Page MenuHomeFreeBSD

libcrypto: fix the FIPS provider on amd64
ClosedPublic

Authored by khorben on Sep 4 2023, 6:28 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Oct 12, 4:05 PM
Unknown Object (File)
Sun, Oct 12, 3:22 AM
Unknown Object (File)
Sat, Oct 11, 1:01 AM
Unknown Object (File)
Mon, Oct 6, 3:39 PM
Unknown Object (File)
Mon, Oct 6, 11:48 AM
Unknown Object (File)
Sat, Oct 4, 2:32 PM
Unknown Object (File)
Fri, Oct 3, 1:15 PM
Unknown Object (File)
Wed, Oct 1, 6:39 AM
Subscribers

Details

Summary

This corrects the list of source files required for the FIPS provider,
as tested on a amd64 host. This still requires testing on the other
architectures.

Test Plan
# openssl fipsinstall -out /etc/ssl/fipsmodule.cnf -module /usr/lib/ossl-modules/fips.so
# vi /etc/ssl/openssl.cnf
[enable the FIPS module]
# echo test | openssl aes-256-cbc -provider fips -a -pbkdf2
enter AES-256-CBC encryption password:
Verifying - enter AES-256-CBC encryption password:
U2FsdGVkX199k8PlM+6jTPK4AARYYVR3BXF+a1bCLCk=

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

khorben created this revision.
secure/lib/libcrypto/modules/fips/Makefile
45

This needs aes-586.S now I think

Also build aes-586.S for i386.

This revision was not accepted when it landed; it landed in state Needs Review.Sep 21 2023, 3:38 PM
This revision was automatically updated to reflect the committed changes.