Re: git: 8f37b3a142f2 - main - libcrypto: fix the FIPS provider on amd64
- In reply to: Ed Maste : "git: 8f37b3a142f2 - main - libcrypto: fix the FIPS provider on amd64"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 21 Sep 2023 16:45:21 UTC
Hi there, On 9/21/23 17:38, Ed Maste wrote: > The branch main has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=8f37b3a142f2f7197896cd283c44c7e4fb64aaf3 > > commit 8f37b3a142f2f7197896cd283c44c7e4fb64aaf3 > Author: Pierre Pronchery <pierre@freebsdfoundation.org> > AuthorDate: 2023-09-04 17:57:35 +0000 > Commit: Ed Maste <emaste@FreeBSD.org> > CommitDate: 2023-09-21 15:38:02 +0000 > > libcrypto: fix the FIPS provider on amd64 > > This corrects the list of source files required for the FIPS provider. > > To test: > > ``` > INSTALL PASSED > enter AES-128-CBC encryption password: > Verifying - enter AES-128-CBC encryption password: > U2FsdGVkX1+MGm7LbZou29UWU+KAyBX/PxF5T1pO9VM= > ``` The complete test procedure, including the corresponding commands is: ``` # openssl fipsinstall -out /etc/ssl/fipsmodule.cnf \ -module /usr/lib/ossl-modules/fips.so [...] INSTALL PASSED # vi /etc/ssl/openssl.cnf [enable the FIPS module] # echo test | openssl aes-256-cbc -provider fips -a -pbkdf2 enter AES-256-CBC encryption password: Verifying - enter AES-256-CBC encryption password: U2FsdGVkX199k8PlM+6jTPK4AARYYVR3BXF+a1bCLCk= ``` HTH, -- Pierre > > Reviewed by: emaste > Fixes: b077aed33b7b ("Merge OpenSSL 3.0.9") > Sponsored by: The FreeBSD Foundation > Pull Request: https://github.com/freebsd/freebsd-src/pull/837 > Differential Revision: https://reviews.freebsd.org/D41720 > --- > secure/lib/libcrypto/modules/fips/Makefile | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/secure/lib/libcrypto/modules/fips/Makefile b/secure/lib/libcrypto/modules/fips/Makefile > index b674126bb6cf..8843cb9717c9 100644 > --- a/secure/lib/libcrypto/modules/fips/Makefile > +++ b/secure/lib/libcrypto/modules/fips/Makefile > @@ -32,25 +32,25 @@ SRCS+= mem_clr.c > .endif > > # crypto/aes > -SRCS+= aes_cbc.c aes_cfb.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c aes_wrap.c > +SRCS+= aes_cfb.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c aes_wrap.c > .if defined(ASM_aarch64) > -SRCS+= aes_core.c aesv8-armx.S vpaes-armv8.S > +SRCS+= aes_cbc.c aes_core.c aesv8-armx.S vpaes-armv8.S > ACFLAGS.aesv8-armx.S= -march=armv8-a+crypto > .elif defined(ASM_amd64) > -SRCS+= aes_core.c aesni-mb-x86_64.S aesni-sha1-x86_64.S aesni-sha256-x86_64.S > -SRCS+= aesni-x86_64.S vpaes-x86_64.S > +SRCS+= aes-x86_64.S aesni-mb-x86_64.S aesni-sha1-x86_64.S > +SRCS+= aesni-sha256-x86_64.S aesni-x86_64.S bsaes-x86_64.S vpaes-x86_64.S > .elif defined(ASM_arm) > -SRCS+= aes-armv4.S aesv8-armx.S bsaes-armv7.S > +SRCS+= aes_cbc.c aes-armv4.S aesv8-armx.S bsaes-armv7.S > .elif defined(ASM_i386) > -SRCS+= aes_core.c aesni-x86.S vpaes-x86.S > +SRCS+= aes-586.S aesni-x86.S vpaes-x86.S > .elif defined(ASM_powerpc) > -SRCS+= aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > +SRCS+= aes_cbc.c aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > .elif defined(ASM_powerpc64) > -SRCS+= aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > +SRCS+= aes_cbc.c aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > .elif defined(ASM_powerpc64le) > -SRCS+= aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > +SRCS+= aes_cbc.c aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > .else > -SRCS+= aes_core.c > +SRCS+= aes_cbc.c aes_core.c > .endif > > # crypto/bn > > -- Pierre Pronchery <pierre@freebsdfoundation.org>