summaryrefslogtreecommitdiff
path: root/providers/fips
Commit message (Collapse)AuthorAgeFilesLines
* fips: make EdDSA unapproved for FIPSPauli2023-01-131-8/+9
| | | | | | | | | | Likewise for the related ECX key exchanges. NIST is mandating this until FIPS 186-5 is finalised. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20020)
* aes: add AES-GCM-SIV modes to the FIPS providerPauli2022-11-301-0/+5
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19777)
* Cleanup : directly include of `internal/nelem.h` when required.FdaSilvaYY2022-11-231-0/+1
| | | | | | | | And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721)
* Put 3DES back into the FIPS provider as a non-approved algorithmPauli2022-11-101-1/+9
| | | | | | | | | This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19631)
* fips: verify that the RNG was restored after the self testsPauli2022-11-021-0/+14
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
* Update FIPS KATs for 140-3Pauli2022-11-023-33/+266
| | | | | | | | | | | Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
* Remove DES cipher from the FIPS providerPauli2022-11-021-4/+0
| | | | | | | | | | | Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
* Use RSA CRT parameters in FIPS self tests.slontis2022-10-271-5/+5
| | | | | | | | | | | | Fixes #19488 Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests. The invalid names cause CRT parameters to be silently ignored. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19501)
* Updating ifdefs to account for xlclang compiler frontend on AIX.Rob Mc Gee2022-08-011-2/+2
| | | | | | | | | | | The fallback DEP works fine there. XLC should be unaffected. CLA: trivial Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18892)
* Fix check of EVP_CIPHER_CTX_ctrlPeiwei Hu2022-05-241-4/+4
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
* strcasecmp: implement strcasecmp and strncasecmpPauli2022-05-231-3/+0
| | | | | | | | | | | | Rather than relying on the locale code working, instead implement these functions directly. Fixes #18322 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18344)
* Avoid code duplication for locale initializationTomas Mraz2022-05-131-46/+3
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18282)
* Fix build on OPENSSL_SYS_TANDEM and older POSIXesTomas Mraz2022-05-131-12/+22
| | | | | | | | | | | It also allows for passing -DOPENSSL_NO_LOCALE as a workaround to ./Configure command. Fixes #18233 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18282)
* Update copyright yearMatt Caswell2022-05-033-3/+3
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Prefer GNU library initialization mechanism over platform oneJon Spillett2022-04-271-6/+7
| | | | | | | | If GNU toolchain is used, use the __attribute__((constructor)) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18147)
* FIPS provider modificationsDmitry Belyavskiy2022-04-221-0/+37
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATAHugo Landau2022-04-011-19/+8
| | | | | | | | | | | | | This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized eagerly rather than lazily, which avoids the need for locking on access in most cases. Fixes #17116. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17881)
* Move e_os.h to include/internalRichard Levitte2022-02-051-1/+1
| | | | | | | | | | | | Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
* Avoid using a macro expansion in a macro when statically initialisingPauli2022-01-131-3/+9
| | | | | | | | | Circumvents a problem with ancient PA-RISC compilers on HP/UX. Fixes #17477 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17478)
* Fix a bug in signature self tests in the FIPS moduleMatt Caswell2021-10-221-1/+1
| | | | | | | | When calling EVP_PKEY_sign(), the size of the signature buffer must be passed in *siglen. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
* Add the self test type OSSL_SELF_TEST_TYPE_PCT_SIGNATUREslontis2021-08-311-1/+5
| | | | | | | | | | | | Fixes #16457 The ECDSA and DSA signature tests use Pairwise tests instead of KATS. Note there is a seperate type used by the keygen for conditional Pairwise Tests. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16461)
* fips: add power up test for TLS 1.3 KDFPauli2021-08-051-0/+64
| | | | | | | | | | The power up known answer test for the TLS 1.3 KDF does just the first step to derive the "client_early_traffic_secret" using the two modes of the KDF. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
* provider: add TLS13_KDF to the default and FIPS providersPauli2021-08-051-0/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
* Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS moduleMatt Caswell2021-07-281-0/+1
| | | | | | | | | | Ensure we free the OSSL_LIB_CTX on the error path. Fixes #16163 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16168)
* Change self test for AES_CGM to perform both an encrypt and decrypt.Shane Lontis2021-06-221-1/+1
| | | | | | | | | | | This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and decrypt. (This makes no logical sense since this is not an inverse cipher). I have left the AES_ECB decrypt test in (although it may not be needed) since it is actually testing the inverse cipher case. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15844)
* aix64-gcc target: Fix build breakage with enable-fipsTomas Mraz2021-06-181-2/+0
| | | | | | | | | Fixes #15804 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15807)
* Add self test for ECDSA using curve with a binary fieldShane Lontis2021-06-171-8/+45
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15794)
* Fix AIX FIPS DEP.Shane Lontis2021-06-081-1/+15
| | | | | | | | | | | The entry point needs the option 'binitfini', but it was not being added since the perl code to detect the match did not work. The entry point for AIX is no longer static - so a wrapper has been added to call the static version. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15636)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-011-1/+1
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* fips: set the library context and handle laterPauli2021-05-291-2/+3
| | | | | | | | | | | They need to be set once the provider will definitely be loading. If they are set earlier, a double free results on a failure. Fixes #15452 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15492)
* Use "" for include internal/xxxRich Salz2021-05-271-2/+2
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15468)
* Add fipsinstall option to run self test KATS on module loadShane Lontis2021-05-251-1/+5
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15149)
* fips: default to running self tests when starting the fips providerPauli2021-05-241-27/+30
| | | | | | | | | | Also add a C++ constructor as per note 7 of IG 9.10 if no DEP is available and C++ is being used. Fixes #15322 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15324)
* PROV: Relegate most of the FIPS provider code to libfips.aRichard Levitte2021-05-213-6/+45
| | | | | | | | | | | | | | | | | | | | provider/fips/fipsprov.c contains a number of symbols that get used by anything that's included in libfips.a, at least on Unix. Unfortunately, there are platforms that do not support resolving symbols to things that are already included in the end product (module in this case) being built; they only support resolving symbols with what comes next in the linking process. The offending symbols in this case are FIPS_security_check_enabled, c_thread_start and ossl_fips_intern_provider_init. We resolve this by placing provider/fips/fipsprov.c in libfips.a along with everything else there. That takes care of the offending symbols. What remains is to ensure that there is an entry point in an object file used directly when linking the module, providers/fips/fips_entry.c Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15370)
* fipsprov: Missing teardown on fips_get_params_from_core() errorTomas Mraz2021-05-131-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15229)
* Add the ability for ex_data to have a priorityMatt Caswell2021-05-111-0/+1
| | | | | | | | Where an object has multiple ex_data associated with it, then we free that ex_data in order of priority (high priority first). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
* Clarify two comments (typos) in fipsprov.cDaniel Bevenius2021-05-061-3/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15150)
* PROV: Add OIDs we know to all provider applicable algorithmsRichard Levitte2021-04-181-138/+127
| | | | | | | | | | | The OIDs were extracted with the help of libcrypto's ASN1 OID database. While doing this, we move all the names strings to macro definitions, to avoid duplication and conflicting names declarations. Those macros are all in providers/implementations/include/prov/names.h Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
* Fix naming for EVP_RAND_CTX_gettable functions.Pauli2021-04-171-4/+4
| | | | | | | | | | | | | | | Change: EVP_RAND_gettable_ctx_params -> EVP_RAND_CTX_gettable_params EVP_RAND_settable_ctx_params -> EVP_RAND_CTX_settable_params Which brings them in line with the other similar functions for other algorithm types. Fixes #14880 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14893)
* Sanity check provider up-callsMatt Caswell2021-04-161-28/+43
| | | | | | | | | | | | | When we store references to up-calls for future reference we run a sanity check to make sure we either previously haven't set these values or they are the same as last time. We don't support the scenario where an application is linked against multiple versions of libcrypto but using a shared fips.so file. This would result in different up-calls for different calls to OSSL_provider_init(), which we currently can't handle. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14814)
* Store some FIPS global variables in the FIPS_GLOBAL structureMatt Caswell2021-04-161-72/+119
| | | | | | | | | | | | | We had some FIPS global variables that were based on values from the config file. In theory if two instances of the fips module are loaded they could be based on different config files which would cause this to fail. Instead we store them in the FIPS_GLOBAL structure. Fixes #14364 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14814)
* Add FIPS Self test for AES_ECB decryptShane Lontis2021-04-132-26/+65
| | | | | | | | | | | | | | | Fixes #14807 Compliance with IG 9.4 requires that an inverse cipher function be tested if one is implemented. Just running AES_GCM encrypt/decrypt does not meet this requirement (Since only ECB, CBC, XTS, KW, KWP support the inverse function during decryption mode). Added a mode to the cipher test so that the AES_GCM only does an encrypt and AES_ECB only does a decrypt. TDES still does both. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14825)
* Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().Shane Lontis2021-04-121-7/+7
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
* APPS: Replace the use of OBJ_nid2ln() with name or description callsRichard Levitte2021-04-021-15/+25
| | | | | | | | | | | | | | | | With new provided algorithms added, we'd rather rely on the names and descriptions that we get from the providers. Specifically with the 'openssl list' command, we now display the description of all algorithms. For '-public-key-algorithms', we additionally print key type information a bit more like we do for legacy methods. We also add descriptions to all our keymgmt functions, because the built in EVP_PKEY_ASN1_METHODs had them. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14656)
* Add ossl_provider symbolsShane Lontis2021-03-181-6/+6
| | | | | | | Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
* Always check CRYPTO_LOCK_{read,write}_lockRich Salz2021-03-141-6/+13
| | | | | | | | | | | | | | Some functions that lock things are void, so we just return early. Also make ossl_namemap_empty return 0 on error. Updated the docs, and added some code to ossl_namemap_stored() to handle the failure, and updated the tests to allow for failure. Fixes: #14230 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14238)
* Remove the RAND_get0_public() from fips provider initializationTomas Mraz2021-03-121-3/+0
| | | | | | | | | | It is not needed anymore and it causes leaks because it is called when the FIPS provider libctx is not yet properly set up. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14497)
* fips: update DRBG KATs for the extra instantiate argumentPauli2021-02-281-3/+3
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* fips: add additional argument to KDF derive call in self testPauli2021-02-281-3/+1
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* fips: update to use the extra MAC init argumentsPauli2021-02-281-5/+2
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
View Lorry Controller Status