diff options
| author | Pauli <paul.dale@oracle.com> | 2020-06-03 10:55:49 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-06-05 09:20:20 +1000 |
| commit | b1c21b27dce840cfe2c9554b498fdcd115799a2f (patch) | |
| tree | 0d51364ea3e1f2542205b8e7962af4a9b89a4f8d /providers | |
| parent | a64a143f314c00937c14b61157e4ea934f3c6b69 (diff) | |
fips: add additional algorithms to the FIPS provider.
Discussions are ongoing but the OMC has approved the in-principle addition
of these algorithms to the upcoming FIPS validation.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12020)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/fips/fipsprov.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 31217202f2..0484a54f52 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -377,8 +377,17 @@ static const OSSL_ALGORITHM fips_digests[] = { { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions }, { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions }, - /* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */ - { "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions }, + { "SHAKE-128:SHAKE128", "provider=fips,fips=yes", shake_128_functions }, + { "SHAKE-256:SHAKE256", "provider=fips,fips=yes", shake_256_functions }, + + /* + * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for + * KMAC128 and KMAC256. + */ + { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", + keccak_kmac_128_functions }, + { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", + keccak_kmac_256_functions }, { NULL, NULL, NULL } }; @@ -439,8 +448,13 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; static const OSSL_ALGORITHM fips_macs[] = { +#ifndef OPENSSL_NO_CMAC + { "CMAC", "provider=fips,fips=yes", cmac_functions }, +#endif { "GMAC", "provider=fips,fips=yes", gmac_functions }, { "HMAC", "provider=fips,fips=yes", hmac_functions }, + { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions }, + { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions }, { NULL, NULL, NULL } }; @@ -448,7 +462,10 @@ static const OSSL_ALGORITHM fips_kdfs[] = { { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions }, { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions }, { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions }, + { "SSHKDF", "provider=fips,fips=yes", kdf_sshkdf_functions }, + { "X963KDF", "provider=fips,fips=yes", kdf_x963_kdf_functions }, { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions }, + { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions }, { NULL, NULL, NULL } }; @@ -490,7 +507,8 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions }, #endif { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions }, - { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions }, + { "RSA-PSS:RSASSA-PSS", "provider=fips,fips=yes", + rsapss_keymgmt_functions }, #ifndef OPENSSL_NO_EC { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions }, { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions }, |