Skip to content

Add compatibility for OpenSSL 3.x.x in fips.go #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add compatibility for OpenSSL 3.x.x in fips.go #159

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2a64d52
add openssl 3.0.0+ support
Apr 10, 2023
6ea9672
fix typedef
Apr 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions fips.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,22 +15,23 @@
package openssl

/*
#include <openssl/ssl.h>
#include <shim.h>
*/
import "C"
import "runtime"

// FIPSModeSet enables a FIPS 140-2 validated mode of operation.
// https://wiki.openssl.org/index.php/FIPS_mode_set()
// OpenSSL 3.0.0 and greater - https://www.openssl.org/docs/man3.0/man3/EVP_default_properties_is_fips_enabled.html,
// lower than 3.0.0 - https://wiki.openssl.org/index.php/FIPS_mode_set()
func FIPSModeSet(mode bool) error {
runtime.LockOSThread()
defer runtime.UnlockOSThread()

var r C.int
if mode {
r = C.FIPS_mode_set(1)
r = C.X_EVP_default_properties_enable_fips(nil, 1)
} else {
r = C.FIPS_mode_set(0)
r = C.X_EVP_default_properties_enable_fips(nil, 0)
}
if r != 1 {
return errorFromErrorQueue()
Expand Down
15 changes: 15 additions & 0 deletions shim.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -768,3 +768,18 @@ long X_X509_get_version(const X509 *x) {
int X_X509_set_version(X509 *x, long version) {
return X509_set_version(x, version);
}

/*
************************************************
* v3.0.0 and later implementation
************************************************
*/
#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
int X_EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable) {
return EVP_default_properties_enable_fips(libctx, enable);
}
#else
int X_EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable) {
return FIPS_mode_set(enable);
}
#endif
10 changes: 10 additions & 0 deletions shim.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,16 @@ extern const EVP_CIPHER *X_EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx);
extern int X_EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
extern int X_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);

/*
************************************************
* v0.x.x and v1.x.x type compatibility
************************************************
*/
#if OPENSSL_VERSION_NUMBER < 0x3000000fL
typedef void OSSL_LIB_CTX;
#endif
extern int X_EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable);

/* HMAC methods */
extern size_t X_HMAC_size(const HMAC_CTX *e);
extern HMAC_CTX *X_HMAC_CTX_new(void);
Expand Down