Create a FIPS provider and put SHA256 in it (9efa0ae0) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/build.info

+5 −0

Original line number	Diff line number	Diff line
		@@ -21,6 +21,11 @@ SOURCE[../libcrypto]=\
		trace.c provider.c params.c \
		{- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -}

		# FIPS module
		SOURCE[../providers/fips]=\
		cryptlib.c mem.c mem_clr.c params.c


		DEPEND[cversion.o]=buildinf.h
		GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
		DEPEND[buildinf.h]=../configdata.pm

crypto/mem.c

+6 −6

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@
		#include <stdlib.h>
		#include <limits.h>
		#include <openssl/crypto.h>
		#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
		#if !defined(OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE) && !defined(FIPS_MODE)
		# include <execinfo.h>
		#endif

		@@ -30,7 +30,7 @@ static void (realloc_impl)(void , size_t, const char , int)
		static void (free_impl)(void , const char *, int)
		= CRYPTO_free;

		#ifndef OPENSSL_NO_CRYPTO_MDEBUG
		#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
		# include "internal/tsan_assist.h"

		static TSAN_QUALIFIER int malloc_count;
		@@ -94,7 +94,7 @@ void CRYPTO_get_mem_functions(
		*f = free_impl;
		}

		#ifndef OPENSSL_NO_CRYPTO_MDEBUG
		#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
		void CRYPTO_get_alloc_counts(int mcount, int rcount, int *fcount)
		{
		if (mcount != NULL)
		@@ -209,7 +209,7 @@ void CRYPTO_malloc(size_t num, const char file, int line)
		*/
		allow_customize = 0;
		}
		#ifndef OPENSSL_NO_CRYPTO_MDEBUG
		#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
		if (call_malloc_debug) {
		CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
		ret = malloc(num);
		@@ -250,7 +250,7 @@ void CRYPTO_realloc(void str, size_t num, const char *file, int line)
		return NULL;
		}

		#ifndef OPENSSL_NO_CRYPTO_MDEBUG
		#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
		if (call_malloc_debug) {
		void *ret;
		CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
		@@ -300,7 +300,7 @@ void CRYPTO_free(void str, const char file, int line)
		return;
		}

		#ifndef OPENSSL_NO_CRYPTO_MDEBUG
		#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODE)
		if (call_malloc_debug) {
		CRYPTO_mem_debug_free(str, 0, file, line);
		free(str);

crypto/params.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -348,6 +348,13 @@ OSSL_PARAM OSSL_PARAM_construct_size_t(const char key, size_t buf,
		return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf,
		sizeof(size_t), rsize); }

		#ifndef FIPS_MODE
		/*
		* TODO(3.0): Make this available in FIPS mode.
		*
		* Temporarily we don't include these functions in FIPS mode to avoid pulling
		* in the entire BN sub-library into the module at this point.
		*/
		int OSSL_PARAM_get_BN(const OSSL_PARAM p, BIGNUM *val)
		{
		BIGNUM *b;
		@@ -387,6 +394,7 @@ OSSL_PARAM OSSL_PARAM_construct_BN(const char key, unsigned char buf,
		return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER,
		buf, bsize, rsize);
		}
		#endif

		int OSSL_PARAM_get_double(const OSSL_PARAM p, double val)
		{

crypto/sha/build.info

+2 −0

Original line number	Diff line number	Diff line
		@@ -3,6 +3,8 @@ SOURCE[../../libcrypto]=\
		sha1dgst.c sha1_one.c sha256.c sha512.c {- $target{sha1_asm_src} -} \
		{- $target{keccak1600_asm_src} -}

		SOURCE[../../providers/fips]= sha256.c

		GENERATE[sha1-586.s]=asm/sha1-586.pl \
		$(PERLASM_SCHEME) $(LIB_CFLAGS) $(LIB_CPPFLAGS) $(PROCESSOR)
		DEPEND[sha1-586.s]=../perlasm/x86asm.pl

providers/build.info

+11 −0

Original line number	Diff line number	Diff line
		SUBDIRS=common default

		IF[{- !$disabled{fips} -}]
		SUBDIRS=fips
		MODULES=fips
		IF[{- defined $target{shared_defflag} -}]
		SOURCE[fips]=fips.ld
		GENERATE[fips.ld]=../util/providers.num
		ENDIF
		INCLUDE[fips]=.. ../include ../crypto/include
		DEFINE[fips]=FIPS_MODE
		ENDIF