]>
Commit | Line | Data |
---|---|---|
9efa0ae0 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <stdio.h> | |
12 | #include <openssl/core.h> | |
13 | #include <openssl/core_numbers.h> | |
14 | #include <openssl/core_names.h> | |
15 | #include <openssl/params.h> | |
3593266d | 16 | #include <openssl/err.h> |
319e518a | 17 | #include <openssl/evp.h> |
e3405a4a | 18 | #include <openssl/kdf.h> |
45c54042 | 19 | |
319e518a MC |
20 | /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ |
21 | #include <openssl/sha.h> | |
45c54042 | 22 | #include <openssl/rand_drbg.h> |
04ca0027 | 23 | #include <openssl/ec.h> |
25e60144 | 24 | #include <openssl/fips_names.h> |
45c54042 | 25 | |
3593266d | 26 | #include "internal/cryptlib.h" |
319e518a MC |
27 | #include "internal/property.h" |
28 | #include "internal/evp_int.h" | |
66ad63e8 | 29 | #include "internal/provider_algs.h" |
bb751e11 | 30 | #include "internal/provider_ctx.h" |
da747958 | 31 | #include "internal/providercommon.h" |
25e60144 | 32 | #include "selftest.h" |
9efa0ae0 | 33 | |
b60cba3c RS |
34 | extern OSSL_core_thread_start_fn *c_thread_start; |
35 | ||
da747958 MC |
36 | /* |
37 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
38 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c RS |
39 | * at the moment because c_put_error/c_add_error_vdata do not provide |
40 | * us with the OPENSSL_CTX as a parameter. | |
da747958 | 41 | */ |
25e60144 SL |
42 | |
43 | static SELF_TEST_POST_PARAMS selftest_params; | |
44 | ||
9efa0ae0 | 45 | /* Functions provided by the core */ |
dca97d00 | 46 | static OSSL_core_gettable_params_fn *c_gettable_params; |
b60cba3c RS |
47 | static OSSL_core_get_params_fn *c_get_params; |
48 | OSSL_core_thread_start_fn *c_thread_start; | |
036913b1 RL |
49 | static OSSL_core_new_error_fn *c_new_error; |
50 | static OSSL_core_set_error_debug_fn *c_set_error_debug; | |
51 | static OSSL_core_vset_error_fn *c_vset_error; | |
b60cba3c RS |
52 | static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; |
53 | static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
b60cba3c RS |
54 | static OSSL_CRYPTO_free_fn *c_CRYPTO_free; |
55 | static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
56 | static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
57 | static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
58 | static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
59 | static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
60 | static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
61 | static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
62 | static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
9efa0ae0 | 63 | |
da747958 MC |
64 | typedef struct fips_global_st { |
65 | const OSSL_PROVIDER *prov; | |
66 | } FIPS_GLOBAL; | |
67 | ||
68 | static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) | |
69 | { | |
70 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
71 | ||
72 | return fgbl; | |
73 | } | |
74 | ||
75 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
76 | { | |
77 | OPENSSL_free(fgbl); | |
78 | } | |
79 | ||
80 | static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { | |
81 | fips_prov_ossl_ctx_new, | |
82 | fips_prov_ossl_ctx_free, | |
83 | }; | |
84 | ||
85 | ||
9efa0ae0 | 86 | /* Parameters we provide to the core */ |
26175013 RL |
87 | static const OSSL_PARAM fips_param_types[] = { |
88 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
89 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
90 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
91 | OSSL_PARAM_END | |
9efa0ae0 MC |
92 | }; |
93 | ||
25e60144 SL |
94 | /* |
95 | * Parameters to retrieve from the core provider - required for self testing. | |
96 | * NOTE: inside core_get_params() these will be loaded from config items | |
97 | * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). | |
98 | */ | |
99 | static OSSL_PARAM core_params[] = | |
100 | { | |
101 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, | |
102 | selftest_params.module_filename, | |
103 | sizeof(selftest_params.module_filename)), | |
104 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
105 | selftest_params.module_checksum_data, | |
106 | sizeof(selftest_params.module_checksum_data)), | |
107 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
108 | selftest_params.indicator_checksum_data, | |
109 | sizeof(selftest_params.indicator_checksum_data)), | |
110 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
111 | selftest_params.indicator_data, | |
112 | sizeof(selftest_params.indicator_data)), | |
113 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
114 | selftest_params.indicator_version, | |
115 | sizeof(selftest_params.indicator_version)), | |
116 | OSSL_PARAM_END | |
117 | }; | |
118 | ||
319e518a | 119 | /* TODO(3.0): To be removed */ |
bb751e11 | 120 | static int dummy_evp_call(void *provctx) |
3593266d | 121 | { |
bb751e11 | 122 | OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); |
319e518a MC |
123 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
124 | EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); | |
2e548ac9 | 125 | EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); |
319e518a MC |
126 | char msg[] = "Hello World!"; |
127 | const unsigned char exptd[] = { | |
128 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
129 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
130 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
131 | }; | |
132 | unsigned int dgstlen = 0; | |
133 | unsigned char dgst[SHA256_DIGEST_LENGTH]; | |
134 | int ret = 0; | |
444ab3ab MC |
135 | BN_CTX *bnctx = NULL; |
136 | BIGNUM *a = NULL, *b = NULL; | |
45c54042 MC |
137 | unsigned char randbuf[128]; |
138 | RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); | |
f92e0815 | 139 | #ifndef OPENSSL_NO_EC |
04ca0027 | 140 | EC_KEY *key = NULL; |
f92e0815 | 141 | #endif |
319e518a | 142 | |
e3405a4a | 143 | if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) |
319e518a MC |
144 | goto err; |
145 | ||
146 | if (!EVP_DigestInit_ex(ctx, sha256, NULL)) | |
147 | goto err; | |
148 | if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) | |
149 | goto err; | |
150 | if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) | |
151 | goto err; | |
152 | if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) | |
153 | goto err; | |
154 | ||
444ab3ab MC |
155 | bnctx = BN_CTX_new_ex(libctx); |
156 | if (bnctx == NULL) | |
157 | goto err; | |
158 | BN_CTX_start(bnctx); | |
159 | a = BN_CTX_get(bnctx); | |
160 | b = BN_CTX_get(bnctx); | |
161 | if (b == NULL) | |
162 | goto err; | |
163 | BN_zero(a); | |
164 | if (!BN_one(b) | |
165 | || !BN_add(a, a, b) | |
166 | || BN_cmp(a, b) != 0) | |
167 | goto err; | |
4bd8b240 | 168 | |
45c54042 MC |
169 | if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) |
170 | goto err; | |
171 | ||
eba3ebd7 MC |
172 | if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) |
173 | goto err; | |
174 | ||
f92e0815 | 175 | #ifndef OPENSSL_NO_EC |
04ca0027 MC |
176 | /* Do some dummy EC calls */ |
177 | key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1); | |
178 | if (key == NULL) | |
179 | goto err; | |
180 | ||
181 | if (!EC_KEY_generate_key(key)) | |
182 | goto err; | |
f92e0815 | 183 | #endif |
04ca0027 | 184 | |
319e518a MC |
185 | ret = 1; |
186 | err: | |
444ab3ab MC |
187 | BN_CTX_end(bnctx); |
188 | BN_CTX_free(bnctx); | |
4bd8b240 | 189 | |
e3405a4a | 190 | EVP_KDF_free(kdf); |
319e518a | 191 | EVP_MD_CTX_free(ctx); |
3fd70262 | 192 | EVP_MD_free(sha256); |
04ca0027 | 193 | |
f92e0815 | 194 | #ifndef OPENSSL_NO_EC |
04ca0027 | 195 | EC_KEY_free(key); |
f92e0815 | 196 | #endif |
319e518a | 197 | return ret; |
3593266d MC |
198 | } |
199 | ||
dca97d00 | 200 | static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov) |
9efa0ae0 MC |
201 | { |
202 | return fips_param_types; | |
203 | } | |
204 | ||
4e7991b4 | 205 | static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) |
9efa0ae0 | 206 | { |
4e7991b4 | 207 | OSSL_PARAM *p; |
9efa0ae0 MC |
208 | |
209 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
210 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
211 | return 0; | |
212 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
213 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
214 | return 0; | |
215 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
216 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
217 | return 0; | |
218 | ||
219 | return 1; | |
220 | } | |
221 | ||
4cecf7a1 MC |
222 | /* FIPS specific version of the function of the same name in provlib.c */ |
223 | const char *ossl_prov_util_nid_to_name(int nid) | |
224 | { | |
225 | /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ | |
226 | ||
227 | switch (nid) { | |
228 | /* Digests */ | |
229 | case NID_sha1: | |
230 | return "SHA224"; | |
231 | case NID_sha224: | |
232 | return "SHA224"; | |
233 | case NID_sha256: | |
234 | return "SHA256"; | |
235 | case NID_sha384: | |
236 | return "SHA384"; | |
237 | case NID_sha512: | |
238 | return "SHA512"; | |
239 | case NID_sha512_224: | |
240 | return "SHA512-224"; | |
241 | case NID_sha512_256: | |
242 | return "SHA512-256"; | |
243 | case NID_sha3_224: | |
244 | return "SHA3-224"; | |
245 | case NID_sha3_256: | |
246 | return "SHA3-256"; | |
247 | case NID_sha3_384: | |
248 | return "SHA3-384"; | |
249 | case NID_sha3_512: | |
250 | return "SHA3-512"; | |
251 | ||
252 | /* Ciphers */ | |
253 | case NID_aes_256_ecb: | |
254 | return "AES-256-ECB"; | |
255 | case NID_aes_192_ecb: | |
256 | return "AES-192-ECB"; | |
257 | case NID_aes_128_ecb: | |
258 | return "AES-128-ECB"; | |
259 | case NID_aes_256_cbc: | |
260 | return "AES-256-CBC"; | |
261 | case NID_aes_192_cbc: | |
262 | return "AES-192-CBC"; | |
263 | case NID_aes_128_cbc: | |
264 | return "AES-128-CBC"; | |
265 | case NID_aes_256_ctr: | |
266 | return "AES-256-CTR"; | |
267 | case NID_aes_192_ctr: | |
268 | return "AES-192-CTR"; | |
269 | case NID_aes_128_ctr: | |
270 | return "AES-128-CTR"; | |
3a9f26f3 SL |
271 | case NID_aes_256_xts: |
272 | return "AES-256-XTS"; | |
273 | case NID_aes_128_xts: | |
274 | return "AES-128-XTS"; | |
3bfe9005 SL |
275 | /* TODO(3.0) Change these when we have aliases */ |
276 | case NID_aes_256_gcm: | |
277 | return "id-aes256-GCM"; | |
278 | case NID_aes_192_gcm: | |
279 | return "id-aes192-GCM"; | |
280 | case NID_aes_128_gcm: | |
281 | return "id-aes128-GCM"; | |
282 | case NID_aes_256_ccm: | |
283 | return "id-aes256-CCM"; | |
284 | case NID_aes_192_ccm: | |
285 | return "id-aes192-CCM"; | |
286 | case NID_aes_128_ccm: | |
287 | return "id-aes128-CCM"; | |
ca392b29 SL |
288 | case NID_id_aes256_wrap: |
289 | return "id-aes256-wrap"; | |
290 | case NID_id_aes192_wrap: | |
291 | return "id-aes192-wrap"; | |
292 | case NID_id_aes128_wrap: | |
293 | return "id-aes128-wrap"; | |
294 | case NID_id_aes256_wrap_pad: | |
295 | return "id-aes256-wrap-pad"; | |
296 | case NID_id_aes192_wrap_pad: | |
297 | return "id-aes192-wrap-pad"; | |
298 | case NID_id_aes128_wrap_pad: | |
299 | return "id-aes128-wrap-pad"; | |
300 | case NID_des_ede3_ecb: | |
301 | return "DES-EDE3"; | |
302 | case NID_des_ede3_cbc: | |
303 | return "DES-EDE3-CBC"; | |
3bfe9005 SL |
304 | default: |
305 | break; | |
4cecf7a1 MC |
306 | } |
307 | ||
308 | return NULL; | |
309 | } | |
310 | ||
9efa0ae0 | 311 | static const OSSL_ALGORITHM fips_digests[] = { |
d5e5e2ff SL |
312 | { "SHA1", "fips=yes", sha1_functions }, |
313 | { "SHA224", "fips=yes", sha224_functions }, | |
9efa0ae0 | 314 | { "SHA256", "fips=yes", sha256_functions }, |
d5e5e2ff SL |
315 | { "SHA384", "fips=yes", sha384_functions }, |
316 | { "SHA512", "fips=yes", sha512_functions }, | |
317 | { "SHA512-224", "fips=yes", sha512_224_functions }, | |
318 | { "SHA512-256", "fips=yes", sha512_256_functions }, | |
319 | { "SHA3-224", "fips=yes", sha3_224_functions }, | |
320 | { "SHA3-256", "fips=yes", sha3_256_functions }, | |
321 | { "SHA3-384", "fips=yes", sha3_384_functions }, | |
322 | { "SHA3-512", "fips=yes", sha3_512_functions }, | |
e23cda00 | 323 | /* |
bb31895d | 324 | * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for |
ca392b29 | 325 | * KMAC128 and KMAC256. |
e23cda00 | 326 | */ |
bb31895d RL |
327 | { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions }, |
328 | { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions }, | |
d5e5e2ff | 329 | |
9efa0ae0 MC |
330 | { NULL, NULL, NULL } |
331 | }; | |
332 | ||
66ad63e8 MC |
333 | static const OSSL_ALGORITHM fips_ciphers[] = { |
334 | { "AES-256-ECB", "fips=yes", aes256ecb_functions }, | |
335 | { "AES-192-ECB", "fips=yes", aes192ecb_functions }, | |
336 | { "AES-128-ECB", "fips=yes", aes128ecb_functions }, | |
337 | { "AES-256-CBC", "fips=yes", aes256cbc_functions }, | |
338 | { "AES-192-CBC", "fips=yes", aes192cbc_functions }, | |
339 | { "AES-128-CBC", "fips=yes", aes128cbc_functions }, | |
340 | { "AES-256-CTR", "fips=yes", aes256ctr_functions }, | |
341 | { "AES-192-CTR", "fips=yes", aes192ctr_functions }, | |
342 | { "AES-128-CTR", "fips=yes", aes128ctr_functions }, | |
3a9f26f3 SL |
343 | { "AES-256-XTS", "fips=yes", aes256xts_functions }, |
344 | { "AES-128-XTS", "fips=yes", aes128xts_functions }, | |
3bfe9005 | 345 | /* TODO(3.0) Add aliases for these ciphers */ |
a672a02a SL |
346 | { "id-aes256-GCM", "fips=yes", aes256gcm_functions }, |
347 | { "id-aes192-GCM", "fips=yes", aes192gcm_functions }, | |
348 | { "id-aes128-GCM", "fips=yes", aes128gcm_functions }, | |
3bfe9005 SL |
349 | { "id-aes256-CCM", "fips=yes", aes256ccm_functions }, |
350 | { "id-aes192-CCM", "fips=yes", aes192ccm_functions }, | |
351 | { "id-aes128-CCM", "fips=yes", aes128ccm_functions }, | |
ca392b29 SL |
352 | { "id-aes256-wrap", "fips=yes", aes256wrap_functions }, |
353 | { "id-aes192-wrap", "fips=yes", aes192wrap_functions }, | |
354 | { "id-aes128-wrap", "fips=yes", aes128wrap_functions }, | |
355 | { "id-aes256-wrap-pad", "fips=yes", aes256wrappad_functions }, | |
356 | { "id-aes192-wrap-pad", "fips=yes", aes192wrappad_functions }, | |
357 | { "id-aes128-wrap-pad", "fips=yes", aes128wrappad_functions }, | |
cb1548bc | 358 | #ifndef OPENSSL_NO_DES |
4a42e264 SL |
359 | { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions }, |
360 | { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions }, | |
cb1548bc | 361 | #endif /* OPENSSL_NO_DES */ |
66ad63e8 MC |
362 | { NULL, NULL, NULL } |
363 | }; | |
364 | ||
2e5db6ad | 365 | static const OSSL_ALGORITHM fips_macs[] = { |
bad41b68 | 366 | #ifndef OPENSSL_NO_CMAC |
2e5db6ad | 367 | { "CMAC", "fips=yes", cmac_functions }, |
bad41b68 | 368 | #endif |
d33313be | 369 | { "GMAC", "fips=yes", gmac_functions }, |
5183ebdc | 370 | { "HMAC", "fips=yes", hmac_functions }, |
e23cda00 RL |
371 | { "KMAC128", "fips=yes", kmac128_functions }, |
372 | { "KMAC256", "fips=yes", kmac256_functions }, | |
2e5db6ad RL |
373 | { NULL, NULL, NULL } |
374 | }; | |
375 | ||
e3405a4a | 376 | static const OSSL_ALGORITHM fips_kdfs[] = { |
69333af4 P |
377 | { OSSL_KDF_NAME_HKDF, "fips=yes", kdf_hkdf_functions }, |
378 | { OSSL_KDF_NAME_SSKDF, "fips=yes", kdf_sskdf_functions }, | |
379 | { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions }, | |
380 | { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions }, | |
e3405a4a P |
381 | { NULL, NULL, NULL } |
382 | }; | |
383 | ||
9efa0ae0 MC |
384 | static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, |
385 | int operation_id, | |
386 | int *no_cache) | |
387 | { | |
388 | *no_cache = 0; | |
389 | switch (operation_id) { | |
390 | case OSSL_OP_DIGEST: | |
391 | return fips_digests; | |
66ad63e8 MC |
392 | case OSSL_OP_CIPHER: |
393 | return fips_ciphers; | |
2e5db6ad RL |
394 | case OSSL_OP_MAC: |
395 | return fips_macs; | |
e3405a4a P |
396 | case OSSL_OP_KDF: |
397 | return fips_kdfs; | |
9efa0ae0 MC |
398 | } |
399 | return NULL; | |
400 | } | |
401 | ||
402 | /* Functions we provide to the core */ | |
403 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
319e518a MC |
404 | /* |
405 | * To release our resources we just need to free the OPENSSL_CTX so we just | |
406 | * use OPENSSL_CTX_free directly as our teardown function | |
407 | */ | |
408 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, | |
dca97d00 | 409 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
410 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
411 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
412 | { 0, NULL } | |
413 | }; | |
414 | ||
319e518a MC |
415 | /* Functions we provide to ourself */ |
416 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
417 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
418 | { 0, NULL } | |
419 | }; | |
420 | ||
421 | ||
9efa0ae0 MC |
422 | int OSSL_provider_init(const OSSL_PROVIDER *provider, |
423 | const OSSL_DISPATCH *in, | |
a39eb840 RL |
424 | const OSSL_DISPATCH **out, |
425 | void **provctx) | |
9efa0ae0 | 426 | { |
da747958 | 427 | FIPS_GLOBAL *fgbl; |
03361afb | 428 | OPENSSL_CTX *ctx; |
319e518a | 429 | |
9efa0ae0 MC |
430 | for (; in->function_id != 0; in++) { |
431 | switch (in->function_id) { | |
dca97d00 RL |
432 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
433 | c_gettable_params = OSSL_get_core_gettable_params(in); | |
9efa0ae0 MC |
434 | break; |
435 | case OSSL_FUNC_CORE_GET_PARAMS: | |
436 | c_get_params = OSSL_get_core_get_params(in); | |
437 | break; | |
da747958 MC |
438 | case OSSL_FUNC_CORE_THREAD_START: |
439 | c_thread_start = OSSL_get_core_thread_start(in); | |
440 | break; | |
036913b1 RL |
441 | case OSSL_FUNC_CORE_NEW_ERROR: |
442 | c_new_error = OSSL_get_core_new_error(in); | |
3593266d | 443 | break; |
036913b1 RL |
444 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
445 | c_set_error_debug = OSSL_get_core_set_error_debug(in); | |
446 | break; | |
447 | case OSSL_FUNC_CORE_VSET_ERROR: | |
448 | c_vset_error = OSSL_get_core_vset_error(in); | |
3593266d | 449 | break; |
b60cba3c RS |
450 | case OSSL_FUNC_CRYPTO_MALLOC: |
451 | c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); | |
452 | break; | |
453 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
454 | c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); | |
455 | break; | |
b60cba3c RS |
456 | case OSSL_FUNC_CRYPTO_FREE: |
457 | c_CRYPTO_free = OSSL_get_CRYPTO_free(in); | |
458 | break; | |
459 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
460 | c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in); | |
461 | break; | |
462 | case OSSL_FUNC_CRYPTO_REALLOC: | |
463 | c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in); | |
464 | break; | |
465 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
466 | c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in); | |
467 | break; | |
468 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
469 | c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in); | |
470 | break; | |
471 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
472 | c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in); | |
473 | break; | |
474 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
475 | c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in); | |
476 | break; | |
477 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
478 | c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in); | |
479 | break; | |
480 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
481 | c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); | |
482 | break; | |
25e60144 SL |
483 | case OSSL_FUNC_BIO_NEW_FILE: |
484 | selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in); | |
485 | break; | |
486 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
487 | selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in); | |
488 | break; | |
7bb82f92 SL |
489 | case OSSL_FUNC_BIO_READ_EX: |
490 | selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in); | |
25e60144 SL |
491 | break; |
492 | case OSSL_FUNC_BIO_FREE: | |
493 | selftest_params.bio_free_cb = OSSL_get_BIO_free(in); | |
494 | break; | |
9efa0ae0 | 495 | default: |
b60cba3c | 496 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
497 | break; |
498 | } | |
499 | } | |
500 | ||
25e60144 SL |
501 | if (!c_get_params(provider, core_params)) |
502 | return 0; | |
503 | ||
b60cba3c RS |
504 | /* Create a context. */ |
505 | if ((ctx = OPENSSL_CTX_new()) == NULL) | |
319e518a | 506 | return 0; |
b60cba3c RS |
507 | if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, |
508 | &fips_prov_ossl_ctx_method)) == NULL) { | |
509 | OPENSSL_CTX_free(ctx); | |
510 | return 0; | |
511 | } | |
7bb82f92 | 512 | |
03361afb | 513 | fgbl->prov = provider; |
7bb82f92 SL |
514 | |
515 | selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx); | |
516 | if (!SELF_TEST_post(&selftest_params)) { | |
517 | OPENSSL_CTX_free(ctx); | |
518 | return 0; | |
519 | } | |
520 | ||
bb751e11 RL |
521 | *out = fips_dispatch_table; |
522 | *provctx = ctx; | |
523 | ||
319e518a MC |
524 | /* |
525 | * TODO(3.0): Remove me. This is just a dummy call to demonstrate making | |
526 | * EVP calls from within the FIPS module. | |
527 | */ | |
bb751e11 RL |
528 | if (!dummy_evp_call(*provctx)) { |
529 | OPENSSL_CTX_free(*provctx); | |
530 | *provctx = NULL; | |
319e518a MC |
531 | return 0; |
532 | } | |
533 | ||
9efa0ae0 MC |
534 | return 1; |
535 | } | |
3593266d | 536 | |
319e518a MC |
537 | /* |
538 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 539 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
540 | * been made from within the FIPS module itself. To make this work, we populate |
541 | * the provider context of this inner instance with the same library context | |
542 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 543 | */ |
3593266d MC |
544 | OSSL_provider_init_fn fips_intern_provider_init; |
545 | int fips_intern_provider_init(const OSSL_PROVIDER *provider, | |
546 | const OSSL_DISPATCH *in, | |
319e518a MC |
547 | const OSSL_DISPATCH **out, |
548 | void **provctx) | |
3593266d | 549 | { |
bb751e11 RL |
550 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; |
551 | ||
552 | for (; in->function_id != 0; in++) { | |
553 | switch (in->function_id) { | |
554 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
555 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
556 | break; | |
557 | default: | |
558 | break; | |
559 | } | |
560 | } | |
561 | ||
562 | if (c_get_libctx == NULL) | |
563 | return 0; | |
564 | ||
565 | *provctx = c_get_libctx(provider); | |
566 | ||
567 | /* | |
568 | * Safety measure... we should get the library context that was | |
569 | * created up in OSSL_provider_init(). | |
570 | */ | |
571 | if (*provctx == NULL) | |
572 | return 0; | |
573 | ||
319e518a | 574 | *out = intern_dispatch_table; |
3593266d MC |
575 | return 1; |
576 | } | |
577 | ||
036913b1 | 578 | void ERR_new(void) |
3593266d | 579 | { |
036913b1 RL |
580 | c_new_error(NULL); |
581 | } | |
582 | ||
583 | void ERR_set_debug(const char *file, int line, const char *func) | |
584 | { | |
585 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
586 | } |
587 | ||
036913b1 | 588 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
589 | { |
590 | va_list args; | |
8908d18c | 591 | |
036913b1 RL |
592 | va_start(args, fmt); |
593 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
594 | va_end(args); |
595 | } | |
596 | ||
036913b1 | 597 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 598 | { |
036913b1 | 599 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 600 | } |
da747958 MC |
601 | |
602 | const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) | |
603 | { | |
604 | FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, | |
605 | &fips_prov_ossl_ctx_method); | |
606 | ||
607 | if (fgbl == NULL) | |
608 | return NULL; | |
609 | ||
610 | return fgbl->prov; | |
611 | } | |
b60cba3c RS |
612 | |
613 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
614 | { | |
615 | return c_CRYPTO_malloc(num, file, line); | |
616 | } | |
617 | ||
618 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
619 | { | |
620 | return c_CRYPTO_zalloc(num, file, line); | |
621 | } | |
622 | ||
b60cba3c RS |
623 | void CRYPTO_free(void *ptr, const char *file, int line) |
624 | { | |
625 | c_CRYPTO_free(ptr, file, line); | |
626 | } | |
627 | ||
628 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
629 | { | |
630 | c_CRYPTO_clear_free(ptr, num, file, line); | |
631 | } | |
632 | ||
633 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
634 | { | |
635 | return c_CRYPTO_realloc(addr, num, file, line); | |
636 | } | |
637 | ||
638 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
639 | const char *file, int line) | |
640 | { | |
641 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
642 | } | |
643 | ||
644 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
645 | { | |
646 | return c_CRYPTO_secure_malloc(num, file, line); | |
647 | } | |
648 | ||
649 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
650 | { | |
651 | return c_CRYPTO_secure_zalloc(num, file, line); | |
652 | } | |
653 | ||
654 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
655 | { | |
656 | c_CRYPTO_secure_free(ptr, file, line); | |
657 | } | |
658 | ||
659 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
660 | { | |
661 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
662 | } | |
663 | ||
b60cba3c RS |
664 | int CRYPTO_secure_allocated(const void *ptr) |
665 | { | |
666 | return c_CRYPTO_secure_allocated(ptr); | |
667 | } |