From: Matt Caswell <matt@openssl.org>
Date: Tue, 28 May 2019 10:25:08 +0000 (+0100)
Subject: Make basic AES ciphers available from within the FIPS providers
X-Git-Tag: openssl-3.0.0-alpha1~2002
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=commitdiff_plain;h=66ad63e80198800ad94e4e4168a6b9b6a7c0fcd4

Make basic AES ciphers available from within the FIPS providers

These ciphers were already provider aware, and were available from the
default provider. We move them into the FIPS provider too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)
---

diff --git a/crypto/aes/build.info b/crypto/aes/build.info
index 1aa7a18dfb..d0801de94c 100644
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@@ -3,6 +3,10 @@ SOURCE[../../libcrypto]=\
         aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c \
         aes_ige.c aes_wrap.c {- $target{aes_asm_src} -}
 
+SOURCE[../../providers/fips]=\
+        aes_misc.c aes_ecb.c \
+        {- $target{aes_asm_src} -}
+
 GENERATE[aes-ia64.s]=asm/aes-ia64.S
 
 GENERATE[aes-586.s]=asm/aes-586.pl \
diff --git a/crypto/modes/build.info b/crypto/modes/build.info
index f015a4c302..d0a8e6935c 100644
--- a/crypto/modes/build.info
+++ b/crypto/modes/build.info
@@ -4,6 +4,10 @@ SOURCE[../../libcrypto]=\
         ccm128.c xts128.c wrap128.c ocb128.c siv128.c \
         {- $target{modes_asm_src} -}
 
+SOURCE[../../providers/fips]=\
+        cbc128.c ctr128.c cfb128.c ofb128.c \
+        {- $target{modes_asm_src} -}
+
 INCLUDE[gcm128.o]=..
 
 GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl $(LIB_CFLAGS) $(LIB_CPPFLAGS)
diff --git a/providers/common/ciphers/build.info b/providers/common/ciphers/build.info
index f4ff2ce875..b8c3172032 100644
--- a/providers/common/ciphers/build.info
+++ b/providers/common/ciphers/build.info
@@ -2,3 +2,6 @@ LIBS=../../../libcrypto
 SOURCE[../../../libcrypto]=\
         block.c aes.c aes_basic.c
 INCLUDE[../../../libcrypto]=. ../../../crypto
+
+SOURCE[../../fips]=\
+        block.c aes.c aes_basic.c
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 7842f90f76..37d7c5b3ed 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -20,6 +20,7 @@
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
+#include "internal/provider_algs.h"
 
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
@@ -92,13 +93,24 @@ static int fips_get_params(const OSSL_PROVIDER *prov,
     return 1;
 }
 
-extern const OSSL_DISPATCH sha256_functions[];
-
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA256", "fips=yes", sha256_functions },
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM fips_ciphers[] = {
+    { "AES-256-ECB", "fips=yes", aes256ecb_functions },
+    { "AES-192-ECB", "fips=yes", aes192ecb_functions },
+    { "AES-128-ECB", "fips=yes", aes128ecb_functions },
+    { "AES-256-CBC", "fips=yes", aes256cbc_functions },
+    { "AES-192-CBC", "fips=yes", aes192cbc_functions },
+    { "AES-128-CBC", "fips=yes", aes128cbc_functions },
+    { "AES-256-CTR", "fips=yes", aes256ctr_functions },
+    { "AES-192-CTR", "fips=yes", aes192ctr_functions },
+    { "AES-128-CTR", "fips=yes", aes128ctr_functions },
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
                                          int operation_id,
                                          int *no_cache)
@@ -107,6 +119,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
     switch (operation_id) {
     case OSSL_OP_DIGEST:
         return fips_digests;
+    case OSSL_OP_CIPHER:
+        return fips_ciphers;
     }
     return NULL;
 }