]>
Commit | Line | Data |
---|---|---|
9efa0ae0 | 1 | /* |
33388b44 | 2 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. |
9efa0ae0 MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
23c48d94 | 10 | #include <openssl/core_dispatch.h> |
9efa0ae0 MC |
11 | #include <openssl/core_names.h> |
12 | #include <openssl/params.h> | |
dcb71e1c | 13 | #include <openssl/obj_mac.h> /* NIDs used by ossl_prov_util_nid_to_name() */ |
25e60144 | 14 | #include <openssl/fips_names.h> |
7d615e21 | 15 | #include <openssl/rand.h> /* RAND_get0_public() */ |
3593266d | 16 | #include "internal/cryptlib.h" |
af3e7e1b | 17 | #include "prov/implementations.h" |
ddd21319 RL |
18 | #include "prov/provider_ctx.h" |
19 | #include "prov/providercommon.h" | |
9f7bdcf3 | 20 | #include "prov/providercommonerr.h" |
0d2bfe52 | 21 | #include "prov/provider_util.h" |
36fc5fc6 | 22 | #include "self_test.h" |
9efa0ae0 | 23 | |
dcb71e1c SL |
24 | static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; |
25 | static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; | |
26 | ||
fdaad3f1 RL |
27 | /* |
28 | * Forward declarations to ensure that interface functions are correctly | |
29 | * defined. | |
30 | */ | |
363b1e5d DMSP |
31 | static OSSL_FUNC_provider_teardown_fn fips_teardown; |
32 | static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; | |
33 | static OSSL_FUNC_provider_get_params_fn fips_get_params; | |
34 | static OSSL_FUNC_provider_query_operation_fn fips_query; | |
fdaad3f1 | 35 | |
dcb71e1c | 36 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } |
0d2bfe52 SL |
37 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) |
38 | ||
363b1e5d | 39 | extern OSSL_FUNC_core_thread_start_fn *c_thread_start; |
b60cba3c | 40 | |
da747958 MC |
41 | /* |
42 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
43 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c RS |
44 | * at the moment because c_put_error/c_add_error_vdata do not provide |
45 | * us with the OPENSSL_CTX as a parameter. | |
da747958 | 46 | */ |
25e60144 SL |
47 | |
48 | static SELF_TEST_POST_PARAMS selftest_params; | |
49 | ||
9efa0ae0 | 50 | /* Functions provided by the core */ |
363b1e5d DMSP |
51 | static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; |
52 | static OSSL_FUNC_core_get_params_fn *c_get_params; | |
53 | OSSL_FUNC_core_thread_start_fn *c_thread_start; | |
54 | static OSSL_FUNC_core_new_error_fn *c_new_error; | |
55 | static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug; | |
56 | static OSSL_FUNC_core_vset_error_fn *c_vset_error; | |
57 | static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; | |
58 | static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; | |
59 | static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; | |
60 | static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; | |
61 | static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
62 | static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; | |
63 | static OSSL_FUNC_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
64 | static OSSL_FUNC_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
65 | static OSSL_FUNC_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
66 | static OSSL_FUNC_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
67 | static OSSL_FUNC_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
68 | static OSSL_FUNC_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
69 | static OSSL_FUNC_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
70 | static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
71 | static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; | |
04cb5ec0 SL |
72 | static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL; |
73 | static OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL; | |
9efa0ae0 | 74 | |
da747958 | 75 | typedef struct fips_global_st { |
d40b42ab | 76 | const OSSL_CORE_HANDLE *handle; |
da747958 MC |
77 | } FIPS_GLOBAL; |
78 | ||
79 | static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) | |
80 | { | |
81 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
82 | ||
83 | return fgbl; | |
84 | } | |
85 | ||
86 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
87 | { | |
88 | OPENSSL_free(fgbl); | |
89 | } | |
90 | ||
91 | static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { | |
92 | fips_prov_ossl_ctx_new, | |
93 | fips_prov_ossl_ctx_free, | |
94 | }; | |
95 | ||
96 | ||
9efa0ae0 | 97 | /* Parameters we provide to the core */ |
26175013 RL |
98 | static const OSSL_PARAM fips_param_types[] = { |
99 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
100 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
101 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
04cb5ec0 | 102 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0), |
26175013 | 103 | OSSL_PARAM_END |
9efa0ae0 MC |
104 | }; |
105 | ||
25e60144 SL |
106 | /* |
107 | * Parameters to retrieve from the core provider - required for self testing. | |
108 | * NOTE: inside core_get_params() these will be loaded from config items | |
b8086652 SL |
109 | * stored inside prov->parameters (except for |
110 | * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). | |
25e60144 SL |
111 | */ |
112 | static OSSL_PARAM core_params[] = | |
113 | { | |
b8086652 | 114 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, |
25e60144 SL |
115 | selftest_params.module_filename, |
116 | sizeof(selftest_params.module_filename)), | |
117 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
118 | selftest_params.module_checksum_data, | |
119 | sizeof(selftest_params.module_checksum_data)), | |
120 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
121 | selftest_params.indicator_checksum_data, | |
122 | sizeof(selftest_params.indicator_checksum_data)), | |
123 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
124 | selftest_params.indicator_data, | |
125 | sizeof(selftest_params.indicator_data)), | |
126 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
127 | selftest_params.indicator_version, | |
128 | sizeof(selftest_params.indicator_version)), | |
129 | OSSL_PARAM_END | |
130 | }; | |
131 | ||
fdaad3f1 | 132 | static const OSSL_PARAM *fips_gettable_params(void *provctx) |
9efa0ae0 MC |
133 | { |
134 | return fips_param_types; | |
135 | } | |
136 | ||
fdaad3f1 | 137 | static int fips_get_params(void *provctx, OSSL_PARAM params[]) |
9efa0ae0 | 138 | { |
4e7991b4 | 139 | OSSL_PARAM *p; |
9efa0ae0 MC |
140 | |
141 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
142 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
143 | return 0; | |
144 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
145 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
146 | return 0; | |
147 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
148 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
149 | return 0; | |
04cb5ec0 SL |
150 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); |
151 | if (p != NULL && !OSSL_PARAM_set_uint(p, FIPS_is_running())) | |
152 | return 0; | |
9efa0ae0 MC |
153 | return 1; |
154 | } | |
155 | ||
04cb5ec0 SL |
156 | static void set_self_test_cb(const OSSL_CORE_HANDLE *handle) |
157 | { | |
158 | if (c_stcbfn != NULL && c_get_libctx != NULL) { | |
159 | c_stcbfn(c_get_libctx(handle), &selftest_params.cb, | |
160 | &selftest_params.cb_arg); | |
161 | } else { | |
162 | selftest_params.cb = NULL; | |
163 | selftest_params.cb_arg = NULL; | |
164 | } | |
165 | } | |
166 | ||
167 | static int fips_self_test(void *provctx) | |
168 | { | |
169 | set_self_test_cb(FIPS_get_core_handle(selftest_params.libctx)); | |
170 | return SELF_TEST_post(&selftest_params, 1) ? 1 : 0; | |
171 | } | |
172 | ||
4cecf7a1 | 173 | /* FIPS specific version of the function of the same name in provlib.c */ |
dcb71e1c | 174 | /* TODO(3.0) - Is this function needed ? */ |
4cecf7a1 MC |
175 | const char *ossl_prov_util_nid_to_name(int nid) |
176 | { | |
f844f9eb | 177 | /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */ |
4cecf7a1 MC |
178 | |
179 | switch (nid) { | |
180 | /* Digests */ | |
181 | case NID_sha1: | |
df553b79 | 182 | return "SHA1"; |
4cecf7a1 | 183 | case NID_sha224: |
df553b79 | 184 | return "SHA-224"; |
4cecf7a1 | 185 | case NID_sha256: |
df553b79 | 186 | return "SHA-256"; |
4cecf7a1 | 187 | case NID_sha384: |
df553b79 | 188 | return "SHA-384"; |
4cecf7a1 | 189 | case NID_sha512: |
df553b79 | 190 | return "SHA-512"; |
4cecf7a1 | 191 | case NID_sha512_224: |
df553b79 | 192 | return "SHA-512/224"; |
4cecf7a1 | 193 | case NID_sha512_256: |
df553b79 | 194 | return "SHA-512/256"; |
4cecf7a1 MC |
195 | case NID_sha3_224: |
196 | return "SHA3-224"; | |
197 | case NID_sha3_256: | |
198 | return "SHA3-256"; | |
199 | case NID_sha3_384: | |
200 | return "SHA3-384"; | |
201 | case NID_sha3_512: | |
202 | return "SHA3-512"; | |
203 | ||
204 | /* Ciphers */ | |
205 | case NID_aes_256_ecb: | |
206 | return "AES-256-ECB"; | |
207 | case NID_aes_192_ecb: | |
208 | return "AES-192-ECB"; | |
209 | case NID_aes_128_ecb: | |
210 | return "AES-128-ECB"; | |
211 | case NID_aes_256_cbc: | |
212 | return "AES-256-CBC"; | |
213 | case NID_aes_192_cbc: | |
214 | return "AES-192-CBC"; | |
215 | case NID_aes_128_cbc: | |
216 | return "AES-128-CBC"; | |
217 | case NID_aes_256_ctr: | |
218 | return "AES-256-CTR"; | |
219 | case NID_aes_192_ctr: | |
220 | return "AES-192-CTR"; | |
221 | case NID_aes_128_ctr: | |
222 | return "AES-128-CTR"; | |
3a9f26f3 SL |
223 | case NID_aes_256_xts: |
224 | return "AES-256-XTS"; | |
225 | case NID_aes_128_xts: | |
226 | return "AES-128-XTS"; | |
3bfe9005 | 227 | case NID_aes_256_gcm: |
df553b79 | 228 | return "AES-256-GCM"; |
3bfe9005 | 229 | case NID_aes_192_gcm: |
df553b79 | 230 | return "AES-192-GCM"; |
3bfe9005 | 231 | case NID_aes_128_gcm: |
df553b79 | 232 | return "AES-128-GCM"; |
3bfe9005 | 233 | case NID_aes_256_ccm: |
df553b79 | 234 | return "AES-256-CCM"; |
3bfe9005 | 235 | case NID_aes_192_ccm: |
df553b79 | 236 | return "AES-192-CCM"; |
3bfe9005 | 237 | case NID_aes_128_ccm: |
df553b79 | 238 | return "AES-128-CCM"; |
ca392b29 | 239 | case NID_id_aes256_wrap: |
df553b79 | 240 | return "AES-256-WRAP"; |
ca392b29 | 241 | case NID_id_aes192_wrap: |
df553b79 | 242 | return "AES-192-WRAP"; |
ca392b29 | 243 | case NID_id_aes128_wrap: |
df553b79 | 244 | return "AES-128-WRAP"; |
ca392b29 | 245 | case NID_id_aes256_wrap_pad: |
df553b79 | 246 | return "AES-256-WRAP-PAD"; |
ca392b29 | 247 | case NID_id_aes192_wrap_pad: |
df553b79 | 248 | return "AES-192-WRAP-PAD"; |
ca392b29 | 249 | case NID_id_aes128_wrap_pad: |
df553b79 | 250 | return "AES-128-WRAP-PAD"; |
ca392b29 SL |
251 | case NID_des_ede3_ecb: |
252 | return "DES-EDE3"; | |
253 | case NID_des_ede3_cbc: | |
254 | return "DES-EDE3-CBC"; | |
0d2bfe52 SL |
255 | case NID_aes_256_cbc_hmac_sha256: |
256 | return "AES-256-CBC-HMAC-SHA256"; | |
257 | case NID_aes_128_cbc_hmac_sha256: | |
258 | return "AES-128-CBC-HMAC-SHA256"; | |
259 | case NID_aes_256_cbc_hmac_sha1: | |
260 | return "AES-256-CBC-HMAC-SHA1"; | |
261 | case NID_aes_128_cbc_hmac_sha1: | |
262 | return "AES-128-CBC-HMAC-SHA1"; | |
3bfe9005 SL |
263 | default: |
264 | break; | |
4cecf7a1 MC |
265 | } |
266 | ||
267 | return NULL; | |
268 | } | |
269 | ||
df553b79 RL |
270 | /* |
271 | * For the algorithm names, we use the following formula for our primary | |
272 | * names: | |
273 | * | |
274 | * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] | |
275 | * | |
276 | * VERSION is only present if there are multiple versions of | |
277 | * an alg (MD2, MD4, MD5). It may be omitted if there is only | |
278 | * one version (if a subsequent version is released in the future, | |
279 | * we can always change the canonical name, and add the old name | |
280 | * as an alias). | |
281 | * | |
282 | * SUBNAME may be present where we are combining multiple | |
283 | * algorithms together, e.g. MD5-SHA1. | |
284 | * | |
285 | * SIZE is only present if multiple versions of an algorithm exist | |
286 | * with different sizes (e.g. AES-128-CBC, AES-256-CBC) | |
287 | * | |
288 | * MODE is only present where applicable. | |
289 | * | |
290 | * We add diverse other names where applicable, such as the names that | |
291 | * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names | |
292 | * we have used historically. | |
293 | */ | |
9efa0ae0 | 294 | static const OSSL_ALGORITHM fips_digests[] = { |
df553b79 | 295 | /* Our primary name:NiST name[:our older names] */ |
5ccada09 | 296 | { "SHA1:SHA-1:SSL3-SHA1", FIPS_DEFAULT_PROPERTIES, sha1_functions }, |
dcb71e1c SL |
297 | { "SHA2-224:SHA-224:SHA224", FIPS_DEFAULT_PROPERTIES, sha224_functions }, |
298 | { "SHA2-256:SHA-256:SHA256", FIPS_DEFAULT_PROPERTIES, sha256_functions }, | |
299 | { "SHA2-384:SHA-384:SHA384", FIPS_DEFAULT_PROPERTIES, sha384_functions }, | |
300 | { "SHA2-512:SHA-512:SHA512", FIPS_DEFAULT_PROPERTIES, sha512_functions }, | |
301 | { "SHA2-512/224:SHA-512/224:SHA512-224", FIPS_DEFAULT_PROPERTIES, | |
df553b79 | 302 | sha512_224_functions }, |
dcb71e1c | 303 | { "SHA2-512/256:SHA-512/256:SHA512-256", FIPS_DEFAULT_PROPERTIES, |
df553b79 RL |
304 | sha512_256_functions }, |
305 | ||
306 | /* We agree with NIST here, so one name only */ | |
dcb71e1c SL |
307 | { "SHA3-224", FIPS_DEFAULT_PROPERTIES, sha3_224_functions }, |
308 | { "SHA3-256", FIPS_DEFAULT_PROPERTIES, sha3_256_functions }, | |
309 | { "SHA3-384", FIPS_DEFAULT_PROPERTIES, sha3_384_functions }, | |
310 | { "SHA3-512", FIPS_DEFAULT_PROPERTIES, sha3_512_functions }, | |
d5e5e2ff | 311 | |
dcb71e1c SL |
312 | { "SHAKE-128:SHAKE128", FIPS_DEFAULT_PROPERTIES, shake_128_functions }, |
313 | { "SHAKE-256:SHAKE256", FIPS_DEFAULT_PROPERTIES, shake_256_functions }, | |
b1c21b27 P |
314 | |
315 | /* | |
316 | * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for | |
317 | * KMAC128 and KMAC256. | |
318 | */ | |
dcb71e1c | 319 | { "KECCAK-KMAC-128:KECCAK-KMAC128", FIPS_DEFAULT_PROPERTIES, |
b1c21b27 | 320 | keccak_kmac_128_functions }, |
dcb71e1c | 321 | { "KECCAK-KMAC-256:KECCAK-KMAC256", FIPS_DEFAULT_PROPERTIES, |
b1c21b27 | 322 | keccak_kmac_256_functions }, |
9efa0ae0 MC |
323 | { NULL, NULL, NULL } |
324 | }; | |
325 | ||
0d2bfe52 | 326 | static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { |
df553b79 | 327 | /* Our primary name[:ASN.1 OID name][:our older names] */ |
0d2bfe52 SL |
328 | ALG("AES-256-ECB", aes256ecb_functions), |
329 | ALG("AES-192-ECB", aes192ecb_functions), | |
330 | ALG("AES-128-ECB", aes128ecb_functions), | |
5ccada09 SL |
331 | ALG("AES-256-CBC:AES256", aes256cbc_functions), |
332 | ALG("AES-192-CBC:AES192", aes192cbc_functions), | |
333 | ALG("AES-128-CBC:AES128", aes128cbc_functions), | |
7cc355c2 SL |
334 | ALG("AES-256-CBC-CTS", aes256cbc_cts_functions), |
335 | ALG("AES-192-CBC-CTS", aes192cbc_cts_functions), | |
336 | ALG("AES-128-CBC-CTS", aes128cbc_cts_functions), | |
4f65bc6f P |
337 | ALG("AES-256-OFB", aes256ofb_functions), |
338 | ALG("AES-192-OFB", aes192ofb_functions), | |
339 | ALG("AES-128-OFB", aes128ofb_functions), | |
0839afa7 P |
340 | ALG("AES-256-CFB", aes256cfb_functions), |
341 | ALG("AES-192-CFB", aes192cfb_functions), | |
342 | ALG("AES-128-CFB", aes128cfb_functions), | |
343 | ALG("AES-256-CFB1", aes256cfb1_functions), | |
344 | ALG("AES-192-CFB1", aes192cfb1_functions), | |
345 | ALG("AES-128-CFB1", aes128cfb1_functions), | |
346 | ALG("AES-256-CFB8", aes256cfb8_functions), | |
347 | ALG("AES-192-CFB8", aes192cfb8_functions), | |
348 | ALG("AES-128-CFB8", aes128cfb8_functions), | |
0d2bfe52 SL |
349 | ALG("AES-256-CTR", aes256ctr_functions), |
350 | ALG("AES-192-CTR", aes192ctr_functions), | |
351 | ALG("AES-128-CTR", aes128ctr_functions), | |
352 | ALG("AES-256-XTS", aes256xts_functions), | |
353 | ALG("AES-128-XTS", aes128xts_functions), | |
354 | ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions), | |
355 | ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions), | |
356 | ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions), | |
357 | ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions), | |
358 | ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions), | |
359 | ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions), | |
360 | ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions), | |
361 | ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions), | |
362 | ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions), | |
363 | ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", | |
364 | aes256wrappad_functions), | |
365 | ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", | |
366 | aes192wrappad_functions), | |
367 | ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", | |
368 | aes128wrappad_functions), | |
369 | ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions, | |
370 | cipher_capable_aes_cbc_hmac_sha1), | |
371 | ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions, | |
372 | cipher_capable_aes_cbc_hmac_sha1), | |
373 | ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions, | |
374 | cipher_capable_aes_cbc_hmac_sha256), | |
375 | ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions, | |
376 | cipher_capable_aes_cbc_hmac_sha256), | |
cb1548bc | 377 | #ifndef OPENSSL_NO_DES |
0d2bfe52 SL |
378 | ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions), |
379 | ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions), | |
cb1548bc | 380 | #endif /* OPENSSL_NO_DES */ |
0d2bfe52 | 381 | { { NULL, NULL, NULL }, NULL } |
66ad63e8 | 382 | }; |
0d2bfe52 | 383 | static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |
66ad63e8 | 384 | |
2e5db6ad | 385 | static const OSSL_ALGORITHM fips_macs[] = { |
b1c21b27 | 386 | #ifndef OPENSSL_NO_CMAC |
dcb71e1c | 387 | { "CMAC", FIPS_DEFAULT_PROPERTIES, cmac_functions }, |
b1c21b27 | 388 | #endif |
dcb71e1c SL |
389 | { "GMAC", FIPS_DEFAULT_PROPERTIES, gmac_functions }, |
390 | { "HMAC", FIPS_DEFAULT_PROPERTIES, hmac_functions }, | |
391 | { "KMAC-128:KMAC128", FIPS_DEFAULT_PROPERTIES, kmac128_functions }, | |
392 | { "KMAC-256:KMAC256", FIPS_DEFAULT_PROPERTIES, kmac256_functions }, | |
2e5db6ad RL |
393 | { NULL, NULL, NULL } |
394 | }; | |
395 | ||
e3405a4a | 396 | static const OSSL_ALGORITHM fips_kdfs[] = { |
dcb71e1c SL |
397 | { "HKDF", FIPS_DEFAULT_PROPERTIES, kdf_hkdf_functions }, |
398 | { "SSKDF", FIPS_DEFAULT_PROPERTIES, kdf_sskdf_functions }, | |
399 | { "PBKDF2", FIPS_DEFAULT_PROPERTIES, kdf_pbkdf2_functions }, | |
400 | { "SSHKDF", FIPS_DEFAULT_PROPERTIES, kdf_sshkdf_functions }, | |
401 | { "X963KDF", FIPS_DEFAULT_PROPERTIES, kdf_x963_kdf_functions }, | |
402 | { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, kdf_tls1_prf_functions }, | |
403 | { "KBKDF", FIPS_DEFAULT_PROPERTIES, kdf_kbkdf_functions }, | |
df553b79 | 404 | { NULL, NULL, NULL } |
e3405a4a P |
405 | }; |
406 | ||
bcc4ae67 | 407 | static const OSSL_ALGORITHM fips_rands[] = { |
dcb71e1c SL |
408 | { "CTR-DRBG", FIPS_DEFAULT_PROPERTIES, drbg_ctr_functions }, |
409 | { "HASH-DRBG", FIPS_DEFAULT_PROPERTIES, drbg_hash_functions }, | |
410 | { "HMAC-DRBG", FIPS_DEFAULT_PROPERTIES, drbg_hmac_functions }, | |
411 | { "TEST-RAND", FIPS_UNAPPROVED_PROPERTIES, test_rng_functions }, | |
bcc4ae67 P |
412 | { NULL, NULL, NULL } |
413 | }; | |
414 | ||
62f49b90 SL |
415 | static const OSSL_ALGORITHM fips_keyexch[] = { |
416 | #ifndef OPENSSL_NO_DH | |
dcb71e1c | 417 | { "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, dh_keyexch_functions }, |
1c725f46 SL |
418 | #endif |
419 | #ifndef OPENSSL_NO_EC | |
dcb71e1c SL |
420 | { "ECDH", FIPS_DEFAULT_PROPERTIES, ecdh_keyexch_functions }, |
421 | { "X25519", FIPS_DEFAULT_PROPERTIES, x25519_keyexch_functions }, | |
422 | { "X448", FIPS_DEFAULT_PROPERTIES, x448_keyexch_functions }, | |
62f49b90 | 423 | #endif |
cd0a4998 MC |
424 | { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, kdf_tls1_prf_keyexch_functions }, |
425 | { "HKDF", FIPS_DEFAULT_PROPERTIES, kdf_hkdf_keyexch_functions }, | |
62f49b90 SL |
426 | { NULL, NULL, NULL } |
427 | }; | |
428 | ||
e683582b SL |
429 | static const OSSL_ALGORITHM fips_signature[] = { |
430 | #ifndef OPENSSL_NO_DSA | |
dcb71e1c | 431 | { "DSA:dsaEncryption", FIPS_DEFAULT_PROPERTIES, dsa_signature_functions }, |
e683582b | 432 | #endif |
dcb71e1c | 433 | { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, rsa_signature_functions }, |
edd3b7a3 | 434 | #ifndef OPENSSL_NO_EC |
dcb71e1c SL |
435 | { "ED25519", FIPS_DEFAULT_PROPERTIES, ed25519_signature_functions }, |
436 | { "ED448", FIPS_DEFAULT_PROPERTIES, ed448_signature_functions }, | |
437 | { "ECDSA", FIPS_DEFAULT_PROPERTIES, ecdsa_signature_functions }, | |
edd3b7a3 | 438 | #endif |
b571e662 | 439 | { "HMAC", FIPS_DEFAULT_PROPERTIES, mac_hmac_signature_functions }, |
e683582b SL |
440 | { NULL, NULL, NULL } |
441 | }; | |
442 | ||
afb638f1 | 443 | static const OSSL_ALGORITHM fips_asym_cipher[] = { |
dcb71e1c | 444 | { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, rsa_asym_cipher_functions }, |
afb638f1 MC |
445 | { NULL, NULL, NULL } |
446 | }; | |
447 | ||
e683582b | 448 | static const OSSL_ALGORITHM fips_keymgmt[] = { |
62f49b90 | 449 | #ifndef OPENSSL_NO_DH |
dcb71e1c | 450 | { "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, dh_keymgmt_functions }, |
627c2203 | 451 | { "DHX:X9.42 DH:dhpublicnumber", FIPS_DEFAULT_PROPERTIES, dhx_keymgmt_functions }, |
62f49b90 | 452 | #endif |
e683582b | 453 | #ifndef OPENSSL_NO_DSA |
dcb71e1c | 454 | { "DSA", FIPS_DEFAULT_PROPERTIES, dsa_keymgmt_functions }, |
e683582b | 455 | #endif |
dcb71e1c SL |
456 | { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, rsa_keymgmt_functions }, |
457 | { "RSA-PSS:RSASSA-PSS", FIPS_DEFAULT_PROPERTIES, | |
b1c21b27 | 458 | rsapss_keymgmt_functions }, |
1c725f46 | 459 | #ifndef OPENSSL_NO_EC |
dcb71e1c SL |
460 | { "EC:id-ecPublicKey", FIPS_DEFAULT_PROPERTIES, ec_keymgmt_functions }, |
461 | { "X25519", FIPS_DEFAULT_PROPERTIES, x25519_keymgmt_functions }, | |
462 | { "X448", FIPS_DEFAULT_PROPERTIES, x448_keymgmt_functions }, | |
463 | { "ED25519", FIPS_DEFAULT_PROPERTIES, ed25519_keymgmt_functions }, | |
464 | { "ED448", FIPS_DEFAULT_PROPERTIES, ed448_keymgmt_functions }, | |
1c725f46 | 465 | #endif |
cd0a4998 MC |
466 | { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, kdf_keymgmt_functions }, |
467 | { "HKDF", FIPS_DEFAULT_PROPERTIES, kdf_keymgmt_functions }, | |
b571e662 | 468 | { "HMAC", FIPS_DEFAULT_PROPERTIES, mac_keymgmt_functions }, |
e683582b SL |
469 | { NULL, NULL, NULL } |
470 | }; | |
0d2bfe52 | 471 | |
fdaad3f1 RL |
472 | static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, |
473 | int *no_cache) | |
9efa0ae0 MC |
474 | { |
475 | *no_cache = 0; | |
04cb5ec0 SL |
476 | |
477 | if (!FIPS_is_running()) | |
478 | return NULL; | |
479 | ||
9efa0ae0 MC |
480 | switch (operation_id) { |
481 | case OSSL_OP_DIGEST: | |
482 | return fips_digests; | |
66ad63e8 | 483 | case OSSL_OP_CIPHER: |
0d2bfe52 SL |
484 | ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); |
485 | return exported_fips_ciphers; | |
2e5db6ad RL |
486 | case OSSL_OP_MAC: |
487 | return fips_macs; | |
e3405a4a P |
488 | case OSSL_OP_KDF: |
489 | return fips_kdfs; | |
bcc4ae67 P |
490 | case OSSL_OP_RAND: |
491 | return fips_rands; | |
e683582b SL |
492 | case OSSL_OP_KEYMGMT: |
493 | return fips_keymgmt; | |
62f49b90 SL |
494 | case OSSL_OP_KEYEXCH: |
495 | return fips_keyexch; | |
e683582b SL |
496 | case OSSL_OP_SIGNATURE: |
497 | return fips_signature; | |
afb638f1 MC |
498 | case OSSL_OP_ASYM_CIPHER: |
499 | return fips_asym_cipher; | |
9efa0ae0 MC |
500 | } |
501 | return NULL; | |
502 | } | |
503 | ||
fdaad3f1 RL |
504 | static void fips_teardown(void *provctx) |
505 | { | |
506 | OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx)); | |
78906fff RL |
507 | PROV_CTX_free(provctx); |
508 | } | |
509 | ||
510 | static void fips_intern_teardown(void *provctx) | |
511 | { | |
512 | /* | |
513 | * We know that the library context is the same as for the outer provider, | |
514 | * so no need to destroy it here. | |
515 | */ | |
516 | PROV_CTX_free(provctx); | |
fdaad3f1 RL |
517 | } |
518 | ||
9efa0ae0 MC |
519 | /* Functions we provide to the core */ |
520 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
fdaad3f1 | 521 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown }, |
dca97d00 | 522 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
523 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
524 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
04cb5ec0 SL |
525 | { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, |
526 | (void (*)(void))provider_get_capabilities }, | |
527 | { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, | |
9efa0ae0 MC |
528 | { 0, NULL } |
529 | }; | |
530 | ||
319e518a MC |
531 | /* Functions we provide to ourself */ |
532 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
78906fff | 533 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, |
319e518a MC |
534 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, |
535 | { 0, NULL } | |
536 | }; | |
537 | ||
d40b42ab | 538 | int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, |
9efa0ae0 | 539 | const OSSL_DISPATCH *in, |
a39eb840 RL |
540 | const OSSL_DISPATCH **out, |
541 | void **provctx) | |
9efa0ae0 | 542 | { |
da747958 | 543 | FIPS_GLOBAL *fgbl; |
78906fff | 544 | OPENSSL_CTX *libctx = NULL; |
319e518a | 545 | |
9efa0ae0 MC |
546 | for (; in->function_id != 0; in++) { |
547 | switch (in->function_id) { | |
36fc5fc6 | 548 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: |
363b1e5d | 549 | c_get_libctx = OSSL_FUNC_core_get_library_context(in); |
36fc5fc6 | 550 | break; |
dca97d00 | 551 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
363b1e5d | 552 | c_gettable_params = OSSL_FUNC_core_gettable_params(in); |
9efa0ae0 MC |
553 | break; |
554 | case OSSL_FUNC_CORE_GET_PARAMS: | |
363b1e5d | 555 | c_get_params = OSSL_FUNC_core_get_params(in); |
9efa0ae0 | 556 | break; |
da747958 | 557 | case OSSL_FUNC_CORE_THREAD_START: |
363b1e5d | 558 | c_thread_start = OSSL_FUNC_core_thread_start(in); |
da747958 | 559 | break; |
036913b1 | 560 | case OSSL_FUNC_CORE_NEW_ERROR: |
363b1e5d | 561 | c_new_error = OSSL_FUNC_core_new_error(in); |
3593266d | 562 | break; |
036913b1 | 563 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
363b1e5d | 564 | c_set_error_debug = OSSL_FUNC_core_set_error_debug(in); |
036913b1 RL |
565 | break; |
566 | case OSSL_FUNC_CORE_VSET_ERROR: | |
363b1e5d | 567 | c_vset_error = OSSL_FUNC_core_vset_error(in); |
3593266d | 568 | break; |
7b131de2 | 569 | case OSSL_FUNC_CORE_SET_ERROR_MARK: |
363b1e5d | 570 | c_set_error_mark = OSSL_FUNC_core_set_error_mark(in); |
7b131de2 RL |
571 | break; |
572 | case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: | |
363b1e5d | 573 | c_clear_last_error_mark = OSSL_FUNC_core_clear_last_error_mark(in); |
7b131de2 RL |
574 | break; |
575 | case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: | |
363b1e5d | 576 | c_pop_error_to_mark = OSSL_FUNC_core_pop_error_to_mark(in); |
7b131de2 | 577 | break; |
b60cba3c | 578 | case OSSL_FUNC_CRYPTO_MALLOC: |
363b1e5d | 579 | c_CRYPTO_malloc = OSSL_FUNC_CRYPTO_malloc(in); |
b60cba3c RS |
580 | break; |
581 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
363b1e5d | 582 | c_CRYPTO_zalloc = OSSL_FUNC_CRYPTO_zalloc(in); |
b60cba3c | 583 | break; |
b60cba3c | 584 | case OSSL_FUNC_CRYPTO_FREE: |
363b1e5d | 585 | c_CRYPTO_free = OSSL_FUNC_CRYPTO_free(in); |
b60cba3c RS |
586 | break; |
587 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
363b1e5d | 588 | c_CRYPTO_clear_free = OSSL_FUNC_CRYPTO_clear_free(in); |
b60cba3c RS |
589 | break; |
590 | case OSSL_FUNC_CRYPTO_REALLOC: | |
363b1e5d | 591 | c_CRYPTO_realloc = OSSL_FUNC_CRYPTO_realloc(in); |
b60cba3c RS |
592 | break; |
593 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
363b1e5d | 594 | c_CRYPTO_clear_realloc = OSSL_FUNC_CRYPTO_clear_realloc(in); |
b60cba3c RS |
595 | break; |
596 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
363b1e5d | 597 | c_CRYPTO_secure_malloc = OSSL_FUNC_CRYPTO_secure_malloc(in); |
b60cba3c RS |
598 | break; |
599 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
363b1e5d | 600 | c_CRYPTO_secure_zalloc = OSSL_FUNC_CRYPTO_secure_zalloc(in); |
b60cba3c RS |
601 | break; |
602 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
363b1e5d | 603 | c_CRYPTO_secure_free = OSSL_FUNC_CRYPTO_secure_free(in); |
b60cba3c RS |
604 | break; |
605 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
363b1e5d | 606 | c_CRYPTO_secure_clear_free = OSSL_FUNC_CRYPTO_secure_clear_free(in); |
b60cba3c RS |
607 | break; |
608 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
363b1e5d | 609 | c_CRYPTO_secure_allocated = OSSL_FUNC_CRYPTO_secure_allocated(in); |
b60cba3c | 610 | break; |
25e60144 | 611 | case OSSL_FUNC_BIO_NEW_FILE: |
363b1e5d | 612 | selftest_params.bio_new_file_cb = OSSL_FUNC_BIO_new_file(in); |
25e60144 SL |
613 | break; |
614 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
363b1e5d | 615 | selftest_params.bio_new_buffer_cb = OSSL_FUNC_BIO_new_membuf(in); |
25e60144 | 616 | break; |
7bb82f92 | 617 | case OSSL_FUNC_BIO_READ_EX: |
363b1e5d | 618 | selftest_params.bio_read_ex_cb = OSSL_FUNC_BIO_read_ex(in); |
25e60144 SL |
619 | break; |
620 | case OSSL_FUNC_BIO_FREE: | |
363b1e5d | 621 | selftest_params.bio_free_cb = OSSL_FUNC_BIO_free(in); |
25e60144 | 622 | break; |
d16d0b71 | 623 | case OSSL_FUNC_BIO_VSNPRINTF: |
363b1e5d | 624 | c_BIO_vsnprintf = OSSL_FUNC_BIO_vsnprintf(in); |
d16d0b71 | 625 | break; |
36fc5fc6 | 626 | case OSSL_FUNC_SELF_TEST_CB: { |
04cb5ec0 | 627 | c_stcbfn = OSSL_FUNC_self_test_cb(in); |
36fc5fc6 SL |
628 | break; |
629 | } | |
9efa0ae0 | 630 | default: |
b60cba3c | 631 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
632 | break; |
633 | } | |
634 | } | |
635 | ||
04cb5ec0 | 636 | set_self_test_cb(handle); |
36fc5fc6 | 637 | |
9f7bdcf3 SL |
638 | if (!c_get_params(handle, core_params)) { |
639 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
25e60144 | 640 | return 0; |
9f7bdcf3 | 641 | } |
25e60144 | 642 | |
b60cba3c | 643 | /* Create a context. */ |
78906fff RL |
644 | if ((*provctx = PROV_CTX_new()) == NULL |
645 | || (libctx = OPENSSL_CTX_new()) == NULL) { | |
646 | /* | |
647 | * We free libctx separately here and only here because it hasn't | |
648 | * been attached to *provctx. All other error paths below rely | |
649 | * solely on fips_teardown. | |
650 | */ | |
651 | OPENSSL_CTX_free(libctx); | |
652 | goto err; | |
653 | } | |
654 | PROV_CTX_set0_library_context(*provctx, libctx); | |
d40b42ab | 655 | PROV_CTX_set0_handle(*provctx, handle); |
fdaad3f1 RL |
656 | |
657 | if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX, | |
658 | &fips_prov_ossl_ctx_method)) == NULL) | |
659 | goto err; | |
7bb82f92 | 660 | |
d40b42ab | 661 | fgbl->handle = handle; |
7bb82f92 | 662 | |
fdaad3f1 | 663 | selftest_params.libctx = libctx; |
9f7bdcf3 SL |
664 | if (!SELF_TEST_post(&selftest_params, 0)) { |
665 | ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE); | |
fdaad3f1 | 666 | goto err; |
9f7bdcf3 | 667 | } |
7bb82f92 | 668 | |
dcb71e1c | 669 | /* TODO(3.0): Tests will hang if this is removed */ |
7d615e21 | 670 | (void)RAND_get0_public(libctx); |
319e518a | 671 | |
e683582b | 672 | *out = fips_dispatch_table; |
9efa0ae0 | 673 | return 1; |
fdaad3f1 RL |
674 | err: |
675 | fips_teardown(*provctx); | |
676 | *provctx = NULL; | |
677 | return 0; | |
9efa0ae0 | 678 | } |
3593266d | 679 | |
319e518a MC |
680 | /* |
681 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 682 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
683 | * been made from within the FIPS module itself. To make this work, we populate |
684 | * the provider context of this inner instance with the same library context | |
685 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 686 | */ |
3593266d | 687 | OSSL_provider_init_fn fips_intern_provider_init; |
d40b42ab | 688 | int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, |
3593266d | 689 | const OSSL_DISPATCH *in, |
319e518a MC |
690 | const OSSL_DISPATCH **out, |
691 | void **provctx) | |
3593266d | 692 | { |
04cb5ec0 | 693 | OSSL_FUNC_core_get_library_context_fn *c_internal_get_libctx = NULL; |
bb751e11 RL |
694 | |
695 | for (; in->function_id != 0; in++) { | |
696 | switch (in->function_id) { | |
697 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
04cb5ec0 | 698 | c_internal_get_libctx = OSSL_FUNC_core_get_library_context(in); |
bb751e11 RL |
699 | break; |
700 | default: | |
701 | break; | |
702 | } | |
703 | } | |
704 | ||
04cb5ec0 | 705 | if (c_internal_get_libctx == NULL) |
bb751e11 RL |
706 | return 0; |
707 | ||
78906fff | 708 | if ((*provctx = PROV_CTX_new()) == NULL) |
bb751e11 | 709 | return 0; |
04cb5ec0 | 710 | |
d40b42ab MC |
711 | /* |
712 | * Using the parent library context only works because we are a built-in | |
713 | * internal provider. This is not something that most providers would be | |
714 | * able to do. | |
715 | */ | |
04cb5ec0 SL |
716 | PROV_CTX_set0_library_context(*provctx, |
717 | (OPENSSL_CTX *)c_internal_get_libctx(handle)); | |
d40b42ab | 718 | PROV_CTX_set0_handle(*provctx, handle); |
bb751e11 | 719 | |
319e518a | 720 | *out = intern_dispatch_table; |
3593266d MC |
721 | return 1; |
722 | } | |
723 | ||
036913b1 | 724 | void ERR_new(void) |
3593266d | 725 | { |
036913b1 RL |
726 | c_new_error(NULL); |
727 | } | |
728 | ||
729 | void ERR_set_debug(const char *file, int line, const char *func) | |
730 | { | |
731 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
732 | } |
733 | ||
036913b1 | 734 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
735 | { |
736 | va_list args; | |
8908d18c | 737 | |
036913b1 RL |
738 | va_start(args, fmt); |
739 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
740 | va_end(args); |
741 | } | |
742 | ||
036913b1 | 743 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 744 | { |
036913b1 | 745 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 746 | } |
da747958 | 747 | |
7b131de2 RL |
748 | int ERR_set_mark(void) |
749 | { | |
750 | return c_set_error_mark(NULL); | |
751 | } | |
752 | ||
753 | int ERR_clear_last_mark(void) | |
754 | { | |
755 | return c_clear_last_error_mark(NULL); | |
756 | } | |
757 | ||
758 | int ERR_pop_to_mark(void) | |
759 | { | |
760 | return c_pop_error_to_mark(NULL); | |
761 | } | |
762 | ||
fdaad3f1 RL |
763 | /* |
764 | * This must take a library context, since it's called from the depths | |
765 | * of crypto/initthread.c code, where it's (correctly) assumed that the | |
766 | * passed caller argument is an OPENSSL_CTX pointer (since the same routine | |
767 | * is also called from other parts of libcrypto, which all pass around a | |
768 | * OPENSSL_CTX pointer) | |
769 | */ | |
d40b42ab | 770 | const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *libctx) |
da747958 | 771 | { |
fdaad3f1 RL |
772 | FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx, |
773 | OPENSSL_CTX_FIPS_PROV_INDEX, | |
da747958 MC |
774 | &fips_prov_ossl_ctx_method); |
775 | ||
776 | if (fgbl == NULL) | |
777 | return NULL; | |
778 | ||
d40b42ab | 779 | return fgbl->handle; |
da747958 | 780 | } |
b60cba3c RS |
781 | |
782 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
783 | { | |
784 | return c_CRYPTO_malloc(num, file, line); | |
785 | } | |
786 | ||
787 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
788 | { | |
789 | return c_CRYPTO_zalloc(num, file, line); | |
790 | } | |
791 | ||
b60cba3c RS |
792 | void CRYPTO_free(void *ptr, const char *file, int line) |
793 | { | |
794 | c_CRYPTO_free(ptr, file, line); | |
795 | } | |
796 | ||
797 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
798 | { | |
799 | c_CRYPTO_clear_free(ptr, num, file, line); | |
800 | } | |
801 | ||
802 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
803 | { | |
804 | return c_CRYPTO_realloc(addr, num, file, line); | |
805 | } | |
806 | ||
807 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
808 | const char *file, int line) | |
809 | { | |
810 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
811 | } | |
812 | ||
813 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
814 | { | |
815 | return c_CRYPTO_secure_malloc(num, file, line); | |
816 | } | |
817 | ||
818 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
819 | { | |
820 | return c_CRYPTO_secure_zalloc(num, file, line); | |
821 | } | |
822 | ||
823 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
824 | { | |
825 | c_CRYPTO_secure_free(ptr, file, line); | |
826 | } | |
827 | ||
828 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
829 | { | |
830 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
831 | } | |
832 | ||
b60cba3c RS |
833 | int CRYPTO_secure_allocated(const void *ptr) |
834 | { | |
835 | return c_CRYPTO_secure_allocated(ptr); | |
836 | } | |
d16d0b71 SL |
837 | |
838 | int BIO_snprintf(char *buf, size_t n, const char *format, ...) | |
839 | { | |
840 | va_list args; | |
841 | int ret; | |
842 | ||
843 | va_start(args, format); | |
844 | ret = c_BIO_vsnprintf(buf, n, format, args); | |
845 | va_end(args); | |
846 | return ret; | |
847 | } |