[thirdparty/openssl.git] / providers / fips / self_test.c

/*
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/evp.h>
#include <openssl/params.h>
#include <openssl/crypto.h>
#include <openssl/fipskey.h>
#include <openssl/err.h>
#include "e_os.h"
#include "prov/providercommonerr.h"
#include "prov/providercommon.h"

/*
 * We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
 * module because all such initialisation should be associated with an
 * individual OPENSSL_CTX. That doesn't work with the self test though because
 * it should be run once regardless of the number of OPENSSL_CTXs we have.
 */
#define ALLOW_RUN_ONCE_IN_FIPS
#include <internal/thread_once.h>
#include "self_test.h"

#define FIPS_STATE_INIT     0
#define FIPS_STATE_SELFTEST 1
#define FIPS_STATE_RUNNING  2
#define FIPS_STATE_ERROR    3

/*
 * The number of times the module will report it is in the error state
 * before going quiet.
 */
#define FIPS_ERROR_REPORTING_RATE_LIMIT     10

/* The size of a temp buffer used to read in data */
#define INTEGRITY_BUF_SIZE (4096)
#define MAX_MD_SIZE 64
#define MAC_NAME    "HMAC"
#define DIGEST_NAME "SHA256"

static int FIPS_conditional_error_check = 1;
static int FIPS_state = FIPS_STATE_INIT;
static CRYPTO_RWLOCK *self_test_lock = NULL;
static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS };

static CRYPTO_ONCE fips_self_test_init = CRYPTO_ONCE_STATIC_INIT;
DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init)
{
    /*
     * This lock gets freed in platform specific ways that may occur after we
     * do mem leak checking. If we don't know how to free it for a particular
     * platform then we just leak it deliberately. So we temporarily disable the
     * mem leak checking while we allocate this.
     */
    self_test_lock = CRYPTO_THREAD_lock_new();
    return self_test_lock != NULL;
}

#define DEP_DECLARE()                                                          \
void init(void);                                                               \
void cleanup(void);

/*
 * This is the Default Entry Point (DEP) code. Every platform must have a DEP.
 * See FIPS 140-2 IG 9.10
 *
 * If we're run on a platform where we don't know how to define the DEP then
 * the self-tests will never get triggered (FIPS_state never moves to
 * FIPS_STATE_SELFTEST). This will be detected as an error when SELF_TEST_post()
 * is called from OSSL_provider_init(), and so the fips module will be unusable
 * on those platforms.
 */
#if defined(_WIN32) || defined(__CYGWIN__)
# ifdef __CYGWIN__
/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
#  include <windows.h>
/*
 * this has side-effect of _WIN32 getting defined, which otherwise is
 * mutually exclusive with __CYGWIN__...
 */
# endif

DEP_DECLARE()
# define DEP_INIT_ATTRIBUTE
# define DEP_FINI_ATTRIBUTE
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
    switch (fdwReason) {
    case DLL_PROCESS_ATTACH:
        init();
        break;
    case DLL_PROCESS_DETACH:
        cleanup();
        break;
    default:
        break;
    }
    return TRUE;
}
#elif defined(__sun) || defined(_AIX)

DEP_DECLARE() /* must be declared before pragma */
# define DEP_INIT_ATTRIBUTE
# define DEP_FINI_ATTRIBUTE
# pragma init(init)
# pragma fini(cleanup)

#elif defined(__hpux)

DEP_DECLARE()
# define DEP_INIT_ATTRIBUTE
# define DEP_FINI_ATTRIBUTE
# pragma init "init"
# pragma fini "cleanup"

#elif defined(__GNUC__)
# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))

#elif defined(__TANDEM)
DEP_DECLARE() /* must be declared before calling init() or cleanup() */
# define DEP_INIT_ATTRIBUTE
# define DEP_FINI_ATTRIBUTE

/* Method automatically called by the NonStop OS when the DLL loads */
void __INIT__init(void) {
    init();
}

/* Method automatically called by the NonStop OS prior to unloading the DLL */
void __TERM__cleanup(void) {
    cleanup();
}

#endif

#if defined(DEP_INIT_ATTRIBUTE) && defined(DEP_FINI_ATTRIBUTE)
DEP_INIT_ATTRIBUTE void init(void)
{
    FIPS_state = FIPS_STATE_SELFTEST;
}

DEP_FINI_ATTRIBUTE void cleanup(void)
{
    CRYPTO_THREAD_lock_free(self_test_lock);
}
#endif

/*
 * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
 * the result matches the expected value.
 * Return 1 if verified, or 0 if it fails.
 */
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
                            unsigned char *expected, size_t expected_len,
                            OPENSSL_CTX *libctx, OSSL_SELF_TEST *ev,
                            const char *event_type)
{
    int ret = 0, status;
    unsigned char out[MAX_MD_SIZE];
    unsigned char buf[INTEGRITY_BUF_SIZE];
    size_t bytes_read = 0, out_len = 0;
    EVP_MAC *mac = NULL;
    EVP_MAC_CTX *ctx = NULL;
    OSSL_PARAM params[3], *p = params;

    OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);

    mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
    if (mac == NULL)
        goto err;
    ctx = EVP_MAC_CTX_new(mac);
    if (ctx == NULL)
        goto err;

    *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME,
                                            strlen(DIGEST_NAME) + 1);
    *p++ = OSSL_PARAM_construct_octet_string("key", fixed_key,
                                             sizeof(fixed_key));
    *p = OSSL_PARAM_construct_end();

    if (EVP_MAC_CTX_set_params(ctx, params) <= 0
        || !EVP_MAC_init(ctx))
        goto err;

    while (1) {
        status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
        if (status != 1)
            break;
        if (!EVP_MAC_update(ctx, buf, bytes_read))
            goto err;
    }
    if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
        goto err;

    OSSL_SELF_TEST_oncorrupt_byte(ev, out);
    if (expected_len != out_len
            || memcmp(expected, out, out_len) != 0)
        goto err;
    ret = 1;
err:
    OSSL_SELF_TEST_onend(ev, ret);
    EVP_MAC_CTX_free(ctx);
    EVP_MAC_free(mac);
    return ret;
}

/* This API is triggered either on loading of the FIPS module or on demand */
int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
{
    int ok = 0;
    int kats_already_passed = 0;
    long checksum_len;
    OSSL_CORE_BIO *bio_module = NULL, *bio_indicator = NULL;
    unsigned char *module_checksum = NULL;
    unsigned char *indicator_checksum = NULL;
    int loclstate;
    OSSL_SELF_TEST *ev = NULL;

    if (!RUN_ONCE(&fips_self_test_init, do_fips_self_test_init))
        return 0;

    CRYPTO_THREAD_read_lock(self_test_lock);
    loclstate = FIPS_state;
    CRYPTO_THREAD_unlock(self_test_lock);

    if (loclstate == FIPS_STATE_RUNNING) {
        if (!on_demand_test)
            return 1;
    } else if (loclstate != FIPS_STATE_SELFTEST) {
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE);
        return 0;
    }

    CRYPTO_THREAD_write_lock(self_test_lock);
    if (FIPS_state == FIPS_STATE_RUNNING) {
        if (!on_demand_test) {
            CRYPTO_THREAD_unlock(self_test_lock);
            return 1;
        }
        FIPS_state = FIPS_STATE_SELFTEST;
    } else if (FIPS_state != FIPS_STATE_SELFTEST) {
        CRYPTO_THREAD_unlock(self_test_lock);
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE);
        return 0;
    }
    if (st == NULL
            || st->module_checksum_data == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
        goto end;
    }

    ev = OSSL_SELF_TEST_new(st->cb, st->cb_arg);
    if (ev == NULL)
        goto end;

    module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
                                         &checksum_len);
    if (module_checksum == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
        goto end;
    }
    bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");

    /* Always check the integrity of the fips module */
    if (bio_module == NULL
            || !verify_integrity(bio_module, st->bio_read_ex_cb,
                                 module_checksum, checksum_len, st->libctx,
                                 ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
        goto end;
    }

    /* This will be NULL during installation - so the self test KATS will run */
    if (st->indicator_data != NULL) {
        /*
         * If the kats have already passed indicator is set - then check the
         * integrity of the indicator.
         */
        if (st->indicator_checksum_data == NULL) {
            ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
            goto end;
        }
        indicator_checksum = OPENSSL_hexstr2buf(st->indicator_checksum_data,
                                                &checksum_len);
        if (indicator_checksum == NULL) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
            goto end;
        }

        bio_indicator =
            (*st->bio_new_buffer_cb)(st->indicator_data,
                                     strlen(st->indicator_data));
        if (bio_indicator == NULL
                || !verify_integrity(bio_indicator, st->bio_read_ex_cb,
                                     indicator_checksum, checksum_len,
                                     st->libctx, ev,
                                     OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_INDICATOR_INTEGRITY_FAILURE);
            goto end;
        } else {
            kats_already_passed = 1;
        }
    }

    /* Only runs the KAT's during installation OR on_demand() */
    if (on_demand_test || kats_already_passed == 0) {
        if (!SELF_TEST_kats(ev, st->libctx)) {
            ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
            goto end;
        }
    }
    ok = 1;
end:
    OSSL_SELF_TEST_free(ev);
    OPENSSL_free(module_checksum);
    OPENSSL_free(indicator_checksum);

    if (st != NULL) {
        (*st->bio_free_cb)(bio_indicator);
        (*st->bio_free_cb)(bio_module);
    }
    if (ok)
        FIPS_state = FIPS_STATE_RUNNING;
    else
        ossl_set_error_state(OSSL_SELF_TEST_TYPE_NONE);
    CRYPTO_THREAD_unlock(self_test_lock);

    return ok;
}

void SELF_TEST_disable_conditional_error_state(void)
{
    FIPS_conditional_error_check = 0;
}

void ossl_set_error_state(const char *type)
{
    int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0);

    if (!cond_test || (FIPS_conditional_error_check == 1)) {
        FIPS_state = FIPS_STATE_ERROR;
        ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
    } else {
        ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR);
    }
}

int ossl_prov_is_running(void)
{
    const int res = FIPS_state == FIPS_STATE_RUNNING
                    || FIPS_state == FIPS_STATE_SELFTEST;
    static unsigned int rate_limit = 0;

    if (res) {
        rate_limit = 0;
    } else if (FIPS_state == FIPS_STATE_ERROR) {
        if (rate_limit++ < FIPS_ERROR_REPORTING_RATE_LIMIT)
            ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IN_ERROR_STATE);
    }
    return res;
}
Commit	Line	Data
7bb82f92	1	/*
33388b44	2	* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
7bb82f92	3	*
a6ed19dc	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
7bb82f92 SL	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11	#include <openssl/evp.h>
	12	#include <openssl/params.h>
14a684bf	13	#include <openssl/crypto.h>
31214258	14	#include <openssl/fipskey.h>
9f7bdcf3	15	#include <openssl/err.h>
14a684bf	16	#include "e_os.h"
9f7bdcf3	17	#include "prov/providercommonerr.h"
6cf37302 P	18	#include "prov/providercommon.h"
6cf37302 P	19
14a684bf MC	20	/*
	21	* We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
	22	* module because all such initialisation should be associated with an
	23	* individual OPENSSL_CTX. That doesn't work with the self test though because
	24	* it should be run once regardless of the number of OPENSSL_CTXs we have.
	25	*/
	26	#define ALLOW_RUN_ONCE_IN_FIPS
	27	#include <internal/thread_once.h>
36fc5fc6	28	#include "self_test.h"
7bb82f92 SL	29
7bb82f92 SL	30	#define FIPS_STATE_INIT 0
14a684bf MC	31	#define FIPS_STATE_SELFTEST 1
14a684bf MC	32	#define FIPS_STATE_RUNNING 2
7bb82f92 SL	33	#define FIPS_STATE_ERROR 3
7bb82f92 SL	34
5736923f P	35	/*
	36	* The number of times the module will report it is in the error state
	37	* before going quiet.
	38	*/
	39	#define FIPS_ERROR_REPORTING_RATE_LIMIT 10
	40
7bb82f92 SL	41	/* The size of a temp buffer used to read in data */
	42	#define INTEGRITY_BUF_SIZE (4096)
	43	#define MAX_MD_SIZE 64
	44	#define MAC_NAME "HMAC"
	45	#define DIGEST_NAME "SHA256"
	46
35e6ea3b	47	static int FIPS_conditional_error_check = 1;
7bb82f92	48	static int FIPS_state = FIPS_STATE_INIT;
14a684bf	49	static CRYPTO_RWLOCK *self_test_lock = NULL;
31214258	50	static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS };
7bb82f92	51
14a684bf MC	52	static CRYPTO_ONCE fips_self_test_init = CRYPTO_ONCE_STATIC_INIT;
	53	DEFINE_RUN_ONCE_STATIC(do_fips_self_test_init)
	54	{
cc38e643 MC	55	/*
	56	* This lock gets freed in platform specific ways that may occur after we
	57	* do mem leak checking. If we don't know how to free it for a particular
	58	* platform then we just leak it deliberately. So we temporarily disable the
	59	* mem leak checking while we allocate this.
	60	*/
14a684bf	61	self_test_lock = CRYPTO_THREAD_lock_new();
14a684bf MC	62	return self_test_lock != NULL;
	63	}
	64
390b18a7 SL	65	#define DEP_DECLARE() \
	66	void init(void); \
	67	void cleanup(void);
	68
14a684bf MC	69	/*
	70	* This is the Default Entry Point (DEP) code. Every platform must have a DEP.
	71	* See FIPS 140-2 IG 9.10
	72	*
	73	* If we're run on a platform where we don't know how to define the DEP then
	74	* the self-tests will never get triggered (FIPS_state never moves to
	75	* FIPS_STATE_SELFTEST). This will be detected as an error when SELF_TEST_post()
	76	* is called from OSSL_provider_init(), and so the fips module will be unusable
	77	* on those platforms.
	78	*/
	79	#if defined(_WIN32) \|\| defined(__CYGWIN__)
	80	# ifdef __CYGWIN__
	81	/* pick DLL_[PROCESS\|THREAD]_[ATTACH\|DETACH] definitions */
	82	# include <windows.h>
	83	/*
	84	* this has side-effect of _WIN32 getting defined, which otherwise is
	85	* mutually exclusive with __CYGWIN__...
	86	*/
	87	# endif
	88
390b18a7 SL	89	DEP_DECLARE()
	90	# define DEP_INIT_ATTRIBUTE
	91	# define DEP_FINI_ATTRIBUTE
14a684bf MC	92	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved);
	93	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
	94	{
	95	switch (fdwReason) {
	96	case DLL_PROCESS_ATTACH:
390b18a7	97	init();
14a684bf MC	98	break;
14a684bf MC	99	case DLL_PROCESS_DETACH:
390b18a7	100	cleanup();
14a684bf MC	101	break;
	102	default:
	103	break;
	104	}
	105	return TRUE;
	106	}
9a7319b0	107	#elif defined(__sun) \|\| defined(_AIX)
390b18a7 SL	108
	109	DEP_DECLARE() /* must be declared before pragma */
	110	# define DEP_INIT_ATTRIBUTE
	111	# define DEP_FINI_ATTRIBUTE
	112	# pragma init(init)
	113	# pragma fini(cleanup)
	114
	115	#elif defined(__hpux)
	116
	117	DEP_DECLARE()
	118	# define DEP_INIT_ATTRIBUTE
	119	# define DEP_FINI_ATTRIBUTE
	120	# pragma init "init"
	121	# pragma fini "cleanup"
	122
14a684bf	123	#elif defined(__GNUC__)
390b18a7 SL	124	# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
390b18a7 SL	125	# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
6b1428ac RB	126
	127	#elif defined(__TANDEM)
	128	DEP_DECLARE() /* must be declared before calling init() or cleanup() */
	129	# define DEP_INIT_ATTRIBUTE
	130	# define DEP_FINI_ATTRIBUTE
	131
	132	/* Method automatically called by the NonStop OS when the DLL loads */
	133	void __INIT__init(void) {
	134	init();
	135	}
	136
	137	/* Method automatically called by the NonStop OS prior to unloading the DLL */
	138	void __TERM__cleanup(void) {
	139	cleanup();
	140	}
	141
390b18a7	142	#endif
14a684bf	143
390b18a7 SL	144	#if defined(DEP_INIT_ATTRIBUTE) && defined(DEP_FINI_ATTRIBUTE)
390b18a7 SL	145	DEP_INIT_ATTRIBUTE void init(void)
14a684bf MC	146	{
	147	FIPS_state = FIPS_STATE_SELFTEST;
	148	}
	149
390b18a7	150	DEP_FINI_ATTRIBUTE void cleanup(void)
14a684bf MC	151	{
	152	CRYPTO_THREAD_lock_free(self_test_lock);
	153	}
14a684bf MC	154	#endif
14a684bf MC	155
7bb82f92 SL	156	/*
	157	* Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
	158	* the result matches the expected value.
	159	* Return 1 if verified, or 0 if it fails.
	160	*/
363b1e5d	161	static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
7bb82f92	162	unsigned char *expected, size_t expected_len,
47c239c6	163	OPENSSL_CTX libctx, OSSL_SELF_TEST ev,
36fc5fc6	164	const char *event_type)
7bb82f92 SL	165	{
	166	int ret = 0, status;
	167	unsigned char out[MAX_MD_SIZE];
	168	unsigned char buf[INTEGRITY_BUF_SIZE];
	169	size_t bytes_read = 0, out_len = 0;
	170	EVP_MAC *mac = NULL;
	171	EVP_MAC_CTX *ctx = NULL;
	172	OSSL_PARAM params[3], *p = params;
	173
47c239c6	174	OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
36fc5fc6	175
7bb82f92	176	mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
78ef5717 SL	177	if (mac == NULL)
78ef5717 SL	178	goto err;
865adf97	179	ctx = EVP_MAC_CTX_new(mac);
78ef5717	180	if (ctx == NULL)
7bb82f92 SL	181	goto err;
	182
	183	*p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME,
	184	strlen(DIGEST_NAME) + 1);
	185	*p++ = OSSL_PARAM_construct_octet_string("key", fixed_key,
	186	sizeof(fixed_key));
	187	*p = OSSL_PARAM_construct_end();
	188
865adf97	189	if (EVP_MAC_CTX_set_params(ctx, params) <= 0
7bb82f92 SL	190	\|\| !EVP_MAC_init(ctx))
	191	goto err;
	192
	193	while (1) {
	194	status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
	195	if (status != 1)
	196	break;
	197	if (!EVP_MAC_update(ctx, buf, bytes_read))
	198	goto err;
	199	}
	200	if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
	201	goto err;
	202
47c239c6	203	OSSL_SELF_TEST_oncorrupt_byte(ev, out);
7bb82f92 SL	204	if (expected_len != out_len
	205	\|\| memcmp(expected, out, out_len) != 0)
	206	goto err;
	207	ret = 1;
	208	err:
47c239c6	209	OSSL_SELF_TEST_onend(ev, ret);
865adf97	210	EVP_MAC_CTX_free(ctx);
7bb82f92 SL	211	EVP_MAC_free(mac);
	212	return ret;
	213	}
	214
	215	/* This API is triggered either on loading of the FIPS module or on demand */
14a684bf	216	int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
7bb82f92 SL	217	{
	218	int ok = 0;
	219	int kats_already_passed = 0;
7bb82f92	220	long checksum_len;
d40b42ab	221	OSSL_CORE_BIO bio_module = NULL, bio_indicator = NULL;
7bb82f92 SL	222	unsigned char *module_checksum = NULL;
7bb82f92 SL	223	unsigned char *indicator_checksum = NULL;
14a684bf	224	int loclstate;
47c239c6	225	OSSL_SELF_TEST *ev = NULL;
14a684bf MC	226
	227	if (!RUN_ONCE(&fips_self_test_init, do_fips_self_test_init))
	228	return 0;
	229
	230	CRYPTO_THREAD_read_lock(self_test_lock);
	231	loclstate = FIPS_state;
	232	CRYPTO_THREAD_unlock(self_test_lock);
7bb82f92	233
14a684bf MC	234	if (loclstate == FIPS_STATE_RUNNING) {
	235	if (!on_demand_test)
	236	return 1;
	237	} else if (loclstate != FIPS_STATE_SELFTEST) {
9f7bdcf3	238	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE);
14a684bf MC	239	return 0;
	240	}
	241
	242	CRYPTO_THREAD_write_lock(self_test_lock);
	243	if (FIPS_state == FIPS_STATE_RUNNING) {
	244	if (!on_demand_test) {
	245	CRYPTO_THREAD_unlock(self_test_lock);
	246	return 1;
	247	}
	248	FIPS_state = FIPS_STATE_SELFTEST;
	249	} else if (FIPS_state != FIPS_STATE_SELFTEST) {
	250	CRYPTO_THREAD_unlock(self_test_lock);
9f7bdcf3	251	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_STATE);
14a684bf MC	252	return 0;
14a684bf MC	253	}
7bb82f92	254	if (st == NULL
9f7bdcf3 SL	255	\|\| st->module_checksum_data == NULL) {
9f7bdcf3 SL	256	ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
7bb82f92	257	goto end;
9f7bdcf3	258	}
7bb82f92	259
47c239c6 SL	260	ev = OSSL_SELF_TEST_new(st->cb, st->cb_arg);
	261	if (ev == NULL)
	262	goto end;
36fc5fc6	263
7bb82f92 SL	264	module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
7bb82f92 SL	265	&checksum_len);
9f7bdcf3 SL	266	if (module_checksum == NULL) {
9f7bdcf3 SL	267	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
7bb82f92	268	goto end;
9f7bdcf3	269	}
7bb82f92 SL	270	bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
	271
	272	/* Always check the integrity of the fips module */
	273	if (bio_module == NULL
	274	\|\| !verify_integrity(bio_module, st->bio_read_ex_cb,
36fc5fc6	275	module_checksum, checksum_len, st->libctx,
9f7bdcf3 SL	276	ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
9f7bdcf3 SL	277	ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
7bb82f92	278	goto end;
9f7bdcf3	279	}
7bb82f92 SL	280
	281	/* This will be NULL during installation - so the self test KATS will run */
	282	if (st->indicator_data != NULL) {
	283	/*
	284	* If the kats have already passed indicator is set - then check the
	285	* integrity of the indicator.
	286	*/
9f7bdcf3 SL	287	if (st->indicator_checksum_data == NULL) {
9f7bdcf3 SL	288	ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
7bb82f92	289	goto end;
9f7bdcf3	290	}
7bb82f92 SL	291	indicator_checksum = OPENSSL_hexstr2buf(st->indicator_checksum_data,
7bb82f92 SL	292	&checksum_len);
9f7bdcf3 SL	293	if (indicator_checksum == NULL) {
9f7bdcf3 SL	294	ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
7bb82f92	295	goto end;
9f7bdcf3	296	}
7bb82f92 SL	297
	298	bio_indicator =
	299	(*st->bio_new_buffer_cb)(st->indicator_data,
	300	strlen(st->indicator_data));
	301	if (bio_indicator == NULL
	302	\|\| !verify_integrity(bio_indicator, st->bio_read_ex_cb,
	303	indicator_checksum, checksum_len,
47c239c6	304	st->libctx, ev,
9f7bdcf3 SL	305	OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY)) {
9f7bdcf3 SL	306	ERR_raise(ERR_LIB_PROV, PROV_R_INDICATOR_INTEGRITY_FAILURE);
7bb82f92	307	goto end;
9f7bdcf3	308	} else {
7bb82f92	309	kats_already_passed = 1;
9f7bdcf3	310	}
7bb82f92 SL	311	}
	312
	313	/* Only runs the KAT's during installation OR on_demand() */
	314	if (on_demand_test \|\| kats_already_passed == 0) {
9f7bdcf3 SL	315	if (!SELF_TEST_kats(ev, st->libctx)) {
9f7bdcf3 SL	316	ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
36fc5fc6	317	goto end;
9f7bdcf3	318	}
7bb82f92 SL	319	}
	320	ok = 1;
	321	end:
47c239c6	322	OSSL_SELF_TEST_free(ev);
7bb82f92 SL	323	OPENSSL_free(module_checksum);
	324	OPENSSL_free(indicator_checksum);
	325
12fca1af SL	326	if (st != NULL) {
	327	(*st->bio_free_cb)(bio_indicator);
	328	(*st->bio_free_cb)(bio_module);
	329	}
5736923f P	330	if (ok)
	331	FIPS_state = FIPS_STATE_RUNNING;
	332	else
35e6ea3b	333	ossl_set_error_state(OSSL_SELF_TEST_TYPE_NONE);
14a684bf	334	CRYPTO_THREAD_unlock(self_test_lock);
7bb82f92 SL	335
	336	return ok;
	337	}
04cb5ec0	338
35e6ea3b	339	void SELF_TEST_disable_conditional_error_state(void)
5736923f	340	{
35e6ea3b SL	341	FIPS_conditional_error_check = 0;
	342	}
	343
	344	void ossl_set_error_state(const char *type)
	345	{
	346	int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0);
	347
	348	if (!cond_test \|\| (FIPS_conditional_error_check == 1)) {
	349	FIPS_state = FIPS_STATE_ERROR;
	350	ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
	351	} else {
	352	ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR);
	353	}
5736923f	354	}
04cb5ec0	355
6cf37302	356	int ossl_prov_is_running(void)
04cb5ec0	357	{
5736923f P	358	const int res = FIPS_state == FIPS_STATE_RUNNING
	359	\|\| FIPS_state == FIPS_STATE_SELFTEST;
	360	static unsigned int rate_limit = 0;
	361
	362	if (res) {
	363	rate_limit = 0;
	364	} else if (FIPS_state == FIPS_STATE_ERROR) {
	365	if (rate_limit++ < FIPS_ERROR_REPORTING_RATE_LIMIT)
	366	ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IN_ERROR_STATE);
	367	}
	368	return res;
04cb5ec0	369	}