From nobody Thu Sep 21 16:45:21 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rs1VD2nHSz4th8r for ; Thu, 21 Sep 2023 16:45:24 +0000 (UTC) (envelope-from pierre@freebsdfoundation.org) Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com [IPv6:2a00:1450:4864:20::433]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rs1VD0sBNz4YRm for ; Thu, 21 Sep 2023 16:45:24 +0000 (UTC) (envelope-from pierre@freebsdfoundation.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-32008e339adso1183802f8f.2 for ; Thu, 21 Sep 2023 09:45:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsdfoundation.org; s=gfnp-20170908; t=1695314722; x=1695919522; darn=freebsd.org; h=content-transfer-encoding:in-reply-to:organization:from:cc :references:to:content-language:subject:user-agent:mime-version:date :message-id:from:to:cc:subject:date:message-id:reply-to; bh=BP8GoDKF3KhUDIJfKENR7v1PcG8qwK9nfp1jyNDBDTE=; b=S6uJUdbT5ZW+I2LlbbbJLR/Mk5Ou3ExmZt5h7+a3M5OPvxveg+NmB3H1wQu6x/DYRP rlq3z6SAPxj20vYotSmGgtv8VvrRYgn95DBmgr4VdEQkR98K8f7ZW5gHqhs/pIe7svPM x4bQPzmfYwDXeyH1S0PXCEho/QrbsuSMg38PKrs7ZQNSSFeCWEk28CSERzrg5Gce3U9+ GLQeES9wlqVE1u1alIJZjpH0WUH0JJ7OhnlF7kWQtUFKKa8dcvPXk/7LtduSI/i/vc0k n4F8ATKVuohaqFaUtkMhFPCJ8Vl3sW6wneNcaAIg7j9QOj35BM4g9xtOnQXYammDNLNh D5uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695314722; x=1695919522; h=content-transfer-encoding:in-reply-to:organization:from:cc :references:to:content-language:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BP8GoDKF3KhUDIJfKENR7v1PcG8qwK9nfp1jyNDBDTE=; b=tMCY9ib3c7h3hl0J+xLrlqUkAKNXMvslLEpyEQppQxY7+D5M4V/1/3U8PSxo7OAk69 o0e3zh0iGt+ifdWjsfr2Nlb37/0HkL+N2F63sJz16to0uSzaYJChWSALhRl3yQuo/vrw u3pcAi9+pcNfSnitih0jiSt8N1doTagnGCL69hDScTQihTcbTPoDTAKBRuafIWaHfEIk faMv81/29332c95ILgZQZZ0yoeXx8ahkdmuXjhJC4uIZEkylKl/lbIx7Au5RC2a5oOIh /R8EwIFMtVoDobAjHCclf3iCb6RQ64iWfyXWg2NlgWwohBXjvETNedL4tH9tkSyV/YtI J70w== X-Gm-Message-State: AOJu0Yw5k6afqJwNzemxhyWSWnsPbNc7sKO1GFTn3LPQYMrPQoggv36u u5beOGb47woQEmO2zT4nbuVwZveB X-Google-Smtp-Source: AGHT+IFUolv0KixFDudTMcCrwSXhq7mlzMv9iugDwzMZq5LdeJyVILahGUgWEe1BRHtHF5BsSBVFTA== X-Received: by 2002:a5d:4c85:0:b0:320:1d1:71c4 with SMTP id z5-20020a5d4c85000000b0032001d171c4mr5295091wrs.23.1695314722379; Thu, 21 Sep 2023 09:45:22 -0700 (PDT) Received: from [192.168.151.7] ([61.28.200.56]) by smtp.gmail.com with ESMTPSA id w10-20020adfde8a000000b0031fba0a746bsm2230493wrl.9.2023.09.21.09.45.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Sep 2023 09:45:21 -0700 (PDT) Message-ID: <610971ad-00b5-f905-369c-b373fa77ede5@freebsdfoundation.org> Date: Thu, 21 Sep 2023 18:45:21 +0200 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Subject: Re: git: 8f37b3a142f2 - main - libcrypto: fix the FIPS provider on amd64 Content-Language: en-US To: Ed Maste References: <202309211538.38LFcWEe008044@gitrepo.freebsd.org> Cc: dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org, src-committers@FreeBSD.org From: Pierre Pronchery Organization: FreeBSD Foundation In-Reply-To: <202309211538.38LFcWEe008044@gitrepo.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Queue-Id: 4Rs1VD0sBNz4YRm Hi there, On 9/21/23 17:38, Ed Maste wrote: > The branch main has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=8f37b3a142f2f7197896cd283c44c7e4fb64aaf3 > > commit 8f37b3a142f2f7197896cd283c44c7e4fb64aaf3 > Author: Pierre Pronchery > AuthorDate: 2023-09-04 17:57:35 +0000 > Commit: Ed Maste > CommitDate: 2023-09-21 15:38:02 +0000 > > libcrypto: fix the FIPS provider on amd64 > > This corrects the list of source files required for the FIPS provider. > > To test: > > ``` > INSTALL PASSED > enter AES-128-CBC encryption password: > Verifying - enter AES-128-CBC encryption password: > U2FsdGVkX1+MGm7LbZou29UWU+KAyBX/PxF5T1pO9VM= > ``` The complete test procedure, including the corresponding commands is: ``` # openssl fipsinstall -out /etc/ssl/fipsmodule.cnf \ -module /usr/lib/ossl-modules/fips.so [...] INSTALL PASSED # vi /etc/ssl/openssl.cnf [enable the FIPS module] # echo test | openssl aes-256-cbc -provider fips -a -pbkdf2 enter AES-256-CBC encryption password: Verifying - enter AES-256-CBC encryption password: U2FsdGVkX199k8PlM+6jTPK4AARYYVR3BXF+a1bCLCk= ``` HTH, -- Pierre > > Reviewed by: emaste > Fixes: b077aed33b7b ("Merge OpenSSL 3.0.9") > Sponsored by: The FreeBSD Foundation > Pull Request: https://github.com/freebsd/freebsd-src/pull/837 > Differential Revision: https://reviews.freebsd.org/D41720 > --- > secure/lib/libcrypto/modules/fips/Makefile | 20 ++++++++++---------- > 1 file changed, 10 insertions(+), 10 deletions(-) > > diff --git a/secure/lib/libcrypto/modules/fips/Makefile b/secure/lib/libcrypto/modules/fips/Makefile > index b674126bb6cf..8843cb9717c9 100644 > --- a/secure/lib/libcrypto/modules/fips/Makefile > +++ b/secure/lib/libcrypto/modules/fips/Makefile > @@ -32,25 +32,25 @@ SRCS+= mem_clr.c > .endif > > # crypto/aes > -SRCS+= aes_cbc.c aes_cfb.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c aes_wrap.c > +SRCS+= aes_cfb.c aes_ecb.c aes_ige.c aes_misc.c aes_ofb.c aes_wrap.c > .if defined(ASM_aarch64) > -SRCS+= aes_core.c aesv8-armx.S vpaes-armv8.S > +SRCS+= aes_cbc.c aes_core.c aesv8-armx.S vpaes-armv8.S > ACFLAGS.aesv8-armx.S= -march=armv8-a+crypto > .elif defined(ASM_amd64) > -SRCS+= aes_core.c aesni-mb-x86_64.S aesni-sha1-x86_64.S aesni-sha256-x86_64.S > -SRCS+= aesni-x86_64.S vpaes-x86_64.S > +SRCS+= aes-x86_64.S aesni-mb-x86_64.S aesni-sha1-x86_64.S > +SRCS+= aesni-sha256-x86_64.S aesni-x86_64.S bsaes-x86_64.S vpaes-x86_64.S > .elif defined(ASM_arm) > -SRCS+= aes-armv4.S aesv8-armx.S bsaes-armv7.S > +SRCS+= aes_cbc.c aes-armv4.S aesv8-armx.S bsaes-armv7.S > .elif defined(ASM_i386) > -SRCS+= aes_core.c aesni-x86.S vpaes-x86.S > +SRCS+= aes-586.S aesni-x86.S vpaes-x86.S > .elif defined(ASM_powerpc) > -SRCS+= aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > +SRCS+= aes_cbc.c aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > .elif defined(ASM_powerpc64) > -SRCS+= aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > +SRCS+= aes_cbc.c aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > .elif defined(ASM_powerpc64le) > -SRCS+= aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > +SRCS+= aes_cbc.c aes_core.c aes-ppc.S vpaes-ppc.S aesp8-ppc.S > .else > -SRCS+= aes_core.c > +SRCS+= aes_cbc.c aes_core.c > .endif > > # crypto/bn > > -- Pierre Pronchery