]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/fipsprov.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add aes_wrap cipher to providers
[thirdparty/openssl.git] / providers / fips / fipsprov.c
CommitLineData
9efa0ae0
MC		 1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <stdio.h>
12#include <openssl/core.h>
13#include <openssl/core_numbers.h>
14#include <openssl/core_names.h>
15#include <openssl/params.h>
3593266d 16#include <openssl/err.h>
319e518a 17#include <openssl/evp.h>
e3405a4a 18#include <openssl/kdf.h>
45c54042 19
319e518a
MC		 20/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21#include <openssl/sha.h>
45c54042 22#include <openssl/rand_drbg.h>
04ca0027 23#include <openssl/ec.h>
25e60144 24#include <openssl/fips_names.h>
45c54042 25
3593266d 26#include "internal/cryptlib.h"
319e518a
MC		 27#include "internal/property.h"
28#include "internal/evp_int.h"
66ad63e8 29#include "internal/provider_algs.h"
bb751e11 30#include "internal/provider_ctx.h"
da747958 31#include "internal/providercommon.h"
25e60144 32#include "selftest.h"
9efa0ae0 33
b60cba3c
RS		 34extern OSSL_core_thread_start_fn *c_thread_start;
35
da747958
MC		 36/*
37 * TODO(3.0): Should these be stored in the provider side provctx? Could they
38 * ever be different from one init to the next? Unfortunately we can't do this
b60cba3c
RS		 39 * at the moment because c_put_error/c_add_error_vdata do not provide
40 * us with the OPENSSL_CTX as a parameter.
da747958 41 */
25e60144
SL		 42
43static SELF_TEST_POST_PARAMS selftest_params;
44
9efa0ae0 45/* Functions provided by the core */
dca97d00 46static OSSL_core_gettable_params_fn *c_gettable_params;
b60cba3c
RS		 47static OSSL_core_get_params_fn *c_get_params;
48OSSL_core_thread_start_fn *c_thread_start;
036913b1
RL		 49static OSSL_core_new_error_fn *c_new_error;
50static OSSL_core_set_error_debug_fn *c_set_error_debug;
51static OSSL_core_vset_error_fn *c_vset_error;
b60cba3c
RS		 52static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
53static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
b60cba3c
RS		 54static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
55static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
56static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
57static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
58static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
59static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
60static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
61static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
62static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
9efa0ae0 63
da747958
MC		 64typedef struct fips_global_st {
65 const OSSL_PROVIDER *prov;
66} FIPS_GLOBAL;
67
68static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
69{
70 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
71
72 return fgbl;
73}
74
75static void fips_prov_ossl_ctx_free(void *fgbl)
76{
77 OPENSSL_free(fgbl);
78}
79
80static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
81 fips_prov_ossl_ctx_new,
82 fips_prov_ossl_ctx_free,
83};
84
85
9efa0ae0 86/* Parameters we provide to the core */
26175013
RL		 87static const OSSL_PARAM fips_param_types[] = {
88 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
90 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
91 OSSL_PARAM_END
9efa0ae0
MC		 92};
93
25e60144
SL		 94/*
95 * Parameters to retrieve from the core provider - required for self testing.
96 * NOTE: inside core_get_params() these will be loaded from config items
97 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
98 */
99static OSSL_PARAM core_params[] =
100{
101 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
102 selftest_params.module_filename,
103 sizeof(selftest_params.module_filename)),
104 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
105 selftest_params.module_checksum_data,
106 sizeof(selftest_params.module_checksum_data)),
107 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
108 selftest_params.indicator_checksum_data,
109 sizeof(selftest_params.indicator_checksum_data)),
110 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
111 selftest_params.indicator_data,
112 sizeof(selftest_params.indicator_data)),
113 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
114 selftest_params.indicator_version,
115 sizeof(selftest_params.indicator_version)),
116 OSSL_PARAM_END
117};
118
319e518a 119/* TODO(3.0): To be removed */
bb751e11 120static int dummy_evp_call(void *provctx)
3593266d 121{
bb751e11 122 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
319e518a
MC		 123 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
124 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
2e548ac9 125 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
319e518a
MC		 126 char msg[] = "Hello World!";
127 const unsigned char exptd[] = {
128 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
129 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
130 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
131 };
132 unsigned int dgstlen = 0;
133 unsigned char dgst[SHA256_DIGEST_LENGTH];
134 int ret = 0;
444ab3ab
MC		 135 BN_CTX *bnctx = NULL;
136 BIGNUM *a = NULL, *b = NULL;
45c54042
MC		 137 unsigned char randbuf[128];
138 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
f92e0815 139#ifndef OPENSSL_NO_EC
04ca0027 140 EC_KEY *key = NULL;
f92e0815 141#endif
319e518a 142
e3405a4a 143 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
319e518a
MC		 144 goto err;
145
146 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
147 goto err;
148 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
149 goto err;
150 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
151 goto err;
152 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
153 goto err;
154
444ab3ab
MC		 155 bnctx = BN_CTX_new_ex(libctx);
156 if (bnctx == NULL)
157 goto err;
158 BN_CTX_start(bnctx);
159 a = BN_CTX_get(bnctx);
160 b = BN_CTX_get(bnctx);
161 if (b == NULL)
162 goto err;
163 BN_zero(a);
164 if (!BN_one(b)
165 || !BN_add(a, a, b)
166 || BN_cmp(a, b) != 0)
167 goto err;
4bd8b240 168
45c54042
MC		 169 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
170 goto err;
171
eba3ebd7
MC		 172 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
173 goto err;
174
f92e0815 175#ifndef OPENSSL_NO_EC
04ca0027
MC		 176 /* Do some dummy EC calls */
177 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
178 if (key == NULL)
179 goto err;
180
181 if (!EC_KEY_generate_key(key))
182 goto err;
f92e0815 183#endif
04ca0027 184
319e518a
MC		 185 ret = 1;
186 err:
444ab3ab
MC		 187 BN_CTX_end(bnctx);
188 BN_CTX_free(bnctx);
4bd8b240 189
e3405a4a 190 EVP_KDF_free(kdf);
319e518a 191 EVP_MD_CTX_free(ctx);
3fd70262 192 EVP_MD_free(sha256);
04ca0027 193
f92e0815 194#ifndef OPENSSL_NO_EC
04ca0027 195 EC_KEY_free(key);
f92e0815 196#endif
319e518a 197 return ret;
3593266d
MC		 198}
199
dca97d00 200static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
9efa0ae0
MC		 201{
202 return fips_param_types;
203}
204
4e7991b4 205static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
9efa0ae0 206{
4e7991b4 207 OSSL_PARAM *p;
9efa0ae0
MC		 208
209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
211 return 0;
212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
213 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
214 return 0;
215 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
216 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
217 return 0;
218
219 return 1;
220}
221
4cecf7a1
MC		 222/* FIPS specific version of the function of the same name in provlib.c */
223const char *ossl_prov_util_nid_to_name(int nid)
224{
225 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
226
227 switch (nid) {
228 /* Digests */
229 case NID_sha1:
230 return "SHA224";
231 case NID_sha224:
232 return "SHA224";
233 case NID_sha256:
234 return "SHA256";
235 case NID_sha384:
236 return "SHA384";
237 case NID_sha512:
238 return "SHA512";
239 case NID_sha512_224:
240 return "SHA512-224";
241 case NID_sha512_256:
242 return "SHA512-256";
243 case NID_sha3_224:
244 return "SHA3-224";
245 case NID_sha3_256:
246 return "SHA3-256";
247 case NID_sha3_384:
248 return "SHA3-384";
249 case NID_sha3_512:
250 return "SHA3-512";
251
252 /* Ciphers */
253 case NID_aes_256_ecb:
254 return "AES-256-ECB";
255 case NID_aes_192_ecb:
256 return "AES-192-ECB";
257 case NID_aes_128_ecb:
258 return "AES-128-ECB";
259 case NID_aes_256_cbc:
260 return "AES-256-CBC";
261 case NID_aes_192_cbc:
262 return "AES-192-CBC";
263 case NID_aes_128_cbc:
264 return "AES-128-CBC";
265 case NID_aes_256_ctr:
266 return "AES-256-CTR";
267 case NID_aes_192_ctr:
268 return "AES-192-CTR";
269 case NID_aes_128_ctr:
270 return "AES-128-CTR";
3a9f26f3
SL		 271 case NID_aes_256_xts:
272 return "AES-256-XTS";
273 case NID_aes_128_xts:
274 return "AES-128-XTS";
3bfe9005
SL		 275 /* TODO(3.0) Change these when we have aliases */
276 case NID_aes_256_gcm:
277 return "id-aes256-GCM";
278 case NID_aes_192_gcm:
279 return "id-aes192-GCM";
280 case NID_aes_128_gcm:
281 return "id-aes128-GCM";
282 case NID_aes_256_ccm:
283 return "id-aes256-CCM";
284 case NID_aes_192_ccm:
285 return "id-aes192-CCM";
286 case NID_aes_128_ccm:
287 return "id-aes128-CCM";
ca392b29
SL		 288 case NID_id_aes256_wrap:
289 return "id-aes256-wrap";
290 case NID_id_aes192_wrap:
291 return "id-aes192-wrap";
292 case NID_id_aes128_wrap:
293 return "id-aes128-wrap";
294 case NID_id_aes256_wrap_pad:
295 return "id-aes256-wrap-pad";
296 case NID_id_aes192_wrap_pad:
297 return "id-aes192-wrap-pad";
298 case NID_id_aes128_wrap_pad:
299 return "id-aes128-wrap-pad";
300 case NID_des_ede3_ecb:
301 return "DES-EDE3";
302 case NID_des_ede3_cbc:
303 return "DES-EDE3-CBC";
3bfe9005
SL		 304 default:
305 break;
4cecf7a1
MC		 306 }
307
308 return NULL;
309}
310
9efa0ae0 311static const OSSL_ALGORITHM fips_digests[] = {
d5e5e2ff
SL		 312 { "SHA1", "fips=yes", sha1_functions },
313 { "SHA224", "fips=yes", sha224_functions },
9efa0ae0 314 { "SHA256", "fips=yes", sha256_functions },
d5e5e2ff
SL		 315 { "SHA384", "fips=yes", sha384_functions },
316 { "SHA512", "fips=yes", sha512_functions },
317 { "SHA512-224", "fips=yes", sha512_224_functions },
318 { "SHA512-256", "fips=yes", sha512_256_functions },
319 { "SHA3-224", "fips=yes", sha3_224_functions },
320 { "SHA3-256", "fips=yes", sha3_256_functions },
321 { "SHA3-384", "fips=yes", sha3_384_functions },
322 { "SHA3-512", "fips=yes", sha3_512_functions },
e23cda00 323 /*
bb31895d 324 * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for
ca392b29 325 * KMAC128 and KMAC256.
e23cda00 326 */
bb31895d
RL		 327 { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions },
328 { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions },
d5e5e2ff 329
9efa0ae0
MC		 330 { NULL, NULL, NULL }
331};
332
66ad63e8
MC		 333static const OSSL_ALGORITHM fips_ciphers[] = {
334 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
335 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
336 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
337 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
338 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
339 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
340 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
341 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
342 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
3a9f26f3
SL		 343 { "AES-256-XTS", "fips=yes", aes256xts_functions },
344 { "AES-128-XTS", "fips=yes", aes128xts_functions },
3bfe9005 345 /* TODO(3.0) Add aliases for these ciphers */
a672a02a
SL		 346 { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
347 { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
348 { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
3bfe9005
SL		 349 { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
350 { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
351 { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
ca392b29
SL		 352 { "id-aes256-wrap", "fips=yes", aes256wrap_functions },
353 { "id-aes192-wrap", "fips=yes", aes192wrap_functions },
354 { "id-aes128-wrap", "fips=yes", aes128wrap_functions },
355 { "id-aes256-wrap-pad", "fips=yes", aes256wrappad_functions },
356 { "id-aes192-wrap-pad", "fips=yes", aes192wrappad_functions },
357 { "id-aes128-wrap-pad", "fips=yes", aes128wrappad_functions },
cb1548bc 358#ifndef OPENSSL_NO_DES
4a42e264
SL		 359 { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
360 { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
cb1548bc 361#endif /* OPENSSL_NO_DES */
66ad63e8
MC		 362 { NULL, NULL, NULL }
363};
364
2e5db6ad 365static const OSSL_ALGORITHM fips_macs[] = {
bad41b68 366#ifndef OPENSSL_NO_CMAC
2e5db6ad 367 { "CMAC", "fips=yes", cmac_functions },
bad41b68 368#endif
d33313be 369 { "GMAC", "fips=yes", gmac_functions },
5183ebdc 370 { "HMAC", "fips=yes", hmac_functions },
e23cda00
RL		 371 { "KMAC128", "fips=yes", kmac128_functions },
372 { "KMAC256", "fips=yes", kmac256_functions },
2e5db6ad
RL		 373 { NULL, NULL, NULL }
374};
375
e3405a4a 376static const OSSL_ALGORITHM fips_kdfs[] = {
69333af4
P		 377 { OSSL_KDF_NAME_HKDF, "fips=yes", kdf_hkdf_functions },
378 { OSSL_KDF_NAME_SSKDF, "fips=yes", kdf_sskdf_functions },
379 { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions },
380 { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions },
e3405a4a
P		 381 { NULL, NULL, NULL }
382};
383
9efa0ae0
MC		 384static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
385 int operation_id,
386 int *no_cache)
387{
388 *no_cache = 0;
389 switch (operation_id) {
390 case OSSL_OP_DIGEST:
391 return fips_digests;
66ad63e8
MC		 392 case OSSL_OP_CIPHER:
393 return fips_ciphers;
2e5db6ad
RL		 394 case OSSL_OP_MAC:
395 return fips_macs;
e3405a4a
P		 396 case OSSL_OP_KDF:
397 return fips_kdfs;
9efa0ae0
MC		 398 }
399 return NULL;
400}
401
402/* Functions we provide to the core */
403static const OSSL_DISPATCH fips_dispatch_table[] = {
319e518a
MC		 404 /*
405 * To release our resources we just need to free the OPENSSL_CTX so we just
406 * use OPENSSL_CTX_free directly as our teardown function
407 */
408 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
dca97d00 409 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
9efa0ae0
MC		 410 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
411 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
412 { 0, NULL }
413};
414
319e518a
MC		 415/* Functions we provide to ourself */
416static const OSSL_DISPATCH intern_dispatch_table[] = {
417 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
418 { 0, NULL }
419};
420
421
9efa0ae0
MC		 422int OSSL_provider_init(const OSSL_PROVIDER *provider,
423 const OSSL_DISPATCH *in,
a39eb840
RL		 424 const OSSL_DISPATCH **out,
425 void **provctx)
9efa0ae0 426{
da747958 427 FIPS_GLOBAL *fgbl;
03361afb 428 OPENSSL_CTX *ctx;
319e518a 429
9efa0ae0
MC		 430 for (; in->function_id != 0; in++) {
431 switch (in->function_id) {
dca97d00
RL		 432 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
433 c_gettable_params = OSSL_get_core_gettable_params(in);
9efa0ae0
MC		 434 break;
435 case OSSL_FUNC_CORE_GET_PARAMS:
436 c_get_params = OSSL_get_core_get_params(in);
437 break;
da747958
MC		 438 case OSSL_FUNC_CORE_THREAD_START:
439 c_thread_start = OSSL_get_core_thread_start(in);
440 break;
036913b1
RL		 441 case OSSL_FUNC_CORE_NEW_ERROR:
442 c_new_error = OSSL_get_core_new_error(in);
3593266d 443 break;
036913b1
RL		 444 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
445 c_set_error_debug = OSSL_get_core_set_error_debug(in);
446 break;
447 case OSSL_FUNC_CORE_VSET_ERROR:
448 c_vset_error = OSSL_get_core_vset_error(in);
3593266d 449 break;
b60cba3c
RS		 450 case OSSL_FUNC_CRYPTO_MALLOC:
451 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
452 break;
453 case OSSL_FUNC_CRYPTO_ZALLOC:
454 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
455 break;
b60cba3c
RS		 456 case OSSL_FUNC_CRYPTO_FREE:
457 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
458 break;
459 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
460 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
461 break;
462 case OSSL_FUNC_CRYPTO_REALLOC:
463 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
464 break;
465 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
466 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
467 break;
468 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
469 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
470 break;
471 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
472 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
473 break;
474 case OSSL_FUNC_CRYPTO_SECURE_FREE:
475 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
476 break;
477 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
478 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
479 break;
480 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
481 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
482 break;
25e60144
SL		 483 case OSSL_FUNC_BIO_NEW_FILE:
484 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
485 break;
486 case OSSL_FUNC_BIO_NEW_MEMBUF:
487 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
488 break;
7bb82f92
SL		 489 case OSSL_FUNC_BIO_READ_EX:
490 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
25e60144
SL		 491 break;
492 case OSSL_FUNC_BIO_FREE:
493 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
494 break;
9efa0ae0 495 default:
b60cba3c 496 /* Just ignore anything we don't understand */
9efa0ae0
MC		 497 break;
498 }
499 }
500
25e60144
SL		 501 if (!c_get_params(provider, core_params))
502 return 0;
503
b60cba3c
RS		 504 /* Create a context. */
505 if ((ctx = OPENSSL_CTX_new()) == NULL)
319e518a 506 return 0;
b60cba3c
RS		 507 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
508 &fips_prov_ossl_ctx_method)) == NULL) {
509 OPENSSL_CTX_free(ctx);
510 return 0;
511 }
7bb82f92 512
03361afb 513 fgbl->prov = provider;
7bb82f92
SL		 514
515 selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
516 if (!SELF_TEST_post(&selftest_params)) {
517 OPENSSL_CTX_free(ctx);
518 return 0;
519 }
520
bb751e11
RL		 521 *out = fips_dispatch_table;
522 *provctx = ctx;
523
319e518a
MC		 524 /*
525 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
526 * EVP calls from within the FIPS module.
527 */
bb751e11
RL		 528 if (!dummy_evp_call(*provctx)) {
529 OPENSSL_CTX_free(*provctx);
530 *provctx = NULL;
319e518a
MC		 531 return 0;
532 }
533
9efa0ae0
MC		 534 return 1;
535}
3593266d 536
319e518a
MC		 537/*
538 * The internal init function used when the FIPS module uses EVP to call
b1eb3fd7 539 * another algorithm also in the FIPS module. This is a recursive call that has
bb751e11
RL		 540 * been made from within the FIPS module itself. To make this work, we populate
541 * the provider context of this inner instance with the same library context
542 * that was used in the EVP call that initiated this recursive call.
319e518a 543 */
3593266d
MC		 544OSSL_provider_init_fn fips_intern_provider_init;
545int fips_intern_provider_init(const OSSL_PROVIDER *provider,
546 const OSSL_DISPATCH *in,
319e518a
MC		 547 const OSSL_DISPATCH **out,
548 void **provctx)
3593266d 549{
bb751e11
RL		 550 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
551
552 for (; in->function_id != 0; in++) {
553 switch (in->function_id) {
554 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
555 c_get_libctx = OSSL_get_core_get_library_context(in);
556 break;
557 default:
558 break;
559 }
560 }
561
562 if (c_get_libctx == NULL)
563 return 0;
564
565 *provctx = c_get_libctx(provider);
566
567 /*
568 * Safety measure... we should get the library context that was
569 * created up in OSSL_provider_init().
570 */
571 if (*provctx == NULL)
572 return 0;
573
319e518a 574 *out = intern_dispatch_table;
3593266d
MC		 575 return 1;
576}
577
036913b1 578void ERR_new(void)
3593266d 579{
036913b1
RL		 580 c_new_error(NULL);
581}
582
583void ERR_set_debug(const char *file, int line, const char *func)
584{
585 c_set_error_debug(NULL, file, line, func);
3593266d
MC		 586}
587
036913b1 588void ERR_set_error(int lib, int reason, const char *fmt, ...)
3593266d
MC		 589{
590 va_list args;
8908d18c 591
036913b1
RL		 592 va_start(args, fmt);
593 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d
MC		 594 va_end(args);
595}
596
036913b1 597void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
3593266d 598{
036913b1 599 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d 600}
da747958
MC		 601
602const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
603{
604 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
605 &fips_prov_ossl_ctx_method);
606
607 if (fgbl == NULL)
608 return NULL;
609
610 return fgbl->prov;
611}
b60cba3c
RS		 612
613void *CRYPTO_malloc(size_t num, const char *file, int line)
614{
615 return c_CRYPTO_malloc(num, file, line);
616}
617
618void *CRYPTO_zalloc(size_t num, const char *file, int line)
619{
620 return c_CRYPTO_zalloc(num, file, line);
621}
622
b60cba3c
RS		 623void CRYPTO_free(void *ptr, const char *file, int line)
624{
625 c_CRYPTO_free(ptr, file, line);
626}
627
628void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
629{
630 c_CRYPTO_clear_free(ptr, num, file, line);
631}
632
633void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
634{
635 return c_CRYPTO_realloc(addr, num, file, line);
636}
637
638void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
639 const char *file, int line)
640{
641 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
642}
643
644void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
645{
646 return c_CRYPTO_secure_malloc(num, file, line);
647}
648
649void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
650{
651 return c_CRYPTO_secure_zalloc(num, file, line);
652}
653
654void CRYPTO_secure_free(void *ptr, const char *file, int line)
655{
656 c_CRYPTO_secure_free(ptr, file, line);
657}
658
659void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
660{
661 c_CRYPTO_secure_clear_free(ptr, num, file, line);
662}
663
b60cba3c
RS		 664int CRYPTO_secure_allocated(const void *ptr)
665{
666 return c_CRYPTO_secure_allocated(ptr);
667}
A mirror of the official openssl repository