]>
Commit | Line | Data |
---|---|---|
9efa0ae0 | 1 | /* |
33388b44 | 2 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. |
9efa0ae0 MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
23c48d94 | 10 | #include <openssl/core_dispatch.h> |
9efa0ae0 MC |
11 | #include <openssl/core_names.h> |
12 | #include <openssl/params.h> | |
dcb71e1c | 13 | #include <openssl/obj_mac.h> /* NIDs used by ossl_prov_util_nid_to_name() */ |
25e60144 | 14 | #include <openssl/fips_names.h> |
7d615e21 | 15 | #include <openssl/rand.h> /* RAND_get0_public() */ |
3593266d | 16 | #include "internal/cryptlib.h" |
af3e7e1b | 17 | #include "prov/implementations.h" |
ddd21319 RL |
18 | #include "prov/provider_ctx.h" |
19 | #include "prov/providercommon.h" | |
9f7bdcf3 | 20 | #include "prov/providercommonerr.h" |
0d2bfe52 | 21 | #include "prov/provider_util.h" |
36fc5fc6 | 22 | #include "self_test.h" |
9efa0ae0 | 23 | |
dcb71e1c SL |
24 | static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; |
25 | static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; | |
26 | ||
fdaad3f1 RL |
27 | /* |
28 | * Forward declarations to ensure that interface functions are correctly | |
29 | * defined. | |
30 | */ | |
363b1e5d DMSP |
31 | static OSSL_FUNC_provider_teardown_fn fips_teardown; |
32 | static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; | |
33 | static OSSL_FUNC_provider_get_params_fn fips_get_params; | |
34 | static OSSL_FUNC_provider_query_operation_fn fips_query; | |
fdaad3f1 | 35 | |
dcb71e1c | 36 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } |
0d2bfe52 SL |
37 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) |
38 | ||
363b1e5d | 39 | extern OSSL_FUNC_core_thread_start_fn *c_thread_start; |
991a6bb5 | 40 | int FIPS_security_check_enabled(void); |
b60cba3c | 41 | |
da747958 MC |
42 | /* |
43 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
44 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c | 45 | * at the moment because c_put_error/c_add_error_vdata do not provide |
b4250010 | 46 | * us with the OSSL_LIB_CTX as a parameter. |
da747958 | 47 | */ |
25e60144 SL |
48 | |
49 | static SELF_TEST_POST_PARAMS selftest_params; | |
991a6bb5 SL |
50 | static int fips_security_checks = 1; |
51 | static const char *fips_security_check_option = "1"; | |
25e60144 | 52 | |
9efa0ae0 | 53 | /* Functions provided by the core */ |
363b1e5d DMSP |
54 | static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; |
55 | static OSSL_FUNC_core_get_params_fn *c_get_params; | |
56 | OSSL_FUNC_core_thread_start_fn *c_thread_start; | |
57 | static OSSL_FUNC_core_new_error_fn *c_new_error; | |
58 | static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug; | |
59 | static OSSL_FUNC_core_vset_error_fn *c_vset_error; | |
60 | static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; | |
61 | static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; | |
62 | static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; | |
63 | static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; | |
64 | static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
65 | static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; | |
66 | static OSSL_FUNC_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
67 | static OSSL_FUNC_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
68 | static OSSL_FUNC_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
69 | static OSSL_FUNC_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
70 | static OSSL_FUNC_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
71 | static OSSL_FUNC_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
72 | static OSSL_FUNC_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
73 | static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
74 | static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; | |
04cb5ec0 SL |
75 | static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL; |
76 | static OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL; | |
9efa0ae0 | 77 | |
da747958 | 78 | typedef struct fips_global_st { |
d40b42ab | 79 | const OSSL_CORE_HANDLE *handle; |
da747958 MC |
80 | } FIPS_GLOBAL; |
81 | ||
b4250010 | 82 | static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) |
da747958 MC |
83 | { |
84 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
85 | ||
86 | return fgbl; | |
87 | } | |
88 | ||
89 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
90 | { | |
91 | OPENSSL_free(fgbl); | |
92 | } | |
93 | ||
b4250010 | 94 | static const OSSL_LIB_CTX_METHOD fips_prov_ossl_ctx_method = { |
da747958 MC |
95 | fips_prov_ossl_ctx_new, |
96 | fips_prov_ossl_ctx_free, | |
97 | }; | |
98 | ||
99 | ||
9efa0ae0 | 100 | /* Parameters we provide to the core */ |
26175013 RL |
101 | static const OSSL_PARAM fips_param_types[] = { |
102 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
103 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
104 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
6cf37302 | 105 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), |
991a6bb5 | 106 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0), |
26175013 | 107 | OSSL_PARAM_END |
9efa0ae0 MC |
108 | }; |
109 | ||
25e60144 SL |
110 | /* |
111 | * Parameters to retrieve from the core provider - required for self testing. | |
112 | * NOTE: inside core_get_params() these will be loaded from config items | |
b8086652 SL |
113 | * stored inside prov->parameters (except for |
114 | * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). | |
991a6bb5 | 115 | * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS is not a self test parameter. |
25e60144 SL |
116 | */ |
117 | static OSSL_PARAM core_params[] = | |
118 | { | |
b8086652 | 119 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, |
25e60144 SL |
120 | selftest_params.module_filename, |
121 | sizeof(selftest_params.module_filename)), | |
122 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
123 | selftest_params.module_checksum_data, | |
124 | sizeof(selftest_params.module_checksum_data)), | |
125 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
126 | selftest_params.indicator_checksum_data, | |
127 | sizeof(selftest_params.indicator_checksum_data)), | |
128 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
129 | selftest_params.indicator_data, | |
130 | sizeof(selftest_params.indicator_data)), | |
131 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
132 | selftest_params.indicator_version, | |
133 | sizeof(selftest_params.indicator_version)), | |
35e6ea3b SL |
134 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, |
135 | selftest_params.conditional_error_check, | |
136 | sizeof(selftest_params.conditional_error_check)), | |
991a6bb5 SL |
137 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, |
138 | fips_security_check_option, | |
139 | sizeof(fips_security_check_option)), | |
25e60144 SL |
140 | OSSL_PARAM_END |
141 | }; | |
142 | ||
fdaad3f1 | 143 | static const OSSL_PARAM *fips_gettable_params(void *provctx) |
9efa0ae0 MC |
144 | { |
145 | return fips_param_types; | |
146 | } | |
147 | ||
fdaad3f1 | 148 | static int fips_get_params(void *provctx, OSSL_PARAM params[]) |
9efa0ae0 | 149 | { |
4e7991b4 | 150 | OSSL_PARAM *p; |
9efa0ae0 MC |
151 | |
152 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
153 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
154 | return 0; | |
155 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
156 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
157 | return 0; | |
158 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
159 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
160 | return 0; | |
04cb5ec0 | 161 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); |
6cf37302 | 162 | if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) |
04cb5ec0 | 163 | return 0; |
991a6bb5 SL |
164 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_SECURITY_CHECKS); |
165 | if (p != NULL && !OSSL_PARAM_set_int(p, fips_security_checks)) | |
166 | return 0; | |
9efa0ae0 MC |
167 | return 1; |
168 | } | |
169 | ||
04cb5ec0 SL |
170 | static void set_self_test_cb(const OSSL_CORE_HANDLE *handle) |
171 | { | |
172 | if (c_stcbfn != NULL && c_get_libctx != NULL) { | |
173 | c_stcbfn(c_get_libctx(handle), &selftest_params.cb, | |
174 | &selftest_params.cb_arg); | |
175 | } else { | |
176 | selftest_params.cb = NULL; | |
177 | selftest_params.cb_arg = NULL; | |
178 | } | |
179 | } | |
180 | ||
181 | static int fips_self_test(void *provctx) | |
182 | { | |
183 | set_self_test_cb(FIPS_get_core_handle(selftest_params.libctx)); | |
184 | return SELF_TEST_post(&selftest_params, 1) ? 1 : 0; | |
185 | } | |
186 | ||
4cecf7a1 | 187 | /* FIPS specific version of the function of the same name in provlib.c */ |
dcb71e1c | 188 | /* TODO(3.0) - Is this function needed ? */ |
4cecf7a1 MC |
189 | const char *ossl_prov_util_nid_to_name(int nid) |
190 | { | |
f844f9eb | 191 | /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */ |
4cecf7a1 MC |
192 | |
193 | switch (nid) { | |
194 | /* Digests */ | |
195 | case NID_sha1: | |
df553b79 | 196 | return "SHA1"; |
4cecf7a1 | 197 | case NID_sha224: |
df553b79 | 198 | return "SHA-224"; |
4cecf7a1 | 199 | case NID_sha256: |
df553b79 | 200 | return "SHA-256"; |
4cecf7a1 | 201 | case NID_sha384: |
df553b79 | 202 | return "SHA-384"; |
4cecf7a1 | 203 | case NID_sha512: |
df553b79 | 204 | return "SHA-512"; |
4cecf7a1 | 205 | case NID_sha512_224: |
df553b79 | 206 | return "SHA-512/224"; |
4cecf7a1 | 207 | case NID_sha512_256: |
df553b79 | 208 | return "SHA-512/256"; |
4cecf7a1 MC |
209 | case NID_sha3_224: |
210 | return "SHA3-224"; | |
211 | case NID_sha3_256: | |
212 | return "SHA3-256"; | |
213 | case NID_sha3_384: | |
214 | return "SHA3-384"; | |
215 | case NID_sha3_512: | |
216 | return "SHA3-512"; | |
217 | ||
218 | /* Ciphers */ | |
219 | case NID_aes_256_ecb: | |
220 | return "AES-256-ECB"; | |
221 | case NID_aes_192_ecb: | |
222 | return "AES-192-ECB"; | |
223 | case NID_aes_128_ecb: | |
224 | return "AES-128-ECB"; | |
225 | case NID_aes_256_cbc: | |
226 | return "AES-256-CBC"; | |
227 | case NID_aes_192_cbc: | |
228 | return "AES-192-CBC"; | |
229 | case NID_aes_128_cbc: | |
230 | return "AES-128-CBC"; | |
231 | case NID_aes_256_ctr: | |
232 | return "AES-256-CTR"; | |
233 | case NID_aes_192_ctr: | |
234 | return "AES-192-CTR"; | |
235 | case NID_aes_128_ctr: | |
236 | return "AES-128-CTR"; | |
3a9f26f3 SL |
237 | case NID_aes_256_xts: |
238 | return "AES-256-XTS"; | |
239 | case NID_aes_128_xts: | |
240 | return "AES-128-XTS"; | |
3bfe9005 | 241 | case NID_aes_256_gcm: |
df553b79 | 242 | return "AES-256-GCM"; |
3bfe9005 | 243 | case NID_aes_192_gcm: |
df553b79 | 244 | return "AES-192-GCM"; |
3bfe9005 | 245 | case NID_aes_128_gcm: |
df553b79 | 246 | return "AES-128-GCM"; |
3bfe9005 | 247 | case NID_aes_256_ccm: |
df553b79 | 248 | return "AES-256-CCM"; |
3bfe9005 | 249 | case NID_aes_192_ccm: |
df553b79 | 250 | return "AES-192-CCM"; |
3bfe9005 | 251 | case NID_aes_128_ccm: |
df553b79 | 252 | return "AES-128-CCM"; |
ca392b29 | 253 | case NID_id_aes256_wrap: |
df553b79 | 254 | return "AES-256-WRAP"; |
ca392b29 | 255 | case NID_id_aes192_wrap: |
df553b79 | 256 | return "AES-192-WRAP"; |
ca392b29 | 257 | case NID_id_aes128_wrap: |
df553b79 | 258 | return "AES-128-WRAP"; |
ca392b29 | 259 | case NID_id_aes256_wrap_pad: |
df553b79 | 260 | return "AES-256-WRAP-PAD"; |
ca392b29 | 261 | case NID_id_aes192_wrap_pad: |
df553b79 | 262 | return "AES-192-WRAP-PAD"; |
ca392b29 | 263 | case NID_id_aes128_wrap_pad: |
df553b79 | 264 | return "AES-128-WRAP-PAD"; |
ca392b29 SL |
265 | case NID_des_ede3_ecb: |
266 | return "DES-EDE3"; | |
267 | case NID_des_ede3_cbc: | |
268 | return "DES-EDE3-CBC"; | |
0d2bfe52 SL |
269 | case NID_aes_256_cbc_hmac_sha256: |
270 | return "AES-256-CBC-HMAC-SHA256"; | |
271 | case NID_aes_128_cbc_hmac_sha256: | |
272 | return "AES-128-CBC-HMAC-SHA256"; | |
273 | case NID_aes_256_cbc_hmac_sha1: | |
274 | return "AES-256-CBC-HMAC-SHA1"; | |
275 | case NID_aes_128_cbc_hmac_sha1: | |
276 | return "AES-128-CBC-HMAC-SHA1"; | |
3bfe9005 SL |
277 | default: |
278 | break; | |
4cecf7a1 MC |
279 | } |
280 | ||
281 | return NULL; | |
282 | } | |
283 | ||
df553b79 RL |
284 | /* |
285 | * For the algorithm names, we use the following formula for our primary | |
286 | * names: | |
287 | * | |
288 | * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] | |
289 | * | |
290 | * VERSION is only present if there are multiple versions of | |
291 | * an alg (MD2, MD4, MD5). It may be omitted if there is only | |
292 | * one version (if a subsequent version is released in the future, | |
293 | * we can always change the canonical name, and add the old name | |
294 | * as an alias). | |
295 | * | |
296 | * SUBNAME may be present where we are combining multiple | |
297 | * algorithms together, e.g. MD5-SHA1. | |
298 | * | |
299 | * SIZE is only present if multiple versions of an algorithm exist | |
300 | * with different sizes (e.g. AES-128-CBC, AES-256-CBC) | |
301 | * | |
302 | * MODE is only present where applicable. | |
303 | * | |
304 | * We add diverse other names where applicable, such as the names that | |
305 | * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names | |
306 | * we have used historically. | |
307 | */ | |
9efa0ae0 | 308 | static const OSSL_ALGORITHM fips_digests[] = { |
df553b79 | 309 | /* Our primary name:NiST name[:our older names] */ |
1be63951 P |
310 | { "SHA1:SHA-1:SSL3-SHA1", FIPS_DEFAULT_PROPERTIES, ossl_sha1_functions }, |
311 | { "SHA2-224:SHA-224:SHA224", FIPS_DEFAULT_PROPERTIES, | |
312 | ossl_sha224_functions }, | |
313 | { "SHA2-256:SHA-256:SHA256", FIPS_DEFAULT_PROPERTIES, | |
314 | ossl_sha256_functions }, | |
315 | { "SHA2-384:SHA-384:SHA384", FIPS_DEFAULT_PROPERTIES, | |
316 | ossl_sha384_functions }, | |
317 | { "SHA2-512:SHA-512:SHA512", FIPS_DEFAULT_PROPERTIES, | |
318 | ossl_sha512_functions }, | |
dcb71e1c | 319 | { "SHA2-512/224:SHA-512/224:SHA512-224", FIPS_DEFAULT_PROPERTIES, |
1be63951 | 320 | ossl_sha512_224_functions }, |
dcb71e1c | 321 | { "SHA2-512/256:SHA-512/256:SHA512-256", FIPS_DEFAULT_PROPERTIES, |
1be63951 | 322 | ossl_sha512_256_functions }, |
df553b79 RL |
323 | |
324 | /* We agree with NIST here, so one name only */ | |
1be63951 P |
325 | { "SHA3-224", FIPS_DEFAULT_PROPERTIES, ossl_sha3_224_functions }, |
326 | { "SHA3-256", FIPS_DEFAULT_PROPERTIES, ossl_sha3_256_functions }, | |
327 | { "SHA3-384", FIPS_DEFAULT_PROPERTIES, ossl_sha3_384_functions }, | |
328 | { "SHA3-512", FIPS_DEFAULT_PROPERTIES, ossl_sha3_512_functions }, | |
d5e5e2ff | 329 | |
1be63951 P |
330 | { "SHAKE-128:SHAKE128", FIPS_DEFAULT_PROPERTIES, ossl_shake_128_functions }, |
331 | { "SHAKE-256:SHAKE256", FIPS_DEFAULT_PROPERTIES, ossl_shake_256_functions }, | |
b1c21b27 P |
332 | |
333 | /* | |
334 | * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for | |
335 | * KMAC128 and KMAC256. | |
336 | */ | |
dcb71e1c | 337 | { "KECCAK-KMAC-128:KECCAK-KMAC128", FIPS_DEFAULT_PROPERTIES, |
1be63951 | 338 | ossl_keccak_kmac_128_functions }, |
dcb71e1c | 339 | { "KECCAK-KMAC-256:KECCAK-KMAC256", FIPS_DEFAULT_PROPERTIES, |
1be63951 | 340 | ossl_keccak_kmac_256_functions }, |
9efa0ae0 MC |
341 | { NULL, NULL, NULL } |
342 | }; | |
343 | ||
0d2bfe52 | 344 | static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { |
df553b79 | 345 | /* Our primary name[:ASN.1 OID name][:our older names] */ |
1be63951 P |
346 | ALG("AES-256-ECB", ossl_aes256ecb_functions), |
347 | ALG("AES-192-ECB", ossl_aes192ecb_functions), | |
348 | ALG("AES-128-ECB", ossl_aes128ecb_functions), | |
349 | ALG("AES-256-CBC:AES256", ossl_aes256cbc_functions), | |
350 | ALG("AES-192-CBC:AES192", ossl_aes192cbc_functions), | |
351 | ALG("AES-128-CBC:AES128", ossl_aes128cbc_functions), | |
352 | ALG("AES-256-CBC-CTS", ossl_aes256cbc_cts_functions), | |
353 | ALG("AES-192-CBC-CTS", ossl_aes192cbc_cts_functions), | |
354 | ALG("AES-128-CBC-CTS", ossl_aes128cbc_cts_functions), | |
355 | ALG("AES-256-OFB", ossl_aes256ofb_functions), | |
356 | ALG("AES-192-OFB", ossl_aes192ofb_functions), | |
357 | ALG("AES-128-OFB", ossl_aes128ofb_functions), | |
358 | ALG("AES-256-CFB", ossl_aes256cfb_functions), | |
359 | ALG("AES-192-CFB", ossl_aes192cfb_functions), | |
360 | ALG("AES-128-CFB", ossl_aes128cfb_functions), | |
361 | ALG("AES-256-CFB1", ossl_aes256cfb1_functions), | |
362 | ALG("AES-192-CFB1", ossl_aes192cfb1_functions), | |
363 | ALG("AES-128-CFB1", ossl_aes128cfb1_functions), | |
364 | ALG("AES-256-CFB8", ossl_aes256cfb8_functions), | |
365 | ALG("AES-192-CFB8", ossl_aes192cfb8_functions), | |
366 | ALG("AES-128-CFB8", ossl_aes128cfb8_functions), | |
367 | ALG("AES-256-CTR", ossl_aes256ctr_functions), | |
368 | ALG("AES-192-CTR", ossl_aes192ctr_functions), | |
369 | ALG("AES-128-CTR", ossl_aes128ctr_functions), | |
370 | ALG("AES-256-XTS", ossl_aes256xts_functions), | |
371 | ALG("AES-128-XTS", ossl_aes128xts_functions), | |
372 | ALG("AES-256-GCM:id-aes256-GCM", ossl_aes256gcm_functions), | |
373 | ALG("AES-192-GCM:id-aes192-GCM", ossl_aes192gcm_functions), | |
374 | ALG("AES-128-GCM:id-aes128-GCM", ossl_aes128gcm_functions), | |
375 | ALG("AES-256-CCM:id-aes256-CCM", ossl_aes256ccm_functions), | |
376 | ALG("AES-192-CCM:id-aes192-CCM", ossl_aes192ccm_functions), | |
377 | ALG("AES-128-CCM:id-aes128-CCM", ossl_aes128ccm_functions), | |
378 | ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", ossl_aes256wrap_functions), | |
379 | ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", ossl_aes192wrap_functions), | |
380 | ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", ossl_aes128wrap_functions), | |
0d2bfe52 | 381 | ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", |
1be63951 | 382 | ossl_aes256wrappad_functions), |
0d2bfe52 | 383 | ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", |
1be63951 | 384 | ossl_aes192wrappad_functions), |
0d2bfe52 | 385 | ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", |
1be63951 P |
386 | ossl_aes128wrappad_functions), |
387 | ALGC("AES-128-CBC-HMAC-SHA1", ossl_aes128cbc_hmac_sha1_functions, | |
592dcfd3 | 388 | ossl_cipher_capable_aes_cbc_hmac_sha1), |
1be63951 | 389 | ALGC("AES-256-CBC-HMAC-SHA1", ossl_aes256cbc_hmac_sha1_functions, |
592dcfd3 | 390 | ossl_cipher_capable_aes_cbc_hmac_sha1), |
1be63951 | 391 | ALGC("AES-128-CBC-HMAC-SHA256", ossl_aes128cbc_hmac_sha256_functions, |
592dcfd3 | 392 | ossl_cipher_capable_aes_cbc_hmac_sha256), |
1be63951 | 393 | ALGC("AES-256-CBC-HMAC-SHA256", ossl_aes256cbc_hmac_sha256_functions, |
592dcfd3 | 394 | ossl_cipher_capable_aes_cbc_hmac_sha256), |
cb1548bc | 395 | #ifndef OPENSSL_NO_DES |
1be63951 P |
396 | ALG("DES-EDE3-ECB:DES-EDE3", ossl_tdes_ede3_ecb_functions), |
397 | ALG("DES-EDE3-CBC:DES3", ossl_tdes_ede3_cbc_functions), | |
cb1548bc | 398 | #endif /* OPENSSL_NO_DES */ |
0d2bfe52 | 399 | { { NULL, NULL, NULL }, NULL } |
66ad63e8 | 400 | }; |
0d2bfe52 | 401 | static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |
66ad63e8 | 402 | |
2e5db6ad | 403 | static const OSSL_ALGORITHM fips_macs[] = { |
b1c21b27 | 404 | #ifndef OPENSSL_NO_CMAC |
1be63951 | 405 | { "CMAC", FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, |
b1c21b27 | 406 | #endif |
1be63951 P |
407 | { "GMAC", FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, |
408 | { "HMAC", FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, | |
409 | { "KMAC-128:KMAC128", FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, | |
410 | { "KMAC-256:KMAC256", FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, | |
2e5db6ad RL |
411 | { NULL, NULL, NULL } |
412 | }; | |
413 | ||
e3405a4a | 414 | static const OSSL_ALGORITHM fips_kdfs[] = { |
1be63951 P |
415 | { "HKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, |
416 | { "SSKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, | |
417 | { "PBKDF2", FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, | |
418 | { "SSHKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, | |
419 | { "X963KDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions }, | |
420 | { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions }, | |
421 | { "KBKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, | |
df553b79 | 422 | { NULL, NULL, NULL } |
e3405a4a P |
423 | }; |
424 | ||
bcc4ae67 | 425 | static const OSSL_ALGORITHM fips_rands[] = { |
1be63951 P |
426 | { "CTR-DRBG", FIPS_DEFAULT_PROPERTIES, ossl_drbg_ctr_functions }, |
427 | { "HASH-DRBG", FIPS_DEFAULT_PROPERTIES, ossl_drbg_hash_functions }, | |
428 | { "HMAC-DRBG", FIPS_DEFAULT_PROPERTIES, ossl_drbg_ossl_hmac_functions }, | |
429 | { "TEST-RAND", FIPS_UNAPPROVED_PROPERTIES, ossl_test_rng_functions }, | |
bcc4ae67 P |
430 | { NULL, NULL, NULL } |
431 | }; | |
432 | ||
62f49b90 SL |
433 | static const OSSL_ALGORITHM fips_keyexch[] = { |
434 | #ifndef OPENSSL_NO_DH | |
1be63951 | 435 | { "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, ossl_dh_keyexch_functions }, |
1c725f46 SL |
436 | #endif |
437 | #ifndef OPENSSL_NO_EC | |
1be63951 P |
438 | { "ECDH", FIPS_DEFAULT_PROPERTIES, ecossl_dh_keyexch_functions }, |
439 | { "X25519", FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, | |
440 | { "X448", FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, | |
62f49b90 | 441 | #endif |
1be63951 P |
442 | { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, |
443 | ossl_kdf_tls1_prf_keyexch_functions }, | |
444 | { "HKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_keyexch_functions }, | |
62f49b90 SL |
445 | { NULL, NULL, NULL } |
446 | }; | |
447 | ||
e683582b SL |
448 | static const OSSL_ALGORITHM fips_signature[] = { |
449 | #ifndef OPENSSL_NO_DSA | |
1be63951 P |
450 | { "DSA:dsaEncryption", FIPS_DEFAULT_PROPERTIES, |
451 | ossl_dsa_signature_functions }, | |
e683582b | 452 | #endif |
1be63951 P |
453 | { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, |
454 | ossl_rsa_signature_functions }, | |
edd3b7a3 | 455 | #ifndef OPENSSL_NO_EC |
1be63951 P |
456 | { "ED25519", FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, |
457 | { "ED448", FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, | |
458 | { "ECDSA", FIPS_DEFAULT_PROPERTIES, ecossl_dsa_signature_functions }, | |
edd3b7a3 | 459 | #endif |
1be63951 P |
460 | { "HMAC", FIPS_DEFAULT_PROPERTIES, |
461 | ossl_mac_legacy_hmac_signature_functions }, | |
a540ef90 | 462 | #ifndef OPENSSL_NO_CMAC |
1be63951 P |
463 | { "CMAC", FIPS_DEFAULT_PROPERTIES, |
464 | ossl_mac_legacy_cmac_signature_functions }, | |
a540ef90 | 465 | #endif |
e683582b SL |
466 | { NULL, NULL, NULL } |
467 | }; | |
468 | ||
afb638f1 | 469 | static const OSSL_ALGORITHM fips_asym_cipher[] = { |
1be63951 P |
470 | { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, |
471 | ossl_rsa_asym_cipher_functions }, | |
afb638f1 MC |
472 | { NULL, NULL, NULL } |
473 | }; | |
474 | ||
80f4fd18 | 475 | static const OSSL_ALGORITHM fips_asym_kem[] = { |
1be63951 | 476 | { "RSA", FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_kem_functions }, |
80f4fd18 SL |
477 | { NULL, NULL, NULL } |
478 | }; | |
479 | ||
e683582b | 480 | static const OSSL_ALGORITHM fips_keymgmt[] = { |
62f49b90 | 481 | #ifndef OPENSSL_NO_DH |
1be63951 P |
482 | { "DH:dhKeyAgreement", FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions }, |
483 | { "DHX:X9.42 DH:dhpublicnumber", FIPS_DEFAULT_PROPERTIES, | |
484 | ossl_dhx_keymgmt_functions }, | |
62f49b90 | 485 | #endif |
e683582b | 486 | #ifndef OPENSSL_NO_DSA |
1be63951 | 487 | { "DSA", FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions }, |
e683582b | 488 | #endif |
1be63951 P |
489 | { "RSA:rsaEncryption", FIPS_DEFAULT_PROPERTIES, |
490 | ossl_rsa_keymgmt_functions }, | |
dcb71e1c | 491 | { "RSA-PSS:RSASSA-PSS", FIPS_DEFAULT_PROPERTIES, |
1be63951 | 492 | ossl_rsapss_keymgmt_functions }, |
1c725f46 | 493 | #ifndef OPENSSL_NO_EC |
1be63951 P |
494 | { "EC:id-ecPublicKey", FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions }, |
495 | { "X25519", FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions }, | |
496 | { "X448", FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions }, | |
497 | { "ED25519", FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions }, | |
498 | { "ED448", FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions }, | |
1c725f46 | 499 | #endif |
1be63951 P |
500 | { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions }, |
501 | { "HKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions }, | |
502 | { "HMAC", FIPS_DEFAULT_PROPERTIES, ossl_mac_legacy_keymgmt_functions }, | |
a540ef90 | 503 | #ifndef OPENSSL_NO_CMAC |
1be63951 P |
504 | { "CMAC", FIPS_DEFAULT_PROPERTIES, |
505 | ossl_cossl_mac_legacy_keymgmt_functions }, | |
a540ef90 | 506 | #endif |
e683582b SL |
507 | { NULL, NULL, NULL } |
508 | }; | |
0d2bfe52 | 509 | |
fdaad3f1 RL |
510 | static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, |
511 | int *no_cache) | |
9efa0ae0 MC |
512 | { |
513 | *no_cache = 0; | |
04cb5ec0 | 514 | |
6cf37302 | 515 | if (!ossl_prov_is_running()) |
04cb5ec0 SL |
516 | return NULL; |
517 | ||
9efa0ae0 MC |
518 | switch (operation_id) { |
519 | case OSSL_OP_DIGEST: | |
520 | return fips_digests; | |
66ad63e8 | 521 | case OSSL_OP_CIPHER: |
7d6766cb P |
522 | ossl_prov_cache_exported_algorithms(fips_ciphers, |
523 | exported_fips_ciphers); | |
0d2bfe52 | 524 | return exported_fips_ciphers; |
2e5db6ad RL |
525 | case OSSL_OP_MAC: |
526 | return fips_macs; | |
e3405a4a P |
527 | case OSSL_OP_KDF: |
528 | return fips_kdfs; | |
bcc4ae67 P |
529 | case OSSL_OP_RAND: |
530 | return fips_rands; | |
e683582b SL |
531 | case OSSL_OP_KEYMGMT: |
532 | return fips_keymgmt; | |
62f49b90 SL |
533 | case OSSL_OP_KEYEXCH: |
534 | return fips_keyexch; | |
e683582b SL |
535 | case OSSL_OP_SIGNATURE: |
536 | return fips_signature; | |
afb638f1 MC |
537 | case OSSL_OP_ASYM_CIPHER: |
538 | return fips_asym_cipher; | |
80f4fd18 SL |
539 | case OSSL_OP_KEM: |
540 | return fips_asym_kem; | |
9efa0ae0 MC |
541 | } |
542 | return NULL; | |
543 | } | |
544 | ||
fdaad3f1 RL |
545 | static void fips_teardown(void *provctx) |
546 | { | |
b4250010 | 547 | OSSL_LIB_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx)); |
7d6766cb | 548 | ossl_prov_ctx_free(provctx); |
78906fff RL |
549 | } |
550 | ||
551 | static void fips_intern_teardown(void *provctx) | |
552 | { | |
553 | /* | |
554 | * We know that the library context is the same as for the outer provider, | |
555 | * so no need to destroy it here. | |
556 | */ | |
7d6766cb | 557 | ossl_prov_ctx_free(provctx); |
fdaad3f1 RL |
558 | } |
559 | ||
9efa0ae0 MC |
560 | /* Functions we provide to the core */ |
561 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
fdaad3f1 | 562 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown }, |
dca97d00 | 563 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
564 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
565 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
04cb5ec0 SL |
566 | { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, |
567 | (void (*)(void))provider_get_capabilities }, | |
568 | { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, | |
9efa0ae0 MC |
569 | { 0, NULL } |
570 | }; | |
571 | ||
319e518a MC |
572 | /* Functions we provide to ourself */ |
573 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
78906fff | 574 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, |
319e518a MC |
575 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, |
576 | { 0, NULL } | |
577 | }; | |
578 | ||
d40b42ab | 579 | int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, |
9efa0ae0 | 580 | const OSSL_DISPATCH *in, |
a39eb840 RL |
581 | const OSSL_DISPATCH **out, |
582 | void **provctx) | |
9efa0ae0 | 583 | { |
da747958 | 584 | FIPS_GLOBAL *fgbl; |
b4250010 | 585 | OSSL_LIB_CTX *libctx = NULL; |
319e518a | 586 | |
9efa0ae0 MC |
587 | for (; in->function_id != 0; in++) { |
588 | switch (in->function_id) { | |
36fc5fc6 | 589 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: |
363b1e5d | 590 | c_get_libctx = OSSL_FUNC_core_get_library_context(in); |
36fc5fc6 | 591 | break; |
dca97d00 | 592 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
363b1e5d | 593 | c_gettable_params = OSSL_FUNC_core_gettable_params(in); |
9efa0ae0 MC |
594 | break; |
595 | case OSSL_FUNC_CORE_GET_PARAMS: | |
363b1e5d | 596 | c_get_params = OSSL_FUNC_core_get_params(in); |
9efa0ae0 | 597 | break; |
da747958 | 598 | case OSSL_FUNC_CORE_THREAD_START: |
363b1e5d | 599 | c_thread_start = OSSL_FUNC_core_thread_start(in); |
da747958 | 600 | break; |
036913b1 | 601 | case OSSL_FUNC_CORE_NEW_ERROR: |
363b1e5d | 602 | c_new_error = OSSL_FUNC_core_new_error(in); |
3593266d | 603 | break; |
036913b1 | 604 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
363b1e5d | 605 | c_set_error_debug = OSSL_FUNC_core_set_error_debug(in); |
036913b1 RL |
606 | break; |
607 | case OSSL_FUNC_CORE_VSET_ERROR: | |
363b1e5d | 608 | c_vset_error = OSSL_FUNC_core_vset_error(in); |
3593266d | 609 | break; |
7b131de2 | 610 | case OSSL_FUNC_CORE_SET_ERROR_MARK: |
363b1e5d | 611 | c_set_error_mark = OSSL_FUNC_core_set_error_mark(in); |
7b131de2 RL |
612 | break; |
613 | case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: | |
363b1e5d | 614 | c_clear_last_error_mark = OSSL_FUNC_core_clear_last_error_mark(in); |
7b131de2 RL |
615 | break; |
616 | case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: | |
363b1e5d | 617 | c_pop_error_to_mark = OSSL_FUNC_core_pop_error_to_mark(in); |
7b131de2 | 618 | break; |
b60cba3c | 619 | case OSSL_FUNC_CRYPTO_MALLOC: |
363b1e5d | 620 | c_CRYPTO_malloc = OSSL_FUNC_CRYPTO_malloc(in); |
b60cba3c RS |
621 | break; |
622 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
363b1e5d | 623 | c_CRYPTO_zalloc = OSSL_FUNC_CRYPTO_zalloc(in); |
b60cba3c | 624 | break; |
b60cba3c | 625 | case OSSL_FUNC_CRYPTO_FREE: |
363b1e5d | 626 | c_CRYPTO_free = OSSL_FUNC_CRYPTO_free(in); |
b60cba3c RS |
627 | break; |
628 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
363b1e5d | 629 | c_CRYPTO_clear_free = OSSL_FUNC_CRYPTO_clear_free(in); |
b60cba3c RS |
630 | break; |
631 | case OSSL_FUNC_CRYPTO_REALLOC: | |
363b1e5d | 632 | c_CRYPTO_realloc = OSSL_FUNC_CRYPTO_realloc(in); |
b60cba3c RS |
633 | break; |
634 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
363b1e5d | 635 | c_CRYPTO_clear_realloc = OSSL_FUNC_CRYPTO_clear_realloc(in); |
b60cba3c RS |
636 | break; |
637 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
363b1e5d | 638 | c_CRYPTO_secure_malloc = OSSL_FUNC_CRYPTO_secure_malloc(in); |
b60cba3c RS |
639 | break; |
640 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
363b1e5d | 641 | c_CRYPTO_secure_zalloc = OSSL_FUNC_CRYPTO_secure_zalloc(in); |
b60cba3c RS |
642 | break; |
643 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
363b1e5d | 644 | c_CRYPTO_secure_free = OSSL_FUNC_CRYPTO_secure_free(in); |
b60cba3c RS |
645 | break; |
646 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
363b1e5d | 647 | c_CRYPTO_secure_clear_free = OSSL_FUNC_CRYPTO_secure_clear_free(in); |
b60cba3c RS |
648 | break; |
649 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
363b1e5d | 650 | c_CRYPTO_secure_allocated = OSSL_FUNC_CRYPTO_secure_allocated(in); |
b60cba3c | 651 | break; |
25e60144 | 652 | case OSSL_FUNC_BIO_NEW_FILE: |
363b1e5d | 653 | selftest_params.bio_new_file_cb = OSSL_FUNC_BIO_new_file(in); |
25e60144 SL |
654 | break; |
655 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
363b1e5d | 656 | selftest_params.bio_new_buffer_cb = OSSL_FUNC_BIO_new_membuf(in); |
25e60144 | 657 | break; |
7bb82f92 | 658 | case OSSL_FUNC_BIO_READ_EX: |
363b1e5d | 659 | selftest_params.bio_read_ex_cb = OSSL_FUNC_BIO_read_ex(in); |
25e60144 SL |
660 | break; |
661 | case OSSL_FUNC_BIO_FREE: | |
363b1e5d | 662 | selftest_params.bio_free_cb = OSSL_FUNC_BIO_free(in); |
25e60144 | 663 | break; |
d16d0b71 | 664 | case OSSL_FUNC_BIO_VSNPRINTF: |
363b1e5d | 665 | c_BIO_vsnprintf = OSSL_FUNC_BIO_vsnprintf(in); |
d16d0b71 | 666 | break; |
36fc5fc6 | 667 | case OSSL_FUNC_SELF_TEST_CB: { |
04cb5ec0 | 668 | c_stcbfn = OSSL_FUNC_self_test_cb(in); |
36fc5fc6 SL |
669 | break; |
670 | } | |
9efa0ae0 | 671 | default: |
b60cba3c | 672 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
673 | break; |
674 | } | |
675 | } | |
676 | ||
04cb5ec0 | 677 | set_self_test_cb(handle); |
36fc5fc6 | 678 | |
9f7bdcf3 SL |
679 | if (!c_get_params(handle, core_params)) { |
680 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); | |
25e60144 | 681 | return 0; |
9f7bdcf3 | 682 | } |
35e6ea3b SL |
683 | /* Disable the conditional error check if is disabled in the fips config file*/ |
684 | if (selftest_params.conditional_error_check != NULL | |
685 | && strcmp(selftest_params.conditional_error_check, "0") == 0) | |
686 | SELF_TEST_disable_conditional_error_state(); | |
25e60144 | 687 | |
991a6bb5 SL |
688 | /* Disable the security check if is disabled in the fips config file*/ |
689 | if (fips_security_check_option != NULL | |
690 | && strcmp(fips_security_check_option, "0") == 0) | |
691 | fips_security_checks = 0; | |
692 | ||
b60cba3c | 693 | /* Create a context. */ |
7d6766cb | 694 | if ((*provctx = ossl_prov_ctx_new()) == NULL |
b4250010 | 695 | || (libctx = OSSL_LIB_CTX_new()) == NULL) { |
78906fff RL |
696 | /* |
697 | * We free libctx separately here and only here because it hasn't | |
698 | * been attached to *provctx. All other error paths below rely | |
699 | * solely on fips_teardown. | |
700 | */ | |
b4250010 | 701 | OSSL_LIB_CTX_free(libctx); |
78906fff RL |
702 | goto err; |
703 | } | |
7d6766cb P |
704 | ossl_prov_ctx_set0_library_context(*provctx, libctx); |
705 | ossl_prov_ctx_set0_handle(*provctx, handle); | |
fdaad3f1 | 706 | |
b4250010 DMSP |
707 | if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX, |
708 | &fips_prov_ossl_ctx_method)) == NULL) | |
fdaad3f1 | 709 | goto err; |
7bb82f92 | 710 | |
d40b42ab | 711 | fgbl->handle = handle; |
7bb82f92 | 712 | |
fdaad3f1 | 713 | selftest_params.libctx = libctx; |
9f7bdcf3 SL |
714 | if (!SELF_TEST_post(&selftest_params, 0)) { |
715 | ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE); | |
fdaad3f1 | 716 | goto err; |
9f7bdcf3 | 717 | } |
7bb82f92 | 718 | |
dcb71e1c | 719 | /* TODO(3.0): Tests will hang if this is removed */ |
7d615e21 | 720 | (void)RAND_get0_public(libctx); |
319e518a | 721 | |
e683582b | 722 | *out = fips_dispatch_table; |
9efa0ae0 | 723 | return 1; |
fdaad3f1 RL |
724 | err: |
725 | fips_teardown(*provctx); | |
726 | *provctx = NULL; | |
727 | return 0; | |
9efa0ae0 | 728 | } |
3593266d | 729 | |
319e518a MC |
730 | /* |
731 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 732 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
733 | * been made from within the FIPS module itself. To make this work, we populate |
734 | * the provider context of this inner instance with the same library context | |
735 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 736 | */ |
3593266d | 737 | OSSL_provider_init_fn fips_intern_provider_init; |
d40b42ab | 738 | int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, |
3593266d | 739 | const OSSL_DISPATCH *in, |
319e518a MC |
740 | const OSSL_DISPATCH **out, |
741 | void **provctx) | |
3593266d | 742 | { |
04cb5ec0 | 743 | OSSL_FUNC_core_get_library_context_fn *c_internal_get_libctx = NULL; |
bb751e11 RL |
744 | |
745 | for (; in->function_id != 0; in++) { | |
746 | switch (in->function_id) { | |
747 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
04cb5ec0 | 748 | c_internal_get_libctx = OSSL_FUNC_core_get_library_context(in); |
bb751e11 RL |
749 | break; |
750 | default: | |
751 | break; | |
752 | } | |
753 | } | |
754 | ||
04cb5ec0 | 755 | if (c_internal_get_libctx == NULL) |
bb751e11 RL |
756 | return 0; |
757 | ||
7d6766cb | 758 | if ((*provctx = ossl_prov_ctx_new()) == NULL) |
bb751e11 | 759 | return 0; |
04cb5ec0 | 760 | |
d40b42ab MC |
761 | /* |
762 | * Using the parent library context only works because we are a built-in | |
763 | * internal provider. This is not something that most providers would be | |
764 | * able to do. | |
765 | */ | |
7d6766cb | 766 | ossl_prov_ctx_set0_library_context( |
b4250010 | 767 | *provctx, (OSSL_LIB_CTX *)c_internal_get_libctx(handle) |
7d6766cb P |
768 | ); |
769 | ossl_prov_ctx_set0_handle(*provctx, handle); | |
bb751e11 | 770 | |
319e518a | 771 | *out = intern_dispatch_table; |
3593266d MC |
772 | return 1; |
773 | } | |
774 | ||
036913b1 | 775 | void ERR_new(void) |
3593266d | 776 | { |
036913b1 RL |
777 | c_new_error(NULL); |
778 | } | |
779 | ||
780 | void ERR_set_debug(const char *file, int line, const char *func) | |
781 | { | |
782 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
783 | } |
784 | ||
036913b1 | 785 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
786 | { |
787 | va_list args; | |
8908d18c | 788 | |
036913b1 RL |
789 | va_start(args, fmt); |
790 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
791 | va_end(args); |
792 | } | |
793 | ||
036913b1 | 794 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 795 | { |
036913b1 | 796 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 797 | } |
da747958 | 798 | |
7b131de2 RL |
799 | int ERR_set_mark(void) |
800 | { | |
801 | return c_set_error_mark(NULL); | |
802 | } | |
803 | ||
804 | int ERR_clear_last_mark(void) | |
805 | { | |
806 | return c_clear_last_error_mark(NULL); | |
807 | } | |
808 | ||
809 | int ERR_pop_to_mark(void) | |
810 | { | |
811 | return c_pop_error_to_mark(NULL); | |
812 | } | |
813 | ||
fdaad3f1 RL |
814 | /* |
815 | * This must take a library context, since it's called from the depths | |
816 | * of crypto/initthread.c code, where it's (correctly) assumed that the | |
b4250010 | 817 | * passed caller argument is an OSSL_LIB_CTX pointer (since the same routine |
fdaad3f1 | 818 | * is also called from other parts of libcrypto, which all pass around a |
b4250010 | 819 | * OSSL_LIB_CTX pointer) |
fdaad3f1 | 820 | */ |
b4250010 | 821 | const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) |
da747958 | 822 | { |
b4250010 DMSP |
823 | FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, |
824 | OSSL_LIB_CTX_FIPS_PROV_INDEX, | |
825 | &fips_prov_ossl_ctx_method); | |
da747958 MC |
826 | |
827 | if (fgbl == NULL) | |
828 | return NULL; | |
829 | ||
d40b42ab | 830 | return fgbl->handle; |
da747958 | 831 | } |
b60cba3c RS |
832 | |
833 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
834 | { | |
835 | return c_CRYPTO_malloc(num, file, line); | |
836 | } | |
837 | ||
838 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
839 | { | |
840 | return c_CRYPTO_zalloc(num, file, line); | |
841 | } | |
842 | ||
b60cba3c RS |
843 | void CRYPTO_free(void *ptr, const char *file, int line) |
844 | { | |
845 | c_CRYPTO_free(ptr, file, line); | |
846 | } | |
847 | ||
848 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
849 | { | |
850 | c_CRYPTO_clear_free(ptr, num, file, line); | |
851 | } | |
852 | ||
853 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
854 | { | |
855 | return c_CRYPTO_realloc(addr, num, file, line); | |
856 | } | |
857 | ||
858 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
859 | const char *file, int line) | |
860 | { | |
861 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
862 | } | |
863 | ||
864 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
865 | { | |
866 | return c_CRYPTO_secure_malloc(num, file, line); | |
867 | } | |
868 | ||
869 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
870 | { | |
871 | return c_CRYPTO_secure_zalloc(num, file, line); | |
872 | } | |
873 | ||
874 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
875 | { | |
876 | c_CRYPTO_secure_free(ptr, file, line); | |
877 | } | |
878 | ||
879 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
880 | { | |
881 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
882 | } | |
883 | ||
b60cba3c RS |
884 | int CRYPTO_secure_allocated(const void *ptr) |
885 | { | |
886 | return c_CRYPTO_secure_allocated(ptr); | |
887 | } | |
d16d0b71 SL |
888 | |
889 | int BIO_snprintf(char *buf, size_t n, const char *format, ...) | |
890 | { | |
891 | va_list args; | |
892 | int ret; | |
893 | ||
894 | va_start(args, format); | |
895 | ret = c_BIO_vsnprintf(buf, n, format, args); | |
896 | va_end(args); | |
897 | return ret; | |
898 | } | |
991a6bb5 SL |
899 | |
900 | int FIPS_security_check_enabled(void) | |
901 | { | |
902 | return fips_security_checks; | |
903 | } | |
f8e74747 | 904 | |
b4250010 | 905 | void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, |
f8e74747 SL |
906 | void **cbarg) |
907 | { | |
908 | if (libctx == NULL) | |
909 | libctx = selftest_params.libctx; | |
910 | ||
911 | if (c_stcbfn != NULL && c_get_libctx != NULL) { | |
912 | /* Get the parent libctx */ | |
913 | c_stcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb, cbarg); | |
914 | } else { | |
915 | if (cb != NULL) | |
916 | *cb = NULL; | |
917 | if (cbarg != NULL) | |
918 | *cbarg = NULL; | |
919 | } | |
920 | } |