New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a FIPS provider and implement SHA256 in it #8537
Conversation
[ahem] |
I wonder if this is true on all platforms... I think that Windows demands that all symbols be resolved when linking the DLL, and I know for a fact that this is the case on VMS. |
Darn. I looked everywhere for that and couldn't find it!! Thanks for the pointer. |
|
I could imagine that being highly platform specific |
Too many hits to find the right one |
I believe that |
9a68b90
to
900f5bb
Compare
I updated this to address comments so far and rebased to pull in the commits from #8513. I dropped the changes to shlibloadtest because I found it to be unreliable. Instead I've amended the symbol_presence test to check for libcrypto symbols in fips.so that shouldn't be there. I've also taken this out of WIP. |
We could really make sure that all modules are linked with all symbols resolved. This requires adding this appropriately in
... or similar depending on the platform It does make sense to do this for engines as well, really, and they should get an additional |
Fixups pushed addressing the feedback so far. The "-z defs" change kind of makes the symbol_presence checks redundant...but that only impacts linux so maybe its useful still on some platforms? I've left it in for now. |
Good idea. That needs a more general fixup for other Unixen, and possibly for Windows |
Hmmm....I have no idea what to do about this travis error:
|
Ah! This error comes from mkdef.pl: Lines 109 to 143 in b3d113e
And appears to come ultimately from the "shared_target" value in the "Configurations" files. If that's the case it looks like there are quite a number missing from the list in mkdef.pl. Unfortunately I'm not sure what they should be set to for the missing platforms....@levitte? |
Hmmm... mkdef.pl should check if |
@levitte late reminder :) |
Travis still failed, although this time only in one build. In that build the symbol_presence test failed - complaining that all libcrypto symbols were absent. I don't see how this PR could have caused that (especially since all the other tests passed successfully) - so I suspect an anomaly. The appveyor failure was an issue and I have pushed a fixup for that. Lets see what happens this time around. |
Appveyor passed this time but Travis still failed :-( I really have no clue as to why the symbol_presence test is failing in this one build. @levitte - any ideas? |
On second thought, the |
bbb0546
to
50d0c5e
Compare
Fix-up commits pushed addressing @levitte's comments. |
Grrr...travis failure still. Pushed an update that hopefully fixes it. Also, offline, @levitte said to me that he had changed his mind about where the sources for the module should be specified. I've changed it back to the way I used to have it - which is what I think you intended. |
You understood me perfectly, Matt. The reasoning is that for large number of source files, it's better to keep the specs together, and close to the source, the same way we currently specify what goes into libcrypto. It also permits us to use common lists instead of copying so much, i.e. something like this:
Something like that... |
Including mem_dbg.c turns out to be not so easy... |
Yeah, I've noticed... I was surprised how little you were sucking into the FIPS module! The whole thing is quite entangled. A solution might be to turn off mdebug when building the FIPS module. It's not like the data collected will do anyone anything good anyway, unless you plan on calling its leak checking function at teardown... |
Much more will come in later (I've already have some work to do this) - but I wanted to keep it minimal for this PR |
Another attempt at getting travis to go through successfully. I've avoided pulling in mem_dbg.c because that wants to suck in a whole load of dependencies that I want to avoid at this stage. Instead I've just disabled crypto-mdebug within the context of the FIPS module (but not elsewhere) for now. I also found and fixed a mem-leak in the test while doing this! |
Woop! All the CIs passed! |
Pushed. Thanks!!! |
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #8537)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #8537)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #8537)
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #8537)
This PR is built on top of #8513. It creates the FIPS provider and implements SHA256 within it.
So far this only includes the C implementation of SHA256. Adding the assembler modules is a bit trickier so that is deferred for a later time. A consequence of that is that (AFAICT) OPENSSL_cleanse is only implemented in assembler so (for now) I have implemented a very simple C version of OPENSSL_cleanse. It's totally unsafe to use in production so will need to be removed before too long, but it gets things working for now.
I encountered some unexpected behaviour during the implementation of this. At one point I had created the FIPS provider but not yet added all the files I needed for SHA256. Therefore I was expecting the test I had written to use the new provider to fail due to some symbols not being present. To my surprise the test passed - the module loaded and performed SHA256 sucessfully. It seems that, when building the FIPS provider, if there are symbols from libcrypto that it needs but that aren't present, those symbols are resolved automatically if the provider is loaded by an application linked against libcrypto. This is not desirable behaviour since the FIPS module must be entirely self-contained. To detect this problem I created a new test in shlibloadtest that simply loads the FIPS module from an application that isn't linked with libcrypto. If there are no missing symbols then this should work and will fail otherwise.
Finally, this PR also implements a "no-fips" Configure option.