GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)

providers/common/ciphers/build.info

+3 −0
Original line number Diff line number Diff line
@@ -2,3 +2,6 @@ LIBS=../../../libcrypto 
SOURCE[../../../libcrypto]=\

        block.c aes.c aes_basic.c

INCLUDE[../../../libcrypto]=. ../../../crypto



SOURCE[../../fips]=\

        block.c aes.c aes_basic.c

providers/fips/fipsprov.c

+16 −2
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include "internal/cryptlib.h"

#include "internal/property.h"

#include "internal/evp_int.h"

#include "internal/provider_algs.h"



/* Functions provided by the core */

static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
@@ -92,13 +93,24 @@ static int fips_get_params(const OSSL_PROVIDER *prov, 
    return 1;

}



extern const OSSL_DISPATCH sha256_functions[];



static const OSSL_ALGORITHM fips_digests[] = {

    { "SHA256", "fips=yes", sha256_functions },

    { NULL, NULL, NULL }

};



static const OSSL_ALGORITHM fips_ciphers[] = {

    { "AES-256-ECB", "fips=yes", aes256ecb_functions },

    { "AES-192-ECB", "fips=yes", aes192ecb_functions },

    { "AES-128-ECB", "fips=yes", aes128ecb_functions },

    { "AES-256-CBC", "fips=yes", aes256cbc_functions },

    { "AES-192-CBC", "fips=yes", aes192cbc_functions },

    { "AES-128-CBC", "fips=yes", aes128cbc_functions },

    { "AES-256-CTR", "fips=yes", aes256ctr_functions },

    { "AES-192-CTR", "fips=yes", aes192ctr_functions },

    { "AES-128-CTR", "fips=yes", aes128ctr_functions },

    { NULL, NULL, NULL }

};



static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,

                                         int operation_id,

                                         int *no_cache)
@@ -107,6 +119,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, 
    switch (operation_id) {

    case OSSL_OP_DIGEST:

        return fips_digests;

    case OSSL_OP_CIPHER:

        return fips_ciphers;

    }

    return NULL;

}