summaryrefslogtreecommitdiff
path: root/providers/fips/fipsprov.c
Commit message (Collapse)AuthorAgeFilesLines
* Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arraysIrak Rigia2023-04-211-2/+2
| | | | | | | | | Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
* Declare FIPS option functions in their own headerPauli2023-03-291-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20521)
* fips: rework the option handling codePauli2023-03-291-49/+74
| | | | | | | | Add option for restricting digests available to DRBGs. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20521)
* Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.slontis2023-03-071-2/+30
| | | | | | | | Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241)
* Remove AES SIV ciphers from the FIPS providerPauli2023-03-011-5/+0
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20386)
* Revert "Put EdDSA back as approved algorithms."Pauli2023-02-221-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 09627a8ceb69e19d2855b36228f44a3660af177a. NIST isn't allowing EdDSA at this stage after all, so flag it as not FIPS approved in the FIPS provider. Guidance for FIPS 140-3 is expected later this month: The use of EdDSA still remains non-approved. Before the FIPS 186-5 and SP 800-186 algorithms / curves can be used in the approved mode, the CMVP will need to do (at least) the following: * Incorporate FIPS 186-5 and SP 800-186 into SP 800-140C/D; * Update IG 10.3.A to incorporate self-test requirements for the new algorithms/curves. * Write a new IG on this transition to clarify the issues raised in this thread and elsewhere and provide a clear transition schedule. The CMVP is working on all three of these items and hope to have drafts public by the end of March. Since security relevant changes are not permitted for new 140-2 submissions, and under the assumption that this transition away from FIPS 186-4 algorithms will be 'soft' and not move modules to the historical list, we do not plan on writing 140-2 guidance for this transition. It seems unlikely that all of these requirements will be completed before we submit. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20343)
* Put EdDSA back as approved algorithms.Pauli2023-02-081-4/+4
| | | | | | | | | With FIPS 186-5 being published, these can again be validated. https://csrc.nist.gov/publications/detail/fips/186/5/final Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20219)
* Put X25519 and X448 back as approved algorithmsPauli2023-01-241-4/+4
| | | | | | | | | | | | | | | | CMVP's answer when questioned about this being: X448 and X25519 uses Curve448 and Curve25519, respectfully, within an ECDH scheme. Therefore, it is possible for a key agreement scheme that uses Curve448 and Curve25519 to be used in the approved mode and be viewed as an allowed algorithm if requirements of Scenario X2 of IG D.8 and IG A.2 are met (or Scenario 3 of D.F and IG C.A for FIPS 140-3). The use of EdDSA in the approved mode is not permitted until FIPS 186-5 is published and part of CMVP guidance. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20079)
* fips: make EdDSA unapproved for FIPSPauli2023-01-131-8/+9
| | | | | | | | | | Likewise for the related ECX key exchanges. NIST is mandating this until FIPS 186-5 is finalised. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20020)
* aes: add AES-GCM-SIV modes to the FIPS providerPauli2022-11-301-0/+5
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19777)
* Cleanup : directly include of `internal/nelem.h` when required.FdaSilvaYY2022-11-231-0/+1
| | | | | | | | And so clean a few useless includes Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19721)
* Put 3DES back into the FIPS provider as a non-approved algorithmPauli2022-11-101-1/+9
| | | | | | | | | This reverts commit fc0bb3411bd0c6ca264f610303933d0bf4f4682c and changes how 3DES is advertised. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19631)
* Remove DES cipher from the FIPS providerPauli2022-11-021-4/+0
| | | | | | | | | | | Co-authored-by: Randall Steck <rsteck@thinqsoft.com> Co-authored-by: Mark J. Minnoch <mark@keypair.us> Co-authored-by: Steve Weymann <steve@keypair.us> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19510)
* strcasecmp: implement strcasecmp and strncasecmpPauli2022-05-231-3/+0
| | | | | | | | | | | | Rather than relying on the locale code working, instead implement these functions directly. Fixes #18322 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18344)
* Avoid code duplication for locale initializationTomas Mraz2022-05-131-46/+3
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18282)
* Fix build on OPENSSL_SYS_TANDEM and older POSIXesTomas Mraz2022-05-131-12/+22
| | | | | | | | | | | It also allows for passing -DOPENSSL_NO_LOCALE as a workaround to ./Configure command. Fixes #18233 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18282)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* FIPS provider modificationsDmitry Belyavskiy2022-04-221-0/+37
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATAHugo Landau2022-04-011-19/+8
| | | | | | | | | | | | | This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized eagerly rather than lazily, which avoids the need for locking on access in most cases. Fixes #17116. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17881)
* provider: add TLS13_KDF to the default and FIPS providersPauli2021-08-051-0/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
* Don't leak the OSSL_LIB_CTX in the event of a failure to load the FIPS moduleMatt Caswell2021-07-281-0/+1
| | | | | | | | | | Ensure we free the OSSL_LIB_CTX on the error path. Fixes #16163 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16168)
* fips: set the library context and handle laterPauli2021-05-291-2/+3
| | | | | | | | | | | They need to be set once the provider will definitely be loading. If they are set earlier, a double free results on a failure. Fixes #15452 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15492)
* PROV: Relegate most of the FIPS provider code to libfips.aRichard Levitte2021-05-211-4/+20
| | | | | | | | | | | | | | | | | | | | provider/fips/fipsprov.c contains a number of symbols that get used by anything that's included in libfips.a, at least on Unix. Unfortunately, there are platforms that do not support resolving symbols to things that are already included in the end product (module in this case) being built; they only support resolving symbols with what comes next in the linking process. The offending symbols in this case are FIPS_security_check_enabled, c_thread_start and ossl_fips_intern_provider_init. We resolve this by placing provider/fips/fipsprov.c in libfips.a along with everything else there. That takes care of the offending symbols. What remains is to ensure that there is an entry point in an object file used directly when linking the module, providers/fips/fips_entry.c Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15370)
* fipsprov: Missing teardown on fips_get_params_from_core() errorTomas Mraz2021-05-131-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15229)
* Add the ability for ex_data to have a priorityMatt Caswell2021-05-111-0/+1
| | | | | | | | Where an object has multiple ex_data associated with it, then we free that ex_data in order of priority (high priority first). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
* Clarify two comments (typos) in fipsprov.cDaniel Bevenius2021-05-061-3/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15150)
* PROV: Add OIDs we know to all provider applicable algorithmsRichard Levitte2021-04-181-138/+127
| | | | | | | | | | | The OIDs were extracted with the help of libcrypto's ASN1 OID database. While doing this, we move all the names strings to macro definitions, to avoid duplication and conflicting names declarations. Those macros are all in providers/implementations/include/prov/names.h Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14498)
* Sanity check provider up-callsMatt Caswell2021-04-161-28/+43
| | | | | | | | | | | | | When we store references to up-calls for future reference we run a sanity check to make sure we either previously haven't set these values or they are the same as last time. We don't support the scenario where an application is linked against multiple versions of libcrypto but using a shared fips.so file. This would result in different up-calls for different calls to OSSL_provider_init(), which we currently can't handle. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14814)
* Store some FIPS global variables in the FIPS_GLOBAL structureMatt Caswell2021-04-161-72/+119
| | | | | | | | | | | | | We had some FIPS global variables that were based on values from the config file. In theory if two instances of the fips module are loaded they could be based on different config files which would cause this to fail. Instead we store them in the FIPS_GLOBAL structure. Fixes #14364 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14814)
* APPS: Replace the use of OBJ_nid2ln() with name or description callsRichard Levitte2021-04-021-15/+25
| | | | | | | | | | | | | | | | With new provided algorithms added, we'd rather rely on the names and descriptions that we get from the providers. Specifically with the 'openssl list' command, we now display the description of all algorithms. For '-public-key-algorithms', we additionally print key type information a bit more like we do for legacy methods. We also add descriptions to all our keymgmt functions, because the built in EVP_PKEY_ASN1_METHODs had them. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14656)
* Add ossl_provider symbolsShane Lontis2021-03-181-6/+6
| | | | | | | Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
* Remove the RAND_get0_public() from fips provider initializationTomas Mraz2021-03-121-3/+0
| | | | | | | | | | It is not needed anymore and it causes leaks because it is called when the FIPS provider libctx is not yet properly set up. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14497)
* Move the PROV_R reason codes to a public headerTomas Mraz2021-02-111-1/+1
| | | | | | | | | | | The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
* Avoid races by caching exported ciphers in the init functionMatt Caswell2021-02-021-2/+2
| | | | | | | | | | | TSAN was reporting a race of the exported ciphers cache that we create in the default and fips providers. This was because we cached it in the query function rather than the init function, so this would cause a race if multiple threads queried at the same time. In practice it probably wouldn't make much difference since different threads should come up with the same answer. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13987)
* Fix some odd names in our provider source codeRichard Levitte2021-02-011-2/+2
| | | | | | | | | | | | ecossl_dh_keyexch_functions -> ossl_ecdh_keyexch_functions ecossl_dsa_signature_functions -> ossl_ecdsa_signature_functions sm2_asym_cipher_functions -> ossl_sm2_asym_cipher_functions sm2_keymgmt_functions -> ossl_sm2_keymgmt_functions sm2_signature_functions -> ossl_sm2_signature_functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
* Update copyright yearRichard Levitte2021-01-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* params: OSSL_PARAM_utf8_ptr: don't automatically reference `address`Daiki Ueno2021-01-261-7/+7
| | | | | | | | | | | Since the pointer can be later be modified, the caller should have the responsibility to supply the address of that. Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13951)
* Add EVP_KDF-X942 to the fips moduleShane Lontis2020-12-021-1/+4
| | | | | | | | | | | | | | | | | The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
* prov: move the entropy source out of the FIPS providerPauli2020-11-201-2/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
* Add AES KW inverse ciphers to the EVP layerShane Lontis2020-11-021-0/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13272)
* Remove ossl_prov_util_nid_to_name()Shane Lontis2020-10-221-98/+0
| | | | | | | | | This removes a TODO. This function is not needed since any place that needs to do the conversion normally has a special case name2nid table. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13202)
* Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'Dr. Matthias St. Pierre2020-10-151-11/+10
| | | | | | | | | This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
* Rename OPENSSL_CTX prefix to OSSL_LIB_CTXDr. Matthias St. Pierre2020-10-151-17/+17
| | | | | | | | | | | | Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
* prov: prefix all exposed 'cipher' symbols with ossl_Pauli2020-10-011-4/+4
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13030)
* prov: prefix provider internal functions with ossl_Pauli2020-09-291-10/+12
| | | | | | | Also convert the names to lower case. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13014)
* prov: prefix all OSSL_DISPATCH tables names with ossl_Pauli2020-09-291-104/+117
| | | | | | | | This stops them leaking into other namespaces in a static build. They remain internal. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13013)
* Add a copy of OSSL_SELF_TEST_get_callback() to the fips module.Shane Lontis2020-09-191-0/+17
| | | | | | | | | | | | | | | | The user can set up a self test callback that should be activated when a keygen operation (e.g ec) occurs for the fips module. The callback information is stored inside the applications library context, but this was not being triggered since the library context used for the key generation operation was the internal library context used by the fips module (which is not the same as the application's library context). During the keygen operation the OSSL_SELF_TEST_get_callback() function is used to retrieve the callback info. By having a seperate copy of OSSL_SELF_TEST_get_callback() for the fips module we can ensure that the parent library context is used instead. The core OSSL_SELF_TEST_get_callback() function pointer is passed across the boundary during the fips modules entry point such that the fips version of the function can call it after changing the libctx. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12877)
* Add KEM (Key encapsulation mechanism) support to providersShane Lontis2020-09-191-0/+7
| | | | | | | | | | | | | | | | | | | SP800-56Br2 requires support for the RSA primitives for RSASVE generate and recover. As these are simple KEM operations another operation type has been added that can support future extensions. Added public functions EVP_PKEY_encapsulate_init(), EVP_PKEY_encapsulate(), EVP_PKEY_decapsulate_init() and EVP_PKEY_decapsulate() Added EVP_KEM_* functions. Added OSSL_FUNC_kem_* dispatch functions Added EVP_PKEY_CTX_set_kem_op() so that different types of KEM can be added in the future. This value must currently be set to "RSASVE" after EVP_PKEY_encapsulate_init() & EVP_PKEY_decapsulate_init() as there is no default value. This allows the existing RSA key types, keymanagers, and encoders to be used with the encapsulation operations. The design of the public API's resulted from contributions from @romen & @levitte. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12750)
* Add option to fipsinstall to disable fips security checks at run time.Shane Lontis2020-09-181-0/+21
| | | | | | | Changes merged from a patch by @richsalz. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
* keygen: add FIPS error state management to conditional self testsShane Lontis2020-09-121-0/+7
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12801)
View Lorry Controller Status