OS helper functions for hardware crypto (GCM and SymmetricCipher) should be disabled in FIPS mode.
In the line
Add this:
// The OS_Helper functions are not NIST certified, thus they can't be used in FIPS mode.
if (ockContext.isFIPS()) {
GCMHardwareFunctionPtr = -1;
}In the line
Add this:
// The OS_Helper functions are not NIST certified, thus they can't be used in FIPS mode.
if (ockContext.isFIPS()) {
GCMHardwareFunctionPtr = -1;
}Change the lines 145-151
|
if (hardwareEnabled.containsKey(ockContext)) |
To this:
// The OS_Helper functions are not NIST certified, thus they can't be used in FIPS mode.
if (!ockContext.isFIPS()) {
if (hardwareEnabled.containsKey(ockContext)) {
isHardwareSupport = hardwareEnabled.get(ockContext);
} else {
hardwareFunctionPtr = checkHardwareSupport(ockContext.getId());
isHardwareSupport = (hardwareFunctionPtr == 1) ? true : false;
hardwareEnabled.put(ockContext, isHardwareSupport);
}
}@gin-nader, could you please apply the above changes to all branches? Thanks
FYI @jasonkatonica
OS helper functions for hardware crypto (GCM and SymmetricCipher) should be disabled in FIPS mode.
In the line
OpenJCEPlus/src/main/java/com/ibm/crypto/plus/provider/base/GCMCipher.java
Line 192 in 8d812f0
Add this:
In the line
OpenJCEPlus/src/main/java/com/ibm/crypto/plus/provider/base/GCMCipher.java
Line 320 in 8d812f0
Add this:
Change the lines 145-151
OpenJCEPlus/src/main/java/com/ibm/crypto/plus/provider/base/SymmetricCipher.java
Line 145 in 8d812f0
To this:
@gin-nader, could you please apply the above changes to all branches? Thanks
FYI @jasonkatonica