]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/fipsprov.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Maintain strict type discipline between the core and providers
[thirdparty/openssl.git] / providers / fips / fipsprov.c
CommitLineData
9efa0ae0 1/*
33388b44 2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
9efa0ae0
MC		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <stdio.h>
12#include <openssl/core.h>
13#include <openssl/core_numbers.h>
14#include <openssl/core_names.h>
15#include <openssl/params.h>
3593266d 16#include <openssl/err.h>
319e518a 17#include <openssl/evp.h>
e3405a4a 18#include <openssl/kdf.h>
45c54042 19
319e518a
MC		 20/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21#include <openssl/sha.h>
45c54042 22#include <openssl/rand_drbg.h>
04ca0027 23#include <openssl/ec.h>
25e60144 24#include <openssl/fips_names.h>
45c54042 25
3593266d 26#include "internal/cryptlib.h"
319e518a 27#include "internal/property.h"
0d2bfe52 28#include "internal/nelem.h"
110bff61 29#include "openssl/param_build.h"
25f2138b 30#include "crypto/evp.h"
af3e7e1b 31#include "prov/implementations.h"
ddd21319
RL		 32#include "prov/provider_ctx.h"
33#include "prov/providercommon.h"
0d2bfe52 34#include "prov/provider_util.h"
36fc5fc6 35#include "self_test.h"
9efa0ae0 36
fdaad3f1
RL		 37/*
38 * Forward declarations to ensure that interface functions are correctly
39 * defined.
40 */
41static OSSL_provider_teardown_fn fips_teardown;
42static OSSL_provider_gettable_params_fn fips_gettable_params;
43static OSSL_provider_get_params_fn fips_get_params;
44static OSSL_provider_query_operation_fn fips_query;
45
745fc918 46#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
0d2bfe52
SL		 47#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
48
b60cba3c
RS		 49extern OSSL_core_thread_start_fn *c_thread_start;
50
da747958
MC		 51/*
52 * TODO(3.0): Should these be stored in the provider side provctx? Could they
53 * ever be different from one init to the next? Unfortunately we can't do this
b60cba3c
RS		 54 * at the moment because c_put_error/c_add_error_vdata do not provide
55 * us with the OPENSSL_CTX as a parameter.
da747958 56 */
25e60144
SL		 57
58static SELF_TEST_POST_PARAMS selftest_params;
59
9efa0ae0 60/* Functions provided by the core */
dca97d00 61static OSSL_core_gettable_params_fn *c_gettable_params;
b60cba3c
RS		 62static OSSL_core_get_params_fn *c_get_params;
63OSSL_core_thread_start_fn *c_thread_start;
036913b1
RL		 64static OSSL_core_new_error_fn *c_new_error;
65static OSSL_core_set_error_debug_fn *c_set_error_debug;
66static OSSL_core_vset_error_fn *c_vset_error;
7b131de2
RL		 67static OSSL_core_set_error_mark_fn *c_set_error_mark;
68static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
69static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
b60cba3c
RS		 70static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
71static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
b60cba3c
RS		 72static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
73static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
74static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
75static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
76static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
77static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
78static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
79static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
80static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
d16d0b71 81static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
9efa0ae0 82
da747958 83typedef struct fips_global_st {
d40b42ab 84 const OSSL_CORE_HANDLE *handle;
da747958
MC		 85} FIPS_GLOBAL;
86
87static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
88{
89 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
90
91 return fgbl;
92}
93
94static void fips_prov_ossl_ctx_free(void *fgbl)
95{
96 OPENSSL_free(fgbl);
97}
98
99static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
100 fips_prov_ossl_ctx_new,
101 fips_prov_ossl_ctx_free,
102};
103
104
9efa0ae0 105/* Parameters we provide to the core */
26175013
RL		 106static const OSSL_PARAM fips_param_types[] = {
107 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
108 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
109 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
110 OSSL_PARAM_END
9efa0ae0
MC		 111};
112
25e60144
SL		 113/*
114 * Parameters to retrieve from the core provider - required for self testing.
115 * NOTE: inside core_get_params() these will be loaded from config items
116 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
117 */
118static OSSL_PARAM core_params[] =
119{
120 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
121 selftest_params.module_filename,
122 sizeof(selftest_params.module_filename)),
123 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
124 selftest_params.module_checksum_data,
125 sizeof(selftest_params.module_checksum_data)),
126 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
127 selftest_params.indicator_checksum_data,
128 sizeof(selftest_params.indicator_checksum_data)),
129 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
130 selftest_params.indicator_data,
131 sizeof(selftest_params.indicator_data)),
132 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
133 selftest_params.indicator_version,
134 sizeof(selftest_params.indicator_version)),
135 OSSL_PARAM_END
136};
137
62f49b90 138/* TODO(3.0): To be removed */
fdaad3f1 139static int dummy_evp_call(OPENSSL_CTX *libctx)
62f49b90 140{
62f49b90
SL		 141 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
142 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
143 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
319e518a 144 unsigned char dgst[SHA256_DIGEST_LENGTH];
62f49b90 145 unsigned int dgstlen;
319e518a 146 int ret = 0;
444ab3ab
MC		 147 BN_CTX *bnctx = NULL;
148 BIGNUM *a = NULL, *b = NULL;
45c54042
MC		 149 unsigned char randbuf[128];
150 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
f92e0815 151#ifndef OPENSSL_NO_EC
04ca0027 152 EC_KEY *key = NULL;
f92e0815 153#endif
319e518a 154
62f49b90
SL		 155 static const char msg[] = "Hello World!";
156 static const unsigned char exptd[] = {
157 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
158 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
159 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
160 };
161
e3405a4a 162 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
319e518a
MC		 163 goto err;
164
165 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
166 goto err;
167 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
168 goto err;
169 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
170 goto err;
171 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
172 goto err;
173
444ab3ab
MC		 174 bnctx = BN_CTX_new_ex(libctx);
175 if (bnctx == NULL)
176 goto err;
177 BN_CTX_start(bnctx);
178 a = BN_CTX_get(bnctx);
179 b = BN_CTX_get(bnctx);
180 if (b == NULL)
181 goto err;
182 BN_zero(a);
183 if (!BN_one(b)
184 || !BN_add(a, a, b)
185 || BN_cmp(a, b) != 0)
186 goto err;
4bd8b240 187
45c54042
MC		 188 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
189 goto err;
190
eba3ebd7
MC		 191 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
192 goto err;
193
f92e0815 194#ifndef OPENSSL_NO_EC
04ca0027
MC		 195 /* Do some dummy EC calls */
196 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
197 if (key == NULL)
198 goto err;
199
200 if (!EC_KEY_generate_key(key))
201 goto err;
f92e0815 202#endif
e683582b 203
319e518a
MC		 204 ret = 1;
205 err:
444ab3ab
MC		 206 BN_CTX_end(bnctx);
207 BN_CTX_free(bnctx);
4bd8b240 208
e3405a4a 209 EVP_KDF_free(kdf);
319e518a 210 EVP_MD_CTX_free(ctx);
3fd70262 211 EVP_MD_free(sha256);
04ca0027 212
f92e0815 213#ifndef OPENSSL_NO_EC
04ca0027 214 EC_KEY_free(key);
f92e0815 215#endif
319e518a 216 return ret;
3593266d
MC		 217}
218
fdaad3f1 219static const OSSL_PARAM *fips_gettable_params(void *provctx)
9efa0ae0
MC		 220{
221 return fips_param_types;
222}
223
fdaad3f1 224static int fips_get_params(void *provctx, OSSL_PARAM params[])
9efa0ae0 225{
4e7991b4 226 OSSL_PARAM *p;
9efa0ae0
MC		 227
228 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
229 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
230 return 0;
231 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
232 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
233 return 0;
234 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
235 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
236 return 0;
237
238 return 1;
239}
240
4cecf7a1
MC		 241/* FIPS specific version of the function of the same name in provlib.c */
242const char *ossl_prov_util_nid_to_name(int nid)
243{
f844f9eb 244 /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */
4cecf7a1
MC		 245
246 switch (nid) {
247 /* Digests */
248 case NID_sha1:
df553b79 249 return "SHA1";
4cecf7a1 250 case NID_sha224:
df553b79 251 return "SHA-224";
4cecf7a1 252 case NID_sha256:
df553b79 253 return "SHA-256";
4cecf7a1 254 case NID_sha384:
df553b79 255 return "SHA-384";
4cecf7a1 256 case NID_sha512:
df553b79 257 return "SHA-512";
4cecf7a1 258 case NID_sha512_224:
df553b79 259 return "SHA-512/224";
4cecf7a1 260 case NID_sha512_256:
df553b79 261 return "SHA-512/256";
4cecf7a1
MC		 262 case NID_sha3_224:
263 return "SHA3-224";
264 case NID_sha3_256:
265 return "SHA3-256";
266 case NID_sha3_384:
267 return "SHA3-384";
268 case NID_sha3_512:
269 return "SHA3-512";
270
271 /* Ciphers */
272 case NID_aes_256_ecb:
273 return "AES-256-ECB";
274 case NID_aes_192_ecb:
275 return "AES-192-ECB";
276 case NID_aes_128_ecb:
277 return "AES-128-ECB";
278 case NID_aes_256_cbc:
279 return "AES-256-CBC";
280 case NID_aes_192_cbc:
281 return "AES-192-CBC";
282 case NID_aes_128_cbc:
283 return "AES-128-CBC";
284 case NID_aes_256_ctr:
285 return "AES-256-CTR";
286 case NID_aes_192_ctr:
287 return "AES-192-CTR";
288 case NID_aes_128_ctr:
289 return "AES-128-CTR";
3a9f26f3
SL		 290 case NID_aes_256_xts:
291 return "AES-256-XTS";
292 case NID_aes_128_xts:
293 return "AES-128-XTS";
3bfe9005 294 case NID_aes_256_gcm:
df553b79 295 return "AES-256-GCM";
3bfe9005 296 case NID_aes_192_gcm:
df553b79 297 return "AES-192-GCM";
3bfe9005 298 case NID_aes_128_gcm:
df553b79 299 return "AES-128-GCM";
3bfe9005 300 case NID_aes_256_ccm:
df553b79 301 return "AES-256-CCM";
3bfe9005 302 case NID_aes_192_ccm:
df553b79 303 return "AES-192-CCM";
3bfe9005 304 case NID_aes_128_ccm:
df553b79 305 return "AES-128-CCM";
ca392b29 306 case NID_id_aes256_wrap:
df553b79 307 return "AES-256-WRAP";
ca392b29 308 case NID_id_aes192_wrap:
df553b79 309 return "AES-192-WRAP";
ca392b29 310 case NID_id_aes128_wrap:
df553b79 311 return "AES-128-WRAP";
ca392b29 312 case NID_id_aes256_wrap_pad:
df553b79 313 return "AES-256-WRAP-PAD";
ca392b29 314 case NID_id_aes192_wrap_pad:
df553b79 315 return "AES-192-WRAP-PAD";
ca392b29 316 case NID_id_aes128_wrap_pad:
df553b79 317 return "AES-128-WRAP-PAD";
ca392b29
SL		 318 case NID_des_ede3_ecb:
319 return "DES-EDE3";
320 case NID_des_ede3_cbc:
321 return "DES-EDE3-CBC";
0d2bfe52
SL		 322 case NID_aes_256_cbc_hmac_sha256:
323 return "AES-256-CBC-HMAC-SHA256";
324 case NID_aes_128_cbc_hmac_sha256:
325 return "AES-128-CBC-HMAC-SHA256";
326 case NID_aes_256_cbc_hmac_sha1:
327 return "AES-256-CBC-HMAC-SHA1";
328 case NID_aes_128_cbc_hmac_sha1:
329 return "AES-128-CBC-HMAC-SHA1";
3bfe9005
SL		 330 default:
331 break;
4cecf7a1
MC		 332 }
333
334 return NULL;
335}
336
df553b79
RL		 337/*
338 * For the algorithm names, we use the following formula for our primary
339 * names:
340 *
341 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
342 *
343 * VERSION is only present if there are multiple versions of
344 * an alg (MD2, MD4, MD5). It may be omitted if there is only
345 * one version (if a subsequent version is released in the future,
346 * we can always change the canonical name, and add the old name
347 * as an alias).
348 *
349 * SUBNAME may be present where we are combining multiple
350 * algorithms together, e.g. MD5-SHA1.
351 *
352 * SIZE is only present if multiple versions of an algorithm exist
353 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
354 *
355 * MODE is only present where applicable.
356 *
357 * We add diverse other names where applicable, such as the names that
358 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
359 * we have used historically.
360 */
9efa0ae0 361static const OSSL_ALGORITHM fips_digests[] = {
df553b79 362 /* Our primary name:NiST name[:our older names] */
745fc918
MC		 363 { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
364 { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
365 { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
366 { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
367 { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
368 { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
df553b79 369 sha512_224_functions },
745fc918 370 { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
df553b79
RL		 371 sha512_256_functions },
372
373 /* We agree with NIST here, so one name only */
745fc918
MC		 374 { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
375 { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
376 { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
377 { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
d5e5e2ff 378
1ee1e551
P		 379 /* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */
380 { "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions },
9efa0ae0
MC		 381 { NULL, NULL, NULL }
382};
383
0d2bfe52 384static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
df553b79 385 /* Our primary name[:ASN.1 OID name][:our older names] */
0d2bfe52
SL		 386 ALG("AES-256-ECB", aes256ecb_functions),
387 ALG("AES-192-ECB", aes192ecb_functions),
388 ALG("AES-128-ECB", aes128ecb_functions),
389 ALG("AES-256-CBC", aes256cbc_functions),
390 ALG("AES-192-CBC", aes192cbc_functions),
391 ALG("AES-128-CBC", aes128cbc_functions),
392 ALG("AES-256-CTR", aes256ctr_functions),
393 ALG("AES-192-CTR", aes192ctr_functions),
394 ALG("AES-128-CTR", aes128ctr_functions),
395 ALG("AES-256-XTS", aes256xts_functions),
396 ALG("AES-128-XTS", aes128xts_functions),
397 ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
398 ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
399 ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
400 ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
401 ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
402 ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
403 ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
404 ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
405 ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
406 ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
407 aes256wrappad_functions),
408 ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
409 aes192wrappad_functions),
410 ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
411 aes128wrappad_functions),
412 ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
413 cipher_capable_aes_cbc_hmac_sha1),
414 ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
415 cipher_capable_aes_cbc_hmac_sha1),
416 ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
417 cipher_capable_aes_cbc_hmac_sha256),
418 ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
419 cipher_capable_aes_cbc_hmac_sha256),
cb1548bc 420#ifndef OPENSSL_NO_DES
0d2bfe52
SL		 421 ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
422 ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
cb1548bc 423#endif /* OPENSSL_NO_DES */
0d2bfe52 424 { { NULL, NULL, NULL }, NULL }
66ad63e8 425};
0d2bfe52 426static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
66ad63e8 427
2e5db6ad 428static const OSSL_ALGORITHM fips_macs[] = {
745fc918
MC		 429 { "GMAC", "provider=fips,fips=yes", gmac_functions },
430 { "HMAC", "provider=fips,fips=yes", hmac_functions },
2e5db6ad
RL		 431 { NULL, NULL, NULL }
432};
433
e3405a4a 434static const OSSL_ALGORITHM fips_kdfs[] = {
745fc918
MC		 435 { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
436 { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
437 { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
438 { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
df553b79 439 { NULL, NULL, NULL }
e3405a4a
P		 440};
441
62f49b90
SL		 442static const OSSL_ALGORITHM fips_keyexch[] = {
443#ifndef OPENSSL_NO_DH
745fc918 444 { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
1c725f46
SL		 445#endif
446#ifndef OPENSSL_NO_EC
edd3b7a3 447 { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
1ee1e551
P		 448 { "X25519", "provider=fips,fips=no", x25519_keyexch_functions },
449 { "X448", "provider=fips,fips=no", x448_keyexch_functions },
62f49b90
SL		 450#endif
451 { NULL, NULL, NULL }
452};
453
e683582b
SL		 454static const OSSL_ALGORITHM fips_signature[] = {
455#ifndef OPENSSL_NO_DSA
745fc918 456 { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
e683582b 457#endif
d16d0b71 458 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
edd3b7a3 459#ifndef OPENSSL_NO_EC
1ee1e551
P		 460 { "ED25519", "provider=fips,fips=no", ed25519_signature_functions },
461 { "ED448", "provider=fips,fips=no", ed448_signature_functions },
edd3b7a3
SL		 462 { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
463#endif
e683582b
SL		 464 { NULL, NULL, NULL }
465};
466
afb638f1 467static const OSSL_ALGORITHM fips_asym_cipher[] = {
745fc918 468 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
afb638f1
MC		 469 { NULL, NULL, NULL }
470};
471
e683582b 472static const OSSL_ALGORITHM fips_keymgmt[] = {
62f49b90 473#ifndef OPENSSL_NO_DH
745fc918 474 { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
62f49b90 475#endif
e683582b 476#ifndef OPENSSL_NO_DSA
745fc918 477 { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
e683582b 478#endif
745fc918 479 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
8a758e96 480 { "RSA-PSS:RSASSA-PSS", "provider=default", rsapss_keymgmt_functions },
1c725f46
SL		 481#ifndef OPENSSL_NO_EC
482 { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
1ee1e551
P		 483 { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions },
484 { "X448", "provider=fips,fips=no", x448_keymgmt_functions },
485 { "ED25519", "provider=fips,fips=no", ed25519_keymgmt_functions },
486 { "ED448", "provider=fips,fips=no", ed448_keymgmt_functions },
1c725f46 487#endif
e683582b
SL		 488 { NULL, NULL, NULL }
489};
0d2bfe52 490
fdaad3f1
RL		 491static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id,
492 int *no_cache)
9efa0ae0
MC		 493{
494 *no_cache = 0;
495 switch (operation_id) {
496 case OSSL_OP_DIGEST:
497 return fips_digests;
66ad63e8 498 case OSSL_OP_CIPHER:
0d2bfe52
SL		 499 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
500 return exported_fips_ciphers;
2e5db6ad
RL		 501 case OSSL_OP_MAC:
502 return fips_macs;
e3405a4a
P		 503 case OSSL_OP_KDF:
504 return fips_kdfs;
e683582b
SL		 505 case OSSL_OP_KEYMGMT:
506 return fips_keymgmt;
62f49b90
SL		 507 case OSSL_OP_KEYEXCH:
508 return fips_keyexch;
e683582b
SL		 509 case OSSL_OP_SIGNATURE:
510 return fips_signature;
afb638f1
MC		 511 case OSSL_OP_ASYM_CIPHER:
512 return fips_asym_cipher;
9efa0ae0
MC		 513 }
514 return NULL;
515}
516
fdaad3f1
RL		 517static void fips_teardown(void *provctx)
518{
519 OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx));
78906fff
RL		 520 PROV_CTX_free(provctx);
521}
522
523static void fips_intern_teardown(void *provctx)
524{
525 /*
526 * We know that the library context is the same as for the outer provider,
527 * so no need to destroy it here.
528 */
529 PROV_CTX_free(provctx);
fdaad3f1
RL		 530}
531
9efa0ae0
MC		 532/* Functions we provide to the core */
533static const OSSL_DISPATCH fips_dispatch_table[] = {
fdaad3f1 534 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown },
dca97d00 535 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
9efa0ae0
MC		 536 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
537 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
538 { 0, NULL }
539};
540
319e518a
MC		 541/* Functions we provide to ourself */
542static const OSSL_DISPATCH intern_dispatch_table[] = {
78906fff 543 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown },
319e518a
MC		 544 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
545 { 0, NULL }
546};
547
548
d40b42ab 549int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
9efa0ae0 550 const OSSL_DISPATCH *in,
a39eb840
RL		 551 const OSSL_DISPATCH **out,
552 void **provctx)
9efa0ae0 553{
da747958 554 FIPS_GLOBAL *fgbl;
78906fff 555 OPENSSL_CTX *libctx = NULL;
36fc5fc6
SL		 556 OSSL_self_test_cb_fn *stcbfn = NULL;
557 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
319e518a 558
9efa0ae0
MC		 559 for (; in->function_id != 0; in++) {
560 switch (in->function_id) {
36fc5fc6
SL		 561 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
562 c_get_libctx = OSSL_get_core_get_library_context(in);
563 break;
dca97d00
RL		 564 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
565 c_gettable_params = OSSL_get_core_gettable_params(in);
9efa0ae0
MC		 566 break;
567 case OSSL_FUNC_CORE_GET_PARAMS:
568 c_get_params = OSSL_get_core_get_params(in);
569 break;
da747958
MC		 570 case OSSL_FUNC_CORE_THREAD_START:
571 c_thread_start = OSSL_get_core_thread_start(in);
572 break;
036913b1
RL		 573 case OSSL_FUNC_CORE_NEW_ERROR:
574 c_new_error = OSSL_get_core_new_error(in);
3593266d 575 break;
036913b1
RL		 576 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
577 c_set_error_debug = OSSL_get_core_set_error_debug(in);
578 break;
579 case OSSL_FUNC_CORE_VSET_ERROR:
580 c_vset_error = OSSL_get_core_vset_error(in);
3593266d 581 break;
7b131de2
RL		 582 case OSSL_FUNC_CORE_SET_ERROR_MARK:
583 c_set_error_mark = OSSL_get_core_set_error_mark(in);
584 break;
585 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
586 c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
587 break;
588 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
589 c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
590 break;
b60cba3c
RS		 591 case OSSL_FUNC_CRYPTO_MALLOC:
592 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
593 break;
594 case OSSL_FUNC_CRYPTO_ZALLOC:
595 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
596 break;
b60cba3c
RS		 597 case OSSL_FUNC_CRYPTO_FREE:
598 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
599 break;
600 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
601 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
602 break;
603 case OSSL_FUNC_CRYPTO_REALLOC:
604 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
605 break;
606 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
607 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
608 break;
609 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
610 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
611 break;
612 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
613 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
614 break;
615 case OSSL_FUNC_CRYPTO_SECURE_FREE:
616 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
617 break;
618 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
619 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
620 break;
621 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
622 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
623 break;
25e60144
SL		 624 case OSSL_FUNC_BIO_NEW_FILE:
625 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
626 break;
627 case OSSL_FUNC_BIO_NEW_MEMBUF:
628 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
629 break;
7bb82f92
SL		 630 case OSSL_FUNC_BIO_READ_EX:
631 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
25e60144
SL		 632 break;
633 case OSSL_FUNC_BIO_FREE:
634 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
635 break;
d16d0b71
SL		 636 case OSSL_FUNC_BIO_VSNPRINTF:
637 c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
638 break;
36fc5fc6
SL		 639 case OSSL_FUNC_SELF_TEST_CB: {
640 stcbfn = OSSL_get_self_test_cb(in);
641 break;
642 }
9efa0ae0 643 default:
b60cba3c 644 /* Just ignore anything we don't understand */
9efa0ae0
MC		 645 break;
646 }
647 }
648
36fc5fc6 649 if (stcbfn != NULL && c_get_libctx != NULL) {
d40b42ab 650 stcbfn(c_get_libctx(handle), &selftest_params.cb,
47c239c6 651 &selftest_params.cb_arg);
36fc5fc6
SL		 652 }
653 else {
47c239c6
SL		 654 selftest_params.cb = NULL;
655 selftest_params.cb_arg = NULL;
36fc5fc6
SL		 656 }
657
d40b42ab 658 if (!c_get_params(handle, core_params))
25e60144
SL		 659 return 0;
660
b60cba3c 661 /* Create a context. */
78906fff
RL		 662 if ((*provctx = PROV_CTX_new()) == NULL
663 || (libctx = OPENSSL_CTX_new()) == NULL) {
664 /*
665 * We free libctx separately here and only here because it hasn't
666 * been attached to *provctx. All other error paths below rely
667 * solely on fips_teardown.
668 */
669 OPENSSL_CTX_free(libctx);
670 goto err;
671 }
672 PROV_CTX_set0_library_context(*provctx, libctx);
d40b42ab 673 PROV_CTX_set0_handle(*provctx, handle);
fdaad3f1
RL		 674
675 if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX,
676 &fips_prov_ossl_ctx_method)) == NULL)
677 goto err;
7bb82f92 678
d40b42ab 679 fgbl->handle = handle;
7bb82f92 680
fdaad3f1
RL		 681 selftest_params.libctx = libctx;
682 if (!SELF_TEST_post(&selftest_params, 0))
683 goto err;
7bb82f92 684
319e518a
MC		 685 /*
686 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
687 * EVP calls from within the FIPS module.
688 */
fdaad3f1
RL		 689 if (!dummy_evp_call(libctx))
690 goto err;
319e518a 691
e683582b 692 *out = fips_dispatch_table;
e683582b 693
9efa0ae0 694 return 1;
fdaad3f1
RL		 695 err:
696 fips_teardown(*provctx);
697 *provctx = NULL;
698 return 0;
9efa0ae0 699}
3593266d 700
319e518a
MC		 701/*
702 * The internal init function used when the FIPS module uses EVP to call
b1eb3fd7 703 * another algorithm also in the FIPS module. This is a recursive call that has
bb751e11
RL		 704 * been made from within the FIPS module itself. To make this work, we populate
705 * the provider context of this inner instance with the same library context
706 * that was used in the EVP call that initiated this recursive call.
319e518a 707 */
3593266d 708OSSL_provider_init_fn fips_intern_provider_init;
d40b42ab 709int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle,
3593266d 710 const OSSL_DISPATCH *in,
319e518a
MC		 711 const OSSL_DISPATCH **out,
712 void **provctx)
3593266d 713{
bb751e11
RL		 714 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
715
716 for (; in->function_id != 0; in++) {
717 switch (in->function_id) {
718 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
719 c_get_libctx = OSSL_get_core_get_library_context(in);
720 break;
721 default:
722 break;
723 }
724 }
725
726 if (c_get_libctx == NULL)
727 return 0;
728
78906fff 729 if ((*provctx = PROV_CTX_new()) == NULL)
bb751e11 730 return 0;
d40b42ab
MC		 731 /*
732 * Using the parent library context only works because we are a built-in
733 * internal provider. This is not something that most providers would be
734 * able to do.
735 */
736 PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle));
737 PROV_CTX_set0_handle(*provctx, handle);
bb751e11 738
319e518a 739 *out = intern_dispatch_table;
3593266d
MC		 740 return 1;
741}
742
036913b1 743void ERR_new(void)
3593266d 744{
036913b1
RL		 745 c_new_error(NULL);
746}
747
748void ERR_set_debug(const char *file, int line, const char *func)
749{
750 c_set_error_debug(NULL, file, line, func);
3593266d
MC		 751}
752
036913b1 753void ERR_set_error(int lib, int reason, const char *fmt, ...)
3593266d
MC		 754{
755 va_list args;
8908d18c 756
036913b1
RL		 757 va_start(args, fmt);
758 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d
MC		 759 va_end(args);
760}
761
036913b1 762void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
3593266d 763{
036913b1 764 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d 765}
da747958 766
7b131de2
RL		 767int ERR_set_mark(void)
768{
769 return c_set_error_mark(NULL);
770}
771
772int ERR_clear_last_mark(void)
773{
774 return c_clear_last_error_mark(NULL);
775}
776
777int ERR_pop_to_mark(void)
778{
779 return c_pop_error_to_mark(NULL);
780}
781
fdaad3f1
RL		 782/*
783 * This must take a library context, since it's called from the depths
784 * of crypto/initthread.c code, where it's (correctly) assumed that the
785 * passed caller argument is an OPENSSL_CTX pointer (since the same routine
786 * is also called from other parts of libcrypto, which all pass around a
787 * OPENSSL_CTX pointer)
788 */
d40b42ab 789const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *libctx)
da747958 790{
fdaad3f1
RL		 791 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx,
792 OPENSSL_CTX_FIPS_PROV_INDEX,
da747958
MC		 793 &fips_prov_ossl_ctx_method);
794
795 if (fgbl == NULL)
796 return NULL;
797
d40b42ab 798 return fgbl->handle;
da747958 799}
b60cba3c
RS		 800
801void *CRYPTO_malloc(size_t num, const char *file, int line)
802{
803 return c_CRYPTO_malloc(num, file, line);
804}
805
806void *CRYPTO_zalloc(size_t num, const char *file, int line)
807{
808 return c_CRYPTO_zalloc(num, file, line);
809}
810
b60cba3c
RS		 811void CRYPTO_free(void *ptr, const char *file, int line)
812{
813 c_CRYPTO_free(ptr, file, line);
814}
815
816void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
817{
818 c_CRYPTO_clear_free(ptr, num, file, line);
819}
820
821void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
822{
823 return c_CRYPTO_realloc(addr, num, file, line);
824}
825
826void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
827 const char *file, int line)
828{
829 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
830}
831
832void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
833{
834 return c_CRYPTO_secure_malloc(num, file, line);
835}
836
837void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
838{
839 return c_CRYPTO_secure_zalloc(num, file, line);
840}
841
842void CRYPTO_secure_free(void *ptr, const char *file, int line)
843{
844 c_CRYPTO_secure_free(ptr, file, line);
845}
846
847void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
848{
849 c_CRYPTO_secure_clear_free(ptr, num, file, line);
850}
851
b60cba3c
RS		 852int CRYPTO_secure_allocated(const void *ptr)
853{
854 return c_CRYPTO_secure_allocated(ptr);
855}
d16d0b71
SL		 856
857int BIO_snprintf(char *buf, size_t n, const char *format, ...)
858{
859 va_list args;
860 int ret;
861
862 va_start(args, format);
863 ret = c_BIO_vsnprintf(buf, n, format, args);
864 va_end(args);
865 return ret;
866}
A mirror of the official openssl repository