]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/fipsprov.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fips: add AES CFB mode ciphers to FIPS provider.
[thirdparty/openssl.git] / providers / fips / fipsprov.c
CommitLineData
9efa0ae0 1/*
33388b44 2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
9efa0ae0
MC		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <stdio.h>
12#include <openssl/core.h>
13#include <openssl/core_numbers.h>
14#include <openssl/core_names.h>
15#include <openssl/params.h>
3593266d 16#include <openssl/err.h>
319e518a 17#include <openssl/evp.h>
e3405a4a 18#include <openssl/kdf.h>
45c54042 19
319e518a
MC		 20/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21#include <openssl/sha.h>
45c54042 22#include <openssl/rand_drbg.h>
04ca0027 23#include <openssl/ec.h>
25e60144 24#include <openssl/fips_names.h>
45c54042 25
3593266d 26#include "internal/cryptlib.h"
319e518a 27#include "internal/property.h"
0d2bfe52 28#include "internal/nelem.h"
110bff61 29#include "openssl/param_build.h"
25f2138b 30#include "crypto/evp.h"
af3e7e1b 31#include "prov/implementations.h"
ddd21319
RL		 32#include "prov/provider_ctx.h"
33#include "prov/providercommon.h"
0d2bfe52 34#include "prov/provider_util.h"
36fc5fc6 35#include "self_test.h"
9efa0ae0 36
fdaad3f1
RL		 37/*
38 * Forward declarations to ensure that interface functions are correctly
39 * defined.
40 */
41static OSSL_provider_teardown_fn fips_teardown;
42static OSSL_provider_gettable_params_fn fips_gettable_params;
43static OSSL_provider_get_params_fn fips_get_params;
44static OSSL_provider_query_operation_fn fips_query;
45
745fc918 46#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
0d2bfe52
SL		 47#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
48
b60cba3c
RS		 49extern OSSL_core_thread_start_fn *c_thread_start;
50
da747958
MC		 51/*
52 * TODO(3.0): Should these be stored in the provider side provctx? Could they
53 * ever be different from one init to the next? Unfortunately we can't do this
b60cba3c
RS		 54 * at the moment because c_put_error/c_add_error_vdata do not provide
55 * us with the OPENSSL_CTX as a parameter.
da747958 56 */
25e60144
SL		 57
58static SELF_TEST_POST_PARAMS selftest_params;
59
9efa0ae0 60/* Functions provided by the core */
dca97d00 61static OSSL_core_gettable_params_fn *c_gettable_params;
b60cba3c
RS		 62static OSSL_core_get_params_fn *c_get_params;
63OSSL_core_thread_start_fn *c_thread_start;
036913b1
RL		 64static OSSL_core_new_error_fn *c_new_error;
65static OSSL_core_set_error_debug_fn *c_set_error_debug;
66static OSSL_core_vset_error_fn *c_vset_error;
7b131de2
RL		 67static OSSL_core_set_error_mark_fn *c_set_error_mark;
68static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
69static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
b60cba3c
RS		 70static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
71static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
b60cba3c
RS		 72static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
73static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
74static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
75static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
76static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
77static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
78static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
79static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
80static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
d16d0b71 81static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
9efa0ae0 82
da747958 83typedef struct fips_global_st {
d40b42ab 84 const OSSL_CORE_HANDLE *handle;
da747958
MC		 85} FIPS_GLOBAL;
86
87static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
88{
89 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
90
91 return fgbl;
92}
93
94static void fips_prov_ossl_ctx_free(void *fgbl)
95{
96 OPENSSL_free(fgbl);
97}
98
99static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
100 fips_prov_ossl_ctx_new,
101 fips_prov_ossl_ctx_free,
102};
103
104
9efa0ae0 105/* Parameters we provide to the core */
26175013
RL		 106static const OSSL_PARAM fips_param_types[] = {
107 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
108 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
109 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
110 OSSL_PARAM_END
9efa0ae0
MC		 111};
112
25e60144
SL		 113/*
114 * Parameters to retrieve from the core provider - required for self testing.
115 * NOTE: inside core_get_params() these will be loaded from config items
b8086652
SL		 116 * stored inside prov->parameters (except for
117 * OSSL_PROV_PARAM_CORE_MODULE_FILENAME).
25e60144
SL		 118 */
119static OSSL_PARAM core_params[] =
120{
b8086652 121 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_CORE_MODULE_FILENAME,
25e60144
SL		 122 selftest_params.module_filename,
123 sizeof(selftest_params.module_filename)),
124 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
125 selftest_params.module_checksum_data,
126 sizeof(selftest_params.module_checksum_data)),
127 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
128 selftest_params.indicator_checksum_data,
129 sizeof(selftest_params.indicator_checksum_data)),
130 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
131 selftest_params.indicator_data,
132 sizeof(selftest_params.indicator_data)),
133 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
134 selftest_params.indicator_version,
135 sizeof(selftest_params.indicator_version)),
136 OSSL_PARAM_END
137};
138
62f49b90 139/* TODO(3.0): To be removed */
fdaad3f1 140static int dummy_evp_call(OPENSSL_CTX *libctx)
62f49b90 141{
62f49b90
SL		 142 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
143 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
144 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
319e518a 145 unsigned char dgst[SHA256_DIGEST_LENGTH];
62f49b90 146 unsigned int dgstlen;
319e518a 147 int ret = 0;
444ab3ab
MC		 148 BN_CTX *bnctx = NULL;
149 BIGNUM *a = NULL, *b = NULL;
45c54042
MC		 150 unsigned char randbuf[128];
151 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
f92e0815 152#ifndef OPENSSL_NO_EC
04ca0027 153 EC_KEY *key = NULL;
f92e0815 154#endif
319e518a 155
62f49b90
SL		 156 static const char msg[] = "Hello World!";
157 static const unsigned char exptd[] = {
158 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
159 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
160 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
161 };
162
e3405a4a 163 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
319e518a
MC		 164 goto err;
165
166 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
167 goto err;
168 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
169 goto err;
170 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
171 goto err;
172 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
173 goto err;
174
444ab3ab
MC		 175 bnctx = BN_CTX_new_ex(libctx);
176 if (bnctx == NULL)
177 goto err;
178 BN_CTX_start(bnctx);
179 a = BN_CTX_get(bnctx);
180 b = BN_CTX_get(bnctx);
181 if (b == NULL)
182 goto err;
183 BN_zero(a);
184 if (!BN_one(b)
185 || !BN_add(a, a, b)
186 || BN_cmp(a, b) != 0)
187 goto err;
4bd8b240 188
45c54042
MC		 189 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
190 goto err;
191
eba3ebd7
MC		 192 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
193 goto err;
194
f92e0815 195#ifndef OPENSSL_NO_EC
04ca0027
MC		 196 /* Do some dummy EC calls */
197 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
198 if (key == NULL)
199 goto err;
200
201 if (!EC_KEY_generate_key(key))
202 goto err;
f92e0815 203#endif
e683582b 204
319e518a
MC		 205 ret = 1;
206 err:
444ab3ab
MC		 207 BN_CTX_end(bnctx);
208 BN_CTX_free(bnctx);
4bd8b240 209
e3405a4a 210 EVP_KDF_free(kdf);
319e518a 211 EVP_MD_CTX_free(ctx);
3fd70262 212 EVP_MD_free(sha256);
04ca0027 213
f92e0815 214#ifndef OPENSSL_NO_EC
04ca0027 215 EC_KEY_free(key);
f92e0815 216#endif
319e518a 217 return ret;
3593266d
MC		 218}
219
fdaad3f1 220static const OSSL_PARAM *fips_gettable_params(void *provctx)
9efa0ae0
MC		 221{
222 return fips_param_types;
223}
224
fdaad3f1 225static int fips_get_params(void *provctx, OSSL_PARAM params[])
9efa0ae0 226{
4e7991b4 227 OSSL_PARAM *p;
9efa0ae0
MC		 228
229 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
230 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
231 return 0;
232 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
233 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
234 return 0;
235 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
236 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
237 return 0;
238
239 return 1;
240}
241
4cecf7a1
MC		 242/* FIPS specific version of the function of the same name in provlib.c */
243const char *ossl_prov_util_nid_to_name(int nid)
244{
f844f9eb 245 /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */
4cecf7a1
MC		 246
247 switch (nid) {
248 /* Digests */
249 case NID_sha1:
df553b79 250 return "SHA1";
4cecf7a1 251 case NID_sha224:
df553b79 252 return "SHA-224";
4cecf7a1 253 case NID_sha256:
df553b79 254 return "SHA-256";
4cecf7a1 255 case NID_sha384:
df553b79 256 return "SHA-384";
4cecf7a1 257 case NID_sha512:
df553b79 258 return "SHA-512";
4cecf7a1 259 case NID_sha512_224:
df553b79 260 return "SHA-512/224";
4cecf7a1 261 case NID_sha512_256:
df553b79 262 return "SHA-512/256";
4cecf7a1
MC		 263 case NID_sha3_224:
264 return "SHA3-224";
265 case NID_sha3_256:
266 return "SHA3-256";
267 case NID_sha3_384:
268 return "SHA3-384";
269 case NID_sha3_512:
270 return "SHA3-512";
271
272 /* Ciphers */
273 case NID_aes_256_ecb:
274 return "AES-256-ECB";
275 case NID_aes_192_ecb:
276 return "AES-192-ECB";
277 case NID_aes_128_ecb:
278 return "AES-128-ECB";
279 case NID_aes_256_cbc:
280 return "AES-256-CBC";
281 case NID_aes_192_cbc:
282 return "AES-192-CBC";
283 case NID_aes_128_cbc:
284 return "AES-128-CBC";
285 case NID_aes_256_ctr:
286 return "AES-256-CTR";
287 case NID_aes_192_ctr:
288 return "AES-192-CTR";
289 case NID_aes_128_ctr:
290 return "AES-128-CTR";
3a9f26f3
SL		 291 case NID_aes_256_xts:
292 return "AES-256-XTS";
293 case NID_aes_128_xts:
294 return "AES-128-XTS";
3bfe9005 295 case NID_aes_256_gcm:
df553b79 296 return "AES-256-GCM";
3bfe9005 297 case NID_aes_192_gcm:
df553b79 298 return "AES-192-GCM";
3bfe9005 299 case NID_aes_128_gcm:
df553b79 300 return "AES-128-GCM";
3bfe9005 301 case NID_aes_256_ccm:
df553b79 302 return "AES-256-CCM";
3bfe9005 303 case NID_aes_192_ccm:
df553b79 304 return "AES-192-CCM";
3bfe9005 305 case NID_aes_128_ccm:
df553b79 306 return "AES-128-CCM";
ca392b29 307 case NID_id_aes256_wrap:
df553b79 308 return "AES-256-WRAP";
ca392b29 309 case NID_id_aes192_wrap:
df553b79 310 return "AES-192-WRAP";
ca392b29 311 case NID_id_aes128_wrap:
df553b79 312 return "AES-128-WRAP";
ca392b29 313 case NID_id_aes256_wrap_pad:
df553b79 314 return "AES-256-WRAP-PAD";
ca392b29 315 case NID_id_aes192_wrap_pad:
df553b79 316 return "AES-192-WRAP-PAD";
ca392b29 317 case NID_id_aes128_wrap_pad:
df553b79 318 return "AES-128-WRAP-PAD";
ca392b29
SL		 319 case NID_des_ede3_ecb:
320 return "DES-EDE3";
321 case NID_des_ede3_cbc:
322 return "DES-EDE3-CBC";
0d2bfe52
SL		 323 case NID_aes_256_cbc_hmac_sha256:
324 return "AES-256-CBC-HMAC-SHA256";
325 case NID_aes_128_cbc_hmac_sha256:
326 return "AES-128-CBC-HMAC-SHA256";
327 case NID_aes_256_cbc_hmac_sha1:
328 return "AES-256-CBC-HMAC-SHA1";
329 case NID_aes_128_cbc_hmac_sha1:
330 return "AES-128-CBC-HMAC-SHA1";
3bfe9005
SL		 331 default:
332 break;
4cecf7a1
MC		 333 }
334
335 return NULL;
336}
337
df553b79
RL		 338/*
339 * For the algorithm names, we use the following formula for our primary
340 * names:
341 *
342 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
343 *
344 * VERSION is only present if there are multiple versions of
345 * an alg (MD2, MD4, MD5). It may be omitted if there is only
346 * one version (if a subsequent version is released in the future,
347 * we can always change the canonical name, and add the old name
348 * as an alias).
349 *
350 * SUBNAME may be present where we are combining multiple
351 * algorithms together, e.g. MD5-SHA1.
352 *
353 * SIZE is only present if multiple versions of an algorithm exist
354 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
355 *
356 * MODE is only present where applicable.
357 *
358 * We add diverse other names where applicable, such as the names that
359 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
360 * we have used historically.
361 */
9efa0ae0 362static const OSSL_ALGORITHM fips_digests[] = {
df553b79 363 /* Our primary name:NiST name[:our older names] */
745fc918
MC		 364 { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
365 { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
366 { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
367 { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
368 { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
369 { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
df553b79 370 sha512_224_functions },
745fc918 371 { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
df553b79
RL		 372 sha512_256_functions },
373
374 /* We agree with NIST here, so one name only */
745fc918
MC		 375 { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
376 { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
377 { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
378 { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
d5e5e2ff 379
1ee1e551
P		 380 /* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */
381 { "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions },
9efa0ae0
MC		 382 { NULL, NULL, NULL }
383};
384
0d2bfe52 385static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
df553b79 386 /* Our primary name[:ASN.1 OID name][:our older names] */
0d2bfe52
SL		 387 ALG("AES-256-ECB", aes256ecb_functions),
388 ALG("AES-192-ECB", aes192ecb_functions),
389 ALG("AES-128-ECB", aes128ecb_functions),
390 ALG("AES-256-CBC", aes256cbc_functions),
391 ALG("AES-192-CBC", aes192cbc_functions),
392 ALG("AES-128-CBC", aes128cbc_functions),
0839afa7
P		 393 ALG("AES-256-CFB", aes256cfb_functions),
394 ALG("AES-192-CFB", aes192cfb_functions),
395 ALG("AES-128-CFB", aes128cfb_functions),
396 ALG("AES-256-CFB1", aes256cfb1_functions),
397 ALG("AES-192-CFB1", aes192cfb1_functions),
398 ALG("AES-128-CFB1", aes128cfb1_functions),
399 ALG("AES-256-CFB8", aes256cfb8_functions),
400 ALG("AES-192-CFB8", aes192cfb8_functions),
401 ALG("AES-128-CFB8", aes128cfb8_functions),
0d2bfe52
SL		 402 ALG("AES-256-CTR", aes256ctr_functions),
403 ALG("AES-192-CTR", aes192ctr_functions),
404 ALG("AES-128-CTR", aes128ctr_functions),
405 ALG("AES-256-XTS", aes256xts_functions),
406 ALG("AES-128-XTS", aes128xts_functions),
407 ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
408 ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
409 ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
410 ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
411 ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
412 ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
413 ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
414 ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
415 ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
416 ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
417 aes256wrappad_functions),
418 ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
419 aes192wrappad_functions),
420 ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
421 aes128wrappad_functions),
422 ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
423 cipher_capable_aes_cbc_hmac_sha1),
424 ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
425 cipher_capable_aes_cbc_hmac_sha1),
426 ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
427 cipher_capable_aes_cbc_hmac_sha256),
428 ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
429 cipher_capable_aes_cbc_hmac_sha256),
cb1548bc 430#ifndef OPENSSL_NO_DES
0d2bfe52
SL		 431 ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
432 ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
cb1548bc 433#endif /* OPENSSL_NO_DES */
0d2bfe52 434 { { NULL, NULL, NULL }, NULL }
66ad63e8 435};
0d2bfe52 436static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
66ad63e8 437
2e5db6ad 438static const OSSL_ALGORITHM fips_macs[] = {
745fc918
MC		 439 { "GMAC", "provider=fips,fips=yes", gmac_functions },
440 { "HMAC", "provider=fips,fips=yes", hmac_functions },
2e5db6ad
RL		 441 { NULL, NULL, NULL }
442};
443
e3405a4a 444static const OSSL_ALGORITHM fips_kdfs[] = {
745fc918
MC		 445 { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
446 { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
447 { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
448 { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
df553b79 449 { NULL, NULL, NULL }
e3405a4a
P		 450};
451
62f49b90
SL		 452static const OSSL_ALGORITHM fips_keyexch[] = {
453#ifndef OPENSSL_NO_DH
745fc918 454 { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
1c725f46
SL		 455#endif
456#ifndef OPENSSL_NO_EC
edd3b7a3 457 { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
1ee1e551
P		 458 { "X25519", "provider=fips,fips=no", x25519_keyexch_functions },
459 { "X448", "provider=fips,fips=no", x448_keyexch_functions },
62f49b90
SL		 460#endif
461 { NULL, NULL, NULL }
462};
463
e683582b
SL		 464static const OSSL_ALGORITHM fips_signature[] = {
465#ifndef OPENSSL_NO_DSA
745fc918 466 { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
e683582b 467#endif
d16d0b71 468 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
edd3b7a3 469#ifndef OPENSSL_NO_EC
1ee1e551
P		 470 { "ED25519", "provider=fips,fips=no", ed25519_signature_functions },
471 { "ED448", "provider=fips,fips=no", ed448_signature_functions },
edd3b7a3
SL		 472 { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
473#endif
e683582b
SL		 474 { NULL, NULL, NULL }
475};
476
afb638f1 477static const OSSL_ALGORITHM fips_asym_cipher[] = {
745fc918 478 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
afb638f1
MC		 479 { NULL, NULL, NULL }
480};
481
e683582b 482static const OSSL_ALGORITHM fips_keymgmt[] = {
62f49b90 483#ifndef OPENSSL_NO_DH
745fc918 484 { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
62f49b90 485#endif
e683582b 486#ifndef OPENSSL_NO_DSA
745fc918 487 { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
e683582b 488#endif
745fc918 489 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
8a758e96 490 { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions },
1c725f46
SL		 491#ifndef OPENSSL_NO_EC
492 { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
1ee1e551
P		 493 { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions },
494 { "X448", "provider=fips,fips=no", x448_keymgmt_functions },
495 { "ED25519", "provider=fips,fips=no", ed25519_keymgmt_functions },
496 { "ED448", "provider=fips,fips=no", ed448_keymgmt_functions },
1c725f46 497#endif
e683582b
SL		 498 { NULL, NULL, NULL }
499};
0d2bfe52 500
fdaad3f1
RL		 501static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id,
502 int *no_cache)
9efa0ae0
MC		 503{
504 *no_cache = 0;
505 switch (operation_id) {
506 case OSSL_OP_DIGEST:
507 return fips_digests;
66ad63e8 508 case OSSL_OP_CIPHER:
0d2bfe52
SL		 509 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
510 return exported_fips_ciphers;
2e5db6ad
RL		 511 case OSSL_OP_MAC:
512 return fips_macs;
e3405a4a
P		 513 case OSSL_OP_KDF:
514 return fips_kdfs;
e683582b
SL		 515 case OSSL_OP_KEYMGMT:
516 return fips_keymgmt;
62f49b90
SL		 517 case OSSL_OP_KEYEXCH:
518 return fips_keyexch;
e683582b
SL		 519 case OSSL_OP_SIGNATURE:
520 return fips_signature;
afb638f1
MC		 521 case OSSL_OP_ASYM_CIPHER:
522 return fips_asym_cipher;
9efa0ae0
MC		 523 }
524 return NULL;
525}
526
fdaad3f1
RL		 527static void fips_teardown(void *provctx)
528{
529 OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx));
78906fff
RL		 530 PROV_CTX_free(provctx);
531}
532
533static void fips_intern_teardown(void *provctx)
534{
535 /*
536 * We know that the library context is the same as for the outer provider,
537 * so no need to destroy it here.
538 */
539 PROV_CTX_free(provctx);
fdaad3f1
RL		 540}
541
9efa0ae0
MC		 542/* Functions we provide to the core */
543static const OSSL_DISPATCH fips_dispatch_table[] = {
fdaad3f1 544 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown },
dca97d00 545 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
9efa0ae0
MC		 546 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
547 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
548 { 0, NULL }
549};
550
319e518a
MC		 551/* Functions we provide to ourself */
552static const OSSL_DISPATCH intern_dispatch_table[] = {
78906fff 553 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown },
319e518a
MC		 554 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
555 { 0, NULL }
556};
557
558
d40b42ab 559int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
9efa0ae0 560 const OSSL_DISPATCH *in,
a39eb840
RL		 561 const OSSL_DISPATCH **out,
562 void **provctx)
9efa0ae0 563{
da747958 564 FIPS_GLOBAL *fgbl;
78906fff 565 OPENSSL_CTX *libctx = NULL;
36fc5fc6
SL		 566 OSSL_self_test_cb_fn *stcbfn = NULL;
567 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
319e518a 568
9efa0ae0
MC		 569 for (; in->function_id != 0; in++) {
570 switch (in->function_id) {
36fc5fc6
SL		 571 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
572 c_get_libctx = OSSL_get_core_get_library_context(in);
573 break;
dca97d00
RL		 574 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
575 c_gettable_params = OSSL_get_core_gettable_params(in);
9efa0ae0
MC		 576 break;
577 case OSSL_FUNC_CORE_GET_PARAMS:
578 c_get_params = OSSL_get_core_get_params(in);
579 break;
da747958
MC		 580 case OSSL_FUNC_CORE_THREAD_START:
581 c_thread_start = OSSL_get_core_thread_start(in);
582 break;
036913b1
RL		 583 case OSSL_FUNC_CORE_NEW_ERROR:
584 c_new_error = OSSL_get_core_new_error(in);
3593266d 585 break;
036913b1
RL		 586 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
587 c_set_error_debug = OSSL_get_core_set_error_debug(in);
588 break;
589 case OSSL_FUNC_CORE_VSET_ERROR:
590 c_vset_error = OSSL_get_core_vset_error(in);
3593266d 591 break;
7b131de2
RL		 592 case OSSL_FUNC_CORE_SET_ERROR_MARK:
593 c_set_error_mark = OSSL_get_core_set_error_mark(in);
594 break;
595 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
596 c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
597 break;
598 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
599 c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
600 break;
b60cba3c
RS		 601 case OSSL_FUNC_CRYPTO_MALLOC:
602 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
603 break;
604 case OSSL_FUNC_CRYPTO_ZALLOC:
605 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
606 break;
b60cba3c
RS		 607 case OSSL_FUNC_CRYPTO_FREE:
608 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
609 break;
610 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
611 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
612 break;
613 case OSSL_FUNC_CRYPTO_REALLOC:
614 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
615 break;
616 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
617 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
618 break;
619 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
620 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
621 break;
622 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
623 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
624 break;
625 case OSSL_FUNC_CRYPTO_SECURE_FREE:
626 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
627 break;
628 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
629 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
630 break;
631 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
632 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
633 break;
25e60144
SL		 634 case OSSL_FUNC_BIO_NEW_FILE:
635 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
636 break;
637 case OSSL_FUNC_BIO_NEW_MEMBUF:
638 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
639 break;
7bb82f92
SL		 640 case OSSL_FUNC_BIO_READ_EX:
641 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
25e60144
SL		 642 break;
643 case OSSL_FUNC_BIO_FREE:
644 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
645 break;
d16d0b71
SL		 646 case OSSL_FUNC_BIO_VSNPRINTF:
647 c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
648 break;
36fc5fc6
SL		 649 case OSSL_FUNC_SELF_TEST_CB: {
650 stcbfn = OSSL_get_self_test_cb(in);
651 break;
652 }
9efa0ae0 653 default:
b60cba3c 654 /* Just ignore anything we don't understand */
9efa0ae0
MC		 655 break;
656 }
657 }
658
36fc5fc6 659 if (stcbfn != NULL && c_get_libctx != NULL) {
d40b42ab 660 stcbfn(c_get_libctx(handle), &selftest_params.cb,
47c239c6 661 &selftest_params.cb_arg);
36fc5fc6
SL		 662 }
663 else {
47c239c6
SL		 664 selftest_params.cb = NULL;
665 selftest_params.cb_arg = NULL;
36fc5fc6
SL		 666 }
667
d40b42ab 668 if (!c_get_params(handle, core_params))
25e60144
SL		 669 return 0;
670
b60cba3c 671 /* Create a context. */
78906fff
RL		 672 if ((*provctx = PROV_CTX_new()) == NULL
673 || (libctx = OPENSSL_CTX_new()) == NULL) {
674 /*
675 * We free libctx separately here and only here because it hasn't
676 * been attached to *provctx. All other error paths below rely
677 * solely on fips_teardown.
678 */
679 OPENSSL_CTX_free(libctx);
680 goto err;
681 }
682 PROV_CTX_set0_library_context(*provctx, libctx);
d40b42ab 683 PROV_CTX_set0_handle(*provctx, handle);
fdaad3f1
RL		 684
685 if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX,
686 &fips_prov_ossl_ctx_method)) == NULL)
687 goto err;
7bb82f92 688
d40b42ab 689 fgbl->handle = handle;
7bb82f92 690
fdaad3f1
RL		 691 selftest_params.libctx = libctx;
692 if (!SELF_TEST_post(&selftest_params, 0))
693 goto err;
7bb82f92 694
319e518a
MC		 695 /*
696 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
697 * EVP calls from within the FIPS module.
698 */
fdaad3f1
RL		 699 if (!dummy_evp_call(libctx))
700 goto err;
319e518a 701
e683582b 702 *out = fips_dispatch_table;
e683582b 703
9efa0ae0 704 return 1;
fdaad3f1
RL		 705 err:
706 fips_teardown(*provctx);
707 *provctx = NULL;
708 return 0;
9efa0ae0 709}
3593266d 710
319e518a
MC		 711/*
712 * The internal init function used when the FIPS module uses EVP to call
b1eb3fd7 713 * another algorithm also in the FIPS module. This is a recursive call that has
bb751e11
RL		 714 * been made from within the FIPS module itself. To make this work, we populate
715 * the provider context of this inner instance with the same library context
716 * that was used in the EVP call that initiated this recursive call.
319e518a 717 */
3593266d 718OSSL_provider_init_fn fips_intern_provider_init;
d40b42ab 719int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle,
3593266d 720 const OSSL_DISPATCH *in,
319e518a
MC		 721 const OSSL_DISPATCH **out,
722 void **provctx)
3593266d 723{
bb751e11
RL		 724 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
725
726 for (; in->function_id != 0; in++) {
727 switch (in->function_id) {
728 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
729 c_get_libctx = OSSL_get_core_get_library_context(in);
730 break;
731 default:
732 break;
733 }
734 }
735
736 if (c_get_libctx == NULL)
737 return 0;
738
78906fff 739 if ((*provctx = PROV_CTX_new()) == NULL)
bb751e11 740 return 0;
d40b42ab
MC		 741 /*
742 * Using the parent library context only works because we are a built-in
743 * internal provider. This is not something that most providers would be
744 * able to do.
745 */
746 PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle));
747 PROV_CTX_set0_handle(*provctx, handle);
bb751e11 748
319e518a 749 *out = intern_dispatch_table;
3593266d
MC		 750 return 1;
751}
752
036913b1 753void ERR_new(void)
3593266d 754{
036913b1
RL		 755 c_new_error(NULL);
756}
757
758void ERR_set_debug(const char *file, int line, const char *func)
759{
760 c_set_error_debug(NULL, file, line, func);
3593266d
MC		 761}
762
036913b1 763void ERR_set_error(int lib, int reason, const char *fmt, ...)
3593266d
MC		 764{
765 va_list args;
8908d18c 766
036913b1
RL		 767 va_start(args, fmt);
768 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d
MC		 769 va_end(args);
770}
771
036913b1 772void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
3593266d 773{
036913b1 774 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d 775}
da747958 776
7b131de2
RL		 777int ERR_set_mark(void)
778{
779 return c_set_error_mark(NULL);
780}
781
782int ERR_clear_last_mark(void)
783{
784 return c_clear_last_error_mark(NULL);
785}
786
787int ERR_pop_to_mark(void)
788{
789 return c_pop_error_to_mark(NULL);
790}
791
fdaad3f1
RL		 792/*
793 * This must take a library context, since it's called from the depths
794 * of crypto/initthread.c code, where it's (correctly) assumed that the
795 * passed caller argument is an OPENSSL_CTX pointer (since the same routine
796 * is also called from other parts of libcrypto, which all pass around a
797 * OPENSSL_CTX pointer)
798 */
d40b42ab 799const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *libctx)
da747958 800{
fdaad3f1
RL		 801 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx,
802 OPENSSL_CTX_FIPS_PROV_INDEX,
da747958
MC		 803 &fips_prov_ossl_ctx_method);
804
805 if (fgbl == NULL)
806 return NULL;
807
d40b42ab 808 return fgbl->handle;
da747958 809}
b60cba3c
RS		 810
811void *CRYPTO_malloc(size_t num, const char *file, int line)
812{
813 return c_CRYPTO_malloc(num, file, line);
814}
815
816void *CRYPTO_zalloc(size_t num, const char *file, int line)
817{
818 return c_CRYPTO_zalloc(num, file, line);
819}
820
b60cba3c
RS		 821void CRYPTO_free(void *ptr, const char *file, int line)
822{
823 c_CRYPTO_free(ptr, file, line);
824}
825
826void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
827{
828 c_CRYPTO_clear_free(ptr, num, file, line);
829}
830
831void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
832{
833 return c_CRYPTO_realloc(addr, num, file, line);
834}
835
836void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
837 const char *file, int line)
838{
839 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
840}
841
842void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
843{
844 return c_CRYPTO_secure_malloc(num, file, line);
845}
846
847void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
848{
849 return c_CRYPTO_secure_zalloc(num, file, line);
850}
851
852void CRYPTO_secure_free(void *ptr, const char *file, int line)
853{
854 c_CRYPTO_secure_free(ptr, file, line);
855}
856
857void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
858{
859 c_CRYPTO_secure_clear_free(ptr, num, file, line);
860}
861
b60cba3c
RS		 862int CRYPTO_secure_allocated(const void *ptr)
863{
864 return c_CRYPTO_secure_allocated(ptr);
865}
d16d0b71
SL		 866
867int BIO_snprintf(char *buf, size_t n, const char *format, ...)
868{
869 va_list args;
870 int ret;
871
872 va_start(args, format);
873 ret = c_BIO_vsnprintf(buf, n, format, args);
874 va_end(args);
875 return ret;
876}
A mirror of the official openssl repository