]>
Commit | Line | Data |
---|---|---|
9efa0ae0 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <stdio.h> | |
12 | #include <openssl/core.h> | |
13 | #include <openssl/core_numbers.h> | |
14 | #include <openssl/core_names.h> | |
15 | #include <openssl/params.h> | |
3593266d | 16 | #include <openssl/err.h> |
319e518a | 17 | #include <openssl/evp.h> |
e3405a4a | 18 | #include <openssl/kdf.h> |
45c54042 | 19 | |
319e518a MC |
20 | /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ |
21 | #include <openssl/sha.h> | |
45c54042 | 22 | #include <openssl/rand_drbg.h> |
04ca0027 | 23 | #include <openssl/ec.h> |
25e60144 | 24 | #include <openssl/fips_names.h> |
45c54042 | 25 | |
3593266d | 26 | #include "internal/cryptlib.h" |
319e518a | 27 | #include "internal/property.h" |
0d2bfe52 | 28 | #include "internal/nelem.h" |
25f2138b | 29 | #include "crypto/evp.h" |
af3e7e1b | 30 | #include "prov/implementations.h" |
ddd21319 RL |
31 | #include "prov/provider_ctx.h" |
32 | #include "prov/providercommon.h" | |
0d2bfe52 | 33 | #include "prov/provider_util.h" |
25e60144 | 34 | #include "selftest.h" |
9efa0ae0 | 35 | |
0d2bfe52 SL |
36 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK } |
37 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) | |
38 | ||
b60cba3c RS |
39 | extern OSSL_core_thread_start_fn *c_thread_start; |
40 | ||
da747958 MC |
41 | /* |
42 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
43 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c RS |
44 | * at the moment because c_put_error/c_add_error_vdata do not provide |
45 | * us with the OPENSSL_CTX as a parameter. | |
da747958 | 46 | */ |
25e60144 SL |
47 | |
48 | static SELF_TEST_POST_PARAMS selftest_params; | |
49 | ||
9efa0ae0 | 50 | /* Functions provided by the core */ |
dca97d00 | 51 | static OSSL_core_gettable_params_fn *c_gettable_params; |
b60cba3c RS |
52 | static OSSL_core_get_params_fn *c_get_params; |
53 | OSSL_core_thread_start_fn *c_thread_start; | |
036913b1 RL |
54 | static OSSL_core_new_error_fn *c_new_error; |
55 | static OSSL_core_set_error_debug_fn *c_set_error_debug; | |
56 | static OSSL_core_vset_error_fn *c_vset_error; | |
b60cba3c RS |
57 | static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; |
58 | static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
b60cba3c RS |
59 | static OSSL_CRYPTO_free_fn *c_CRYPTO_free; |
60 | static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
61 | static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
62 | static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
63 | static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
64 | static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
65 | static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
66 | static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
67 | static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
9efa0ae0 | 68 | |
da747958 MC |
69 | typedef struct fips_global_st { |
70 | const OSSL_PROVIDER *prov; | |
71 | } FIPS_GLOBAL; | |
72 | ||
73 | static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) | |
74 | { | |
75 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
76 | ||
77 | return fgbl; | |
78 | } | |
79 | ||
80 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
81 | { | |
82 | OPENSSL_free(fgbl); | |
83 | } | |
84 | ||
85 | static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { | |
86 | fips_prov_ossl_ctx_new, | |
87 | fips_prov_ossl_ctx_free, | |
88 | }; | |
89 | ||
90 | ||
9efa0ae0 | 91 | /* Parameters we provide to the core */ |
26175013 RL |
92 | static const OSSL_PARAM fips_param_types[] = { |
93 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
94 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
95 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
96 | OSSL_PARAM_END | |
9efa0ae0 MC |
97 | }; |
98 | ||
25e60144 SL |
99 | /* |
100 | * Parameters to retrieve from the core provider - required for self testing. | |
101 | * NOTE: inside core_get_params() these will be loaded from config items | |
102 | * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). | |
103 | */ | |
104 | static OSSL_PARAM core_params[] = | |
105 | { | |
106 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, | |
107 | selftest_params.module_filename, | |
108 | sizeof(selftest_params.module_filename)), | |
109 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
110 | selftest_params.module_checksum_data, | |
111 | sizeof(selftest_params.module_checksum_data)), | |
112 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
113 | selftest_params.indicator_checksum_data, | |
114 | sizeof(selftest_params.indicator_checksum_data)), | |
115 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
116 | selftest_params.indicator_data, | |
117 | sizeof(selftest_params.indicator_data)), | |
118 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
119 | selftest_params.indicator_version, | |
120 | sizeof(selftest_params.indicator_version)), | |
121 | OSSL_PARAM_END | |
122 | }; | |
123 | ||
e683582b SL |
124 | /* |
125 | * This routine is currently necessary as bn params are currently processed | |
126 | * using BN_native2bn when raw data is received. This means we need to do | |
127 | * magic to reverse the order of the bytes to match native format. | |
128 | * The array of hexdata is to get around compilers that dont like | |
129 | * strings longer than 509 bytes, | |
130 | */ | |
131 | static int rawnative_fromhex(const char *hex_data[], | |
132 | unsigned char **native, size_t *nativelen) | |
133 | { | |
134 | int ret = 0; | |
135 | unsigned char *data = NULL; | |
136 | BIGNUM *bn = NULL; | |
137 | int i, slen, datalen, sz; | |
138 | char *str = NULL; | |
139 | ||
140 | for (slen = 0, i = 0; hex_data[i] != NULL; ++i) | |
141 | slen += strlen(hex_data[i]); | |
142 | str = OPENSSL_zalloc(slen + 1); | |
143 | if (str == NULL) | |
144 | return 0; | |
145 | for (i = 0; hex_data[i] != NULL; ++i) | |
146 | strcat(str, hex_data[i]); | |
147 | ||
148 | if (BN_hex2bn(&bn, str) <= 0) | |
149 | return 0; | |
150 | ||
151 | datalen = slen / 2; | |
152 | data = (unsigned char *)str; /* reuse the str buffer */ | |
153 | ||
154 | sz = BN_bn2nativepad(bn, data, datalen); | |
155 | if (sz <= 0) | |
156 | goto err; | |
157 | ret = 1; | |
158 | *native = data; | |
159 | *nativelen = datalen; | |
160 | data = NULL; /* so it does not get freed */ | |
161 | err: | |
162 | BN_free(bn); | |
163 | OPENSSL_free(data); | |
164 | return ret; | |
165 | } | |
166 | ||
319e518a | 167 | /* TODO(3.0): To be removed */ |
bb751e11 | 168 | static int dummy_evp_call(void *provctx) |
3593266d | 169 | { |
bb751e11 | 170 | OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); |
319e518a MC |
171 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
172 | EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); | |
2e548ac9 | 173 | EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); |
e683582b SL |
174 | EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; |
175 | EVP_PKEY *pkey = NULL; | |
176 | OSSL_PARAM *p; | |
177 | OSSL_PARAM params[16]; | |
178 | unsigned char sig[64]; | |
179 | size_t siglen, sigdgstlen; | |
180 | unsigned char *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; | |
181 | unsigned char *dsa_pub = NULL, *dsa_priv = NULL; | |
182 | size_t dsa_p_len, dsa_q_len, dsa_g_len, dsa_pub_len, dsa_priv_len; | |
183 | ||
184 | /* dsa 2048 */ | |
185 | static const char *dsa_p_hex[] = { | |
186 | "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415" | |
187 | "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef" | |
188 | "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b" | |
189 | "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534", | |
190 | "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1" | |
191 | "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088" | |
192 | "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4" | |
193 | "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7", | |
194 | NULL | |
195 | }; | |
196 | static const char *dsa_q_hex[] = { | |
197 | "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867", | |
198 | NULL | |
199 | }; | |
200 | static const char *dsa_g_hex[] = { | |
201 | "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7" | |
202 | "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084" | |
203 | "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb" | |
204 | "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97", | |
205 | "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb" | |
206 | "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c" | |
207 | "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00" | |
208 | "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467", | |
209 | NULL | |
210 | }; | |
211 | static const char *dsa_pub_hex[] = { | |
212 | "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6" | |
213 | "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec" | |
214 | "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb" | |
215 | "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34", | |
216 | "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672" | |
217 | "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7" | |
218 | "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190" | |
219 | "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516", | |
220 | NULL | |
221 | }; | |
222 | static const char *dsa_priv_hex[] = { | |
223 | "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7", | |
224 | NULL | |
225 | }; | |
319e518a MC |
226 | char msg[] = "Hello World!"; |
227 | const unsigned char exptd[] = { | |
228 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
229 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
230 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
231 | }; | |
232 | unsigned int dgstlen = 0; | |
233 | unsigned char dgst[SHA256_DIGEST_LENGTH]; | |
234 | int ret = 0; | |
444ab3ab MC |
235 | BN_CTX *bnctx = NULL; |
236 | BIGNUM *a = NULL, *b = NULL; | |
45c54042 MC |
237 | unsigned char randbuf[128]; |
238 | RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); | |
f92e0815 | 239 | #ifndef OPENSSL_NO_EC |
04ca0027 | 240 | EC_KEY *key = NULL; |
f92e0815 | 241 | #endif |
319e518a | 242 | |
e3405a4a | 243 | if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) |
319e518a MC |
244 | goto err; |
245 | ||
246 | if (!EVP_DigestInit_ex(ctx, sha256, NULL)) | |
247 | goto err; | |
248 | if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) | |
249 | goto err; | |
250 | if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) | |
251 | goto err; | |
252 | if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) | |
253 | goto err; | |
254 | ||
444ab3ab MC |
255 | bnctx = BN_CTX_new_ex(libctx); |
256 | if (bnctx == NULL) | |
257 | goto err; | |
258 | BN_CTX_start(bnctx); | |
259 | a = BN_CTX_get(bnctx); | |
260 | b = BN_CTX_get(bnctx); | |
261 | if (b == NULL) | |
262 | goto err; | |
263 | BN_zero(a); | |
264 | if (!BN_one(b) | |
265 | || !BN_add(a, a, b) | |
266 | || BN_cmp(a, b) != 0) | |
267 | goto err; | |
4bd8b240 | 268 | |
45c54042 MC |
269 | if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) |
270 | goto err; | |
271 | ||
eba3ebd7 MC |
272 | if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) |
273 | goto err; | |
274 | ||
f92e0815 | 275 | #ifndef OPENSSL_NO_EC |
04ca0027 MC |
276 | /* Do some dummy EC calls */ |
277 | key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1); | |
278 | if (key == NULL) | |
279 | goto err; | |
280 | ||
281 | if (!EC_KEY_generate_key(key)) | |
282 | goto err; | |
f92e0815 | 283 | #endif |
e683582b SL |
284 | if (!rawnative_fromhex(dsa_p_hex, &dsa_p, &dsa_p_len) |
285 | || !rawnative_fromhex(dsa_q_hex, &dsa_q, &dsa_q_len) | |
286 | || !rawnative_fromhex(dsa_g_hex, &dsa_g, &dsa_g_len) | |
287 | || !rawnative_fromhex(dsa_pub_hex, &dsa_pub, &dsa_pub_len) | |
288 | || !rawnative_fromhex(dsa_priv_hex, &dsa_priv, &dsa_priv_len)) | |
289 | goto err; | |
290 | ||
291 | p = params; | |
292 | *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, dsa_p, dsa_p_len); | |
293 | *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_Q, dsa_q, dsa_q_len); | |
294 | *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_G, dsa_g, dsa_g_len); | |
295 | *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_DSA_PUB_KEY, | |
296 | dsa_pub, dsa_pub_len); | |
297 | *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_DSA_PRIV_KEY, | |
298 | dsa_priv, dsa_priv_len); | |
299 | *p = OSSL_PARAM_construct_end(); | |
300 | ||
301 | kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, ""); | |
302 | if (kctx == NULL) | |
303 | goto err; | |
304 | if (EVP_PKEY_key_fromdata_init(kctx) <= 0 | |
305 | || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0) | |
306 | goto err; | |
307 | ||
308 | sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey); | |
309 | if (sctx == NULL) | |
310 | goto err;; | |
04ca0027 | 311 | |
e683582b SL |
312 | if (EVP_PKEY_sign_init(sctx) <= 0) |
313 | goto err; | |
314 | ||
315 | /* set signature parameters */ | |
316 | sigdgstlen = SHA256_DIGEST_LENGTH; | |
317 | p = params; | |
318 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, | |
319 | SN_sha256, | |
320 | strlen(SN_sha256) + 1); | |
321 | ||
322 | *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, | |
323 | &sigdgstlen); | |
324 | *p = OSSL_PARAM_construct_end(); | |
325 | if (EVP_PKEY_CTX_set_params(sctx, params) <= 0) | |
326 | goto err; | |
327 | ||
328 | if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 | |
329 | || EVP_PKEY_verify_init(sctx) <= 0 | |
330 | || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) | |
331 | goto err; | |
319e518a MC |
332 | ret = 1; |
333 | err: | |
444ab3ab MC |
334 | BN_CTX_end(bnctx); |
335 | BN_CTX_free(bnctx); | |
4bd8b240 | 336 | |
e3405a4a | 337 | EVP_KDF_free(kdf); |
319e518a | 338 | EVP_MD_CTX_free(ctx); |
3fd70262 | 339 | EVP_MD_free(sha256); |
04ca0027 | 340 | |
f92e0815 | 341 | #ifndef OPENSSL_NO_EC |
04ca0027 | 342 | EC_KEY_free(key); |
f92e0815 | 343 | #endif |
e683582b SL |
344 | OPENSSL_free(dsa_p); |
345 | OPENSSL_free(dsa_q); | |
346 | OPENSSL_free(dsa_g); | |
347 | OPENSSL_free(dsa_pub); | |
348 | OPENSSL_free(dsa_priv); | |
349 | EVP_PKEY_free(pkey); | |
350 | EVP_PKEY_CTX_free(kctx); | |
351 | EVP_PKEY_CTX_free(sctx); | |
319e518a | 352 | return ret; |
3593266d MC |
353 | } |
354 | ||
dca97d00 | 355 | static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov) |
9efa0ae0 MC |
356 | { |
357 | return fips_param_types; | |
358 | } | |
359 | ||
4e7991b4 | 360 | static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) |
9efa0ae0 | 361 | { |
4e7991b4 | 362 | OSSL_PARAM *p; |
9efa0ae0 MC |
363 | |
364 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
365 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
366 | return 0; | |
367 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
368 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
369 | return 0; | |
370 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
371 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
372 | return 0; | |
373 | ||
374 | return 1; | |
375 | } | |
376 | ||
4cecf7a1 MC |
377 | /* FIPS specific version of the function of the same name in provlib.c */ |
378 | const char *ossl_prov_util_nid_to_name(int nid) | |
379 | { | |
380 | /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ | |
381 | ||
382 | switch (nid) { | |
383 | /* Digests */ | |
384 | case NID_sha1: | |
df553b79 | 385 | return "SHA1"; |
4cecf7a1 | 386 | case NID_sha224: |
df553b79 | 387 | return "SHA-224"; |
4cecf7a1 | 388 | case NID_sha256: |
df553b79 | 389 | return "SHA-256"; |
4cecf7a1 | 390 | case NID_sha384: |
df553b79 | 391 | return "SHA-384"; |
4cecf7a1 | 392 | case NID_sha512: |
df553b79 | 393 | return "SHA-512"; |
4cecf7a1 | 394 | case NID_sha512_224: |
df553b79 | 395 | return "SHA-512/224"; |
4cecf7a1 | 396 | case NID_sha512_256: |
df553b79 | 397 | return "SHA-512/256"; |
4cecf7a1 MC |
398 | case NID_sha3_224: |
399 | return "SHA3-224"; | |
400 | case NID_sha3_256: | |
401 | return "SHA3-256"; | |
402 | case NID_sha3_384: | |
403 | return "SHA3-384"; | |
404 | case NID_sha3_512: | |
405 | return "SHA3-512"; | |
406 | ||
407 | /* Ciphers */ | |
408 | case NID_aes_256_ecb: | |
409 | return "AES-256-ECB"; | |
410 | case NID_aes_192_ecb: | |
411 | return "AES-192-ECB"; | |
412 | case NID_aes_128_ecb: | |
413 | return "AES-128-ECB"; | |
414 | case NID_aes_256_cbc: | |
415 | return "AES-256-CBC"; | |
416 | case NID_aes_192_cbc: | |
417 | return "AES-192-CBC"; | |
418 | case NID_aes_128_cbc: | |
419 | return "AES-128-CBC"; | |
420 | case NID_aes_256_ctr: | |
421 | return "AES-256-CTR"; | |
422 | case NID_aes_192_ctr: | |
423 | return "AES-192-CTR"; | |
424 | case NID_aes_128_ctr: | |
425 | return "AES-128-CTR"; | |
3a9f26f3 SL |
426 | case NID_aes_256_xts: |
427 | return "AES-256-XTS"; | |
428 | case NID_aes_128_xts: | |
429 | return "AES-128-XTS"; | |
3bfe9005 | 430 | case NID_aes_256_gcm: |
df553b79 | 431 | return "AES-256-GCM"; |
3bfe9005 | 432 | case NID_aes_192_gcm: |
df553b79 | 433 | return "AES-192-GCM"; |
3bfe9005 | 434 | case NID_aes_128_gcm: |
df553b79 | 435 | return "AES-128-GCM"; |
3bfe9005 | 436 | case NID_aes_256_ccm: |
df553b79 | 437 | return "AES-256-CCM"; |
3bfe9005 | 438 | case NID_aes_192_ccm: |
df553b79 | 439 | return "AES-192-CCM"; |
3bfe9005 | 440 | case NID_aes_128_ccm: |
df553b79 | 441 | return "AES-128-CCM"; |
ca392b29 | 442 | case NID_id_aes256_wrap: |
df553b79 | 443 | return "AES-256-WRAP"; |
ca392b29 | 444 | case NID_id_aes192_wrap: |
df553b79 | 445 | return "AES-192-WRAP"; |
ca392b29 | 446 | case NID_id_aes128_wrap: |
df553b79 | 447 | return "AES-128-WRAP"; |
ca392b29 | 448 | case NID_id_aes256_wrap_pad: |
df553b79 | 449 | return "AES-256-WRAP-PAD"; |
ca392b29 | 450 | case NID_id_aes192_wrap_pad: |
df553b79 | 451 | return "AES-192-WRAP-PAD"; |
ca392b29 | 452 | case NID_id_aes128_wrap_pad: |
df553b79 | 453 | return "AES-128-WRAP-PAD"; |
ca392b29 SL |
454 | case NID_des_ede3_ecb: |
455 | return "DES-EDE3"; | |
456 | case NID_des_ede3_cbc: | |
457 | return "DES-EDE3-CBC"; | |
0d2bfe52 SL |
458 | case NID_aes_256_cbc_hmac_sha256: |
459 | return "AES-256-CBC-HMAC-SHA256"; | |
460 | case NID_aes_128_cbc_hmac_sha256: | |
461 | return "AES-128-CBC-HMAC-SHA256"; | |
462 | case NID_aes_256_cbc_hmac_sha1: | |
463 | return "AES-256-CBC-HMAC-SHA1"; | |
464 | case NID_aes_128_cbc_hmac_sha1: | |
465 | return "AES-128-CBC-HMAC-SHA1"; | |
3bfe9005 SL |
466 | default: |
467 | break; | |
4cecf7a1 MC |
468 | } |
469 | ||
470 | return NULL; | |
471 | } | |
472 | ||
df553b79 RL |
473 | /* |
474 | * For the algorithm names, we use the following formula for our primary | |
475 | * names: | |
476 | * | |
477 | * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] | |
478 | * | |
479 | * VERSION is only present if there are multiple versions of | |
480 | * an alg (MD2, MD4, MD5). It may be omitted if there is only | |
481 | * one version (if a subsequent version is released in the future, | |
482 | * we can always change the canonical name, and add the old name | |
483 | * as an alias). | |
484 | * | |
485 | * SUBNAME may be present where we are combining multiple | |
486 | * algorithms together, e.g. MD5-SHA1. | |
487 | * | |
488 | * SIZE is only present if multiple versions of an algorithm exist | |
489 | * with different sizes (e.g. AES-128-CBC, AES-256-CBC) | |
490 | * | |
491 | * MODE is only present where applicable. | |
492 | * | |
493 | * We add diverse other names where applicable, such as the names that | |
494 | * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names | |
495 | * we have used historically. | |
496 | */ | |
9efa0ae0 | 497 | static const OSSL_ALGORITHM fips_digests[] = { |
df553b79 RL |
498 | /* Our primary name:NiST name[:our older names] */ |
499 | { "SHA1:SHA-1", "fips=yes", sha1_functions }, | |
500 | { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions }, | |
501 | { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions }, | |
502 | { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions }, | |
503 | { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions }, | |
504 | { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes", | |
505 | sha512_224_functions }, | |
506 | { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes", | |
507 | sha512_256_functions }, | |
508 | ||
509 | /* We agree with NIST here, so one name only */ | |
d5e5e2ff SL |
510 | { "SHA3-224", "fips=yes", sha3_224_functions }, |
511 | { "SHA3-256", "fips=yes", sha3_256_functions }, | |
512 | { "SHA3-384", "fips=yes", sha3_384_functions }, | |
513 | { "SHA3-512", "fips=yes", sha3_512_functions }, | |
e23cda00 | 514 | /* |
cc35c3ed | 515 | * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for |
ca392b29 | 516 | * KMAC128 and KMAC256. |
e23cda00 | 517 | */ |
cc35c3ed MC |
518 | { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions }, |
519 | { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions }, | |
d5e5e2ff | 520 | |
9efa0ae0 MC |
521 | { NULL, NULL, NULL } |
522 | }; | |
523 | ||
0d2bfe52 | 524 | static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { |
df553b79 | 525 | /* Our primary name[:ASN.1 OID name][:our older names] */ |
0d2bfe52 SL |
526 | ALG("AES-256-ECB", aes256ecb_functions), |
527 | ALG("AES-192-ECB", aes192ecb_functions), | |
528 | ALG("AES-128-ECB", aes128ecb_functions), | |
529 | ALG("AES-256-CBC", aes256cbc_functions), | |
530 | ALG("AES-192-CBC", aes192cbc_functions), | |
531 | ALG("AES-128-CBC", aes128cbc_functions), | |
532 | ALG("AES-256-CTR", aes256ctr_functions), | |
533 | ALG("AES-192-CTR", aes192ctr_functions), | |
534 | ALG("AES-128-CTR", aes128ctr_functions), | |
535 | ALG("AES-256-XTS", aes256xts_functions), | |
536 | ALG("AES-128-XTS", aes128xts_functions), | |
537 | ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions), | |
538 | ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions), | |
539 | ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions), | |
540 | ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions), | |
541 | ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions), | |
542 | ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions), | |
543 | ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions), | |
544 | ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions), | |
545 | ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions), | |
546 | ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", | |
547 | aes256wrappad_functions), | |
548 | ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", | |
549 | aes192wrappad_functions), | |
550 | ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", | |
551 | aes128wrappad_functions), | |
552 | ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions, | |
553 | cipher_capable_aes_cbc_hmac_sha1), | |
554 | ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions, | |
555 | cipher_capable_aes_cbc_hmac_sha1), | |
556 | ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions, | |
557 | cipher_capable_aes_cbc_hmac_sha256), | |
558 | ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions, | |
559 | cipher_capable_aes_cbc_hmac_sha256), | |
cb1548bc | 560 | #ifndef OPENSSL_NO_DES |
0d2bfe52 SL |
561 | ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions), |
562 | ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions), | |
cb1548bc | 563 | #endif /* OPENSSL_NO_DES */ |
0d2bfe52 | 564 | { { NULL, NULL, NULL }, NULL } |
66ad63e8 | 565 | }; |
0d2bfe52 | 566 | static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |
66ad63e8 | 567 | |
2e5db6ad | 568 | static const OSSL_ALGORITHM fips_macs[] = { |
bad41b68 | 569 | #ifndef OPENSSL_NO_CMAC |
2e5db6ad | 570 | { "CMAC", "fips=yes", cmac_functions }, |
bad41b68 | 571 | #endif |
d33313be | 572 | { "GMAC", "fips=yes", gmac_functions }, |
5183ebdc | 573 | { "HMAC", "fips=yes", hmac_functions }, |
cc35c3ed MC |
574 | { "KMAC-128:KMAC128", "fips=yes", kmac128_functions }, |
575 | { "KMAC-256:KMAC256", "fips=yes", kmac256_functions }, | |
2e5db6ad RL |
576 | { NULL, NULL, NULL } |
577 | }; | |
578 | ||
e3405a4a | 579 | static const OSSL_ALGORITHM fips_kdfs[] = { |
0fee1dff P |
580 | { "HKDF", "fips=yes", kdf_hkdf_functions }, |
581 | { "SSKDF", "fips=yes", kdf_sskdf_functions }, | |
582 | { "PBKDF2", "fips=yes", kdf_pbkdf2_functions }, | |
583 | { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions }, | |
584 | { "KBKDF", "fips=yes", kdf_kbkdf_functions }, | |
df553b79 | 585 | { NULL, NULL, NULL } |
e3405a4a P |
586 | }; |
587 | ||
e683582b SL |
588 | static const OSSL_ALGORITHM fips_signature[] = { |
589 | #ifndef OPENSSL_NO_DSA | |
590 | { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions }, | |
591 | #endif | |
592 | { NULL, NULL, NULL } | |
593 | }; | |
594 | ||
595 | static const OSSL_ALGORITHM fips_keymgmt[] = { | |
596 | #ifndef OPENSSL_NO_DSA | |
597 | { "DSA", "fips=yes", dsa_keymgmt_functions }, | |
598 | #endif | |
599 | { NULL, NULL, NULL } | |
600 | }; | |
0d2bfe52 | 601 | |
9efa0ae0 MC |
602 | static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, |
603 | int operation_id, | |
604 | int *no_cache) | |
605 | { | |
606 | *no_cache = 0; | |
607 | switch (operation_id) { | |
608 | case OSSL_OP_DIGEST: | |
609 | return fips_digests; | |
66ad63e8 | 610 | case OSSL_OP_CIPHER: |
0d2bfe52 SL |
611 | ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); |
612 | return exported_fips_ciphers; | |
2e5db6ad RL |
613 | case OSSL_OP_MAC: |
614 | return fips_macs; | |
e3405a4a P |
615 | case OSSL_OP_KDF: |
616 | return fips_kdfs; | |
e683582b SL |
617 | case OSSL_OP_KEYMGMT: |
618 | return fips_keymgmt; | |
619 | case OSSL_OP_SIGNATURE: | |
620 | return fips_signature; | |
9efa0ae0 MC |
621 | } |
622 | return NULL; | |
623 | } | |
624 | ||
625 | /* Functions we provide to the core */ | |
626 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
319e518a MC |
627 | /* |
628 | * To release our resources we just need to free the OPENSSL_CTX so we just | |
629 | * use OPENSSL_CTX_free directly as our teardown function | |
630 | */ | |
631 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, | |
dca97d00 | 632 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
633 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
634 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
635 | { 0, NULL } | |
636 | }; | |
637 | ||
319e518a MC |
638 | /* Functions we provide to ourself */ |
639 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
640 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
641 | { 0, NULL } | |
642 | }; | |
643 | ||
644 | ||
9efa0ae0 MC |
645 | int OSSL_provider_init(const OSSL_PROVIDER *provider, |
646 | const OSSL_DISPATCH *in, | |
a39eb840 RL |
647 | const OSSL_DISPATCH **out, |
648 | void **provctx) | |
9efa0ae0 | 649 | { |
da747958 | 650 | FIPS_GLOBAL *fgbl; |
03361afb | 651 | OPENSSL_CTX *ctx; |
319e518a | 652 | |
9efa0ae0 MC |
653 | for (; in->function_id != 0; in++) { |
654 | switch (in->function_id) { | |
dca97d00 RL |
655 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
656 | c_gettable_params = OSSL_get_core_gettable_params(in); | |
9efa0ae0 MC |
657 | break; |
658 | case OSSL_FUNC_CORE_GET_PARAMS: | |
659 | c_get_params = OSSL_get_core_get_params(in); | |
660 | break; | |
da747958 MC |
661 | case OSSL_FUNC_CORE_THREAD_START: |
662 | c_thread_start = OSSL_get_core_thread_start(in); | |
663 | break; | |
036913b1 RL |
664 | case OSSL_FUNC_CORE_NEW_ERROR: |
665 | c_new_error = OSSL_get_core_new_error(in); | |
3593266d | 666 | break; |
036913b1 RL |
667 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
668 | c_set_error_debug = OSSL_get_core_set_error_debug(in); | |
669 | break; | |
670 | case OSSL_FUNC_CORE_VSET_ERROR: | |
671 | c_vset_error = OSSL_get_core_vset_error(in); | |
3593266d | 672 | break; |
b60cba3c RS |
673 | case OSSL_FUNC_CRYPTO_MALLOC: |
674 | c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); | |
675 | break; | |
676 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
677 | c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); | |
678 | break; | |
b60cba3c RS |
679 | case OSSL_FUNC_CRYPTO_FREE: |
680 | c_CRYPTO_free = OSSL_get_CRYPTO_free(in); | |
681 | break; | |
682 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
683 | c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in); | |
684 | break; | |
685 | case OSSL_FUNC_CRYPTO_REALLOC: | |
686 | c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in); | |
687 | break; | |
688 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
689 | c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in); | |
690 | break; | |
691 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
692 | c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in); | |
693 | break; | |
694 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
695 | c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in); | |
696 | break; | |
697 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
698 | c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in); | |
699 | break; | |
700 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
701 | c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in); | |
702 | break; | |
703 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
704 | c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); | |
705 | break; | |
25e60144 SL |
706 | case OSSL_FUNC_BIO_NEW_FILE: |
707 | selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in); | |
708 | break; | |
709 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
710 | selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in); | |
711 | break; | |
7bb82f92 SL |
712 | case OSSL_FUNC_BIO_READ_EX: |
713 | selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in); | |
25e60144 SL |
714 | break; |
715 | case OSSL_FUNC_BIO_FREE: | |
716 | selftest_params.bio_free_cb = OSSL_get_BIO_free(in); | |
717 | break; | |
9efa0ae0 | 718 | default: |
b60cba3c | 719 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
720 | break; |
721 | } | |
722 | } | |
723 | ||
25e60144 SL |
724 | if (!c_get_params(provider, core_params)) |
725 | return 0; | |
726 | ||
b60cba3c RS |
727 | /* Create a context. */ |
728 | if ((ctx = OPENSSL_CTX_new()) == NULL) | |
319e518a | 729 | return 0; |
b60cba3c RS |
730 | if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, |
731 | &fips_prov_ossl_ctx_method)) == NULL) { | |
732 | OPENSSL_CTX_free(ctx); | |
733 | return 0; | |
734 | } | |
7bb82f92 | 735 | |
03361afb | 736 | fgbl->prov = provider; |
7bb82f92 SL |
737 | |
738 | selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx); | |
14a684bf | 739 | if (!SELF_TEST_post(&selftest_params, 0)) { |
7bb82f92 SL |
740 | OPENSSL_CTX_free(ctx); |
741 | return 0; | |
742 | } | |
743 | ||
319e518a MC |
744 | /* |
745 | * TODO(3.0): Remove me. This is just a dummy call to demonstrate making | |
746 | * EVP calls from within the FIPS module. | |
747 | */ | |
e683582b SL |
748 | if (!dummy_evp_call(ctx)) { |
749 | OPENSSL_CTX_free(ctx); | |
319e518a MC |
750 | return 0; |
751 | } | |
752 | ||
e683582b SL |
753 | *out = fips_dispatch_table; |
754 | *provctx = ctx; | |
755 | ||
9efa0ae0 MC |
756 | return 1; |
757 | } | |
3593266d | 758 | |
319e518a MC |
759 | /* |
760 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 761 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
762 | * been made from within the FIPS module itself. To make this work, we populate |
763 | * the provider context of this inner instance with the same library context | |
764 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 765 | */ |
3593266d MC |
766 | OSSL_provider_init_fn fips_intern_provider_init; |
767 | int fips_intern_provider_init(const OSSL_PROVIDER *provider, | |
768 | const OSSL_DISPATCH *in, | |
319e518a MC |
769 | const OSSL_DISPATCH **out, |
770 | void **provctx) | |
3593266d | 771 | { |
bb751e11 RL |
772 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; |
773 | ||
774 | for (; in->function_id != 0; in++) { | |
775 | switch (in->function_id) { | |
776 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
777 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
778 | break; | |
779 | default: | |
780 | break; | |
781 | } | |
782 | } | |
783 | ||
784 | if (c_get_libctx == NULL) | |
785 | return 0; | |
786 | ||
787 | *provctx = c_get_libctx(provider); | |
788 | ||
789 | /* | |
790 | * Safety measure... we should get the library context that was | |
791 | * created up in OSSL_provider_init(). | |
792 | */ | |
793 | if (*provctx == NULL) | |
794 | return 0; | |
795 | ||
319e518a | 796 | *out = intern_dispatch_table; |
3593266d MC |
797 | return 1; |
798 | } | |
799 | ||
036913b1 | 800 | void ERR_new(void) |
3593266d | 801 | { |
036913b1 RL |
802 | c_new_error(NULL); |
803 | } | |
804 | ||
805 | void ERR_set_debug(const char *file, int line, const char *func) | |
806 | { | |
807 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
808 | } |
809 | ||
036913b1 | 810 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
811 | { |
812 | va_list args; | |
8908d18c | 813 | |
036913b1 RL |
814 | va_start(args, fmt); |
815 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
816 | va_end(args); |
817 | } | |
818 | ||
036913b1 | 819 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 820 | { |
036913b1 | 821 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 822 | } |
da747958 MC |
823 | |
824 | const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) | |
825 | { | |
826 | FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, | |
827 | &fips_prov_ossl_ctx_method); | |
828 | ||
829 | if (fgbl == NULL) | |
830 | return NULL; | |
831 | ||
832 | return fgbl->prov; | |
833 | } | |
b60cba3c RS |
834 | |
835 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
836 | { | |
837 | return c_CRYPTO_malloc(num, file, line); | |
838 | } | |
839 | ||
840 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
841 | { | |
842 | return c_CRYPTO_zalloc(num, file, line); | |
843 | } | |
844 | ||
b60cba3c RS |
845 | void CRYPTO_free(void *ptr, const char *file, int line) |
846 | { | |
847 | c_CRYPTO_free(ptr, file, line); | |
848 | } | |
849 | ||
850 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
851 | { | |
852 | c_CRYPTO_clear_free(ptr, num, file, line); | |
853 | } | |
854 | ||
855 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
856 | { | |
857 | return c_CRYPTO_realloc(addr, num, file, line); | |
858 | } | |
859 | ||
860 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
861 | const char *file, int line) | |
862 | { | |
863 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
864 | } | |
865 | ||
866 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
867 | { | |
868 | return c_CRYPTO_secure_malloc(num, file, line); | |
869 | } | |
870 | ||
871 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
872 | { | |
873 | return c_CRYPTO_secure_zalloc(num, file, line); | |
874 | } | |
875 | ||
876 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
877 | { | |
878 | c_CRYPTO_secure_free(ptr, file, line); | |
879 | } | |
880 | ||
881 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
882 | { | |
883 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
884 | } | |
885 | ||
b60cba3c RS |
886 | int CRYPTO_secure_allocated(const void *ptr) |
887 | { | |
888 | return c_CRYPTO_secure_allocated(ptr); | |
889 | } |