]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/fipsprov.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix users of KDFs to use params not ctls
[thirdparty/openssl.git] / providers / fips / fipsprov.c
CommitLineData
9efa0ae0
MC		 1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <stdio.h>
12#include <openssl/core.h>
13#include <openssl/core_numbers.h>
14#include <openssl/core_names.h>
15#include <openssl/params.h>
3593266d 16#include <openssl/err.h>
319e518a 17#include <openssl/evp.h>
45c54042 18
319e518a
MC		 19/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
20#include <openssl/sha.h>
45c54042 21#include <openssl/rand_drbg.h>
04ca0027 22#include <openssl/ec.h>
25e60144 23#include <openssl/fips_names.h>
45c54042 24
3593266d 25#include "internal/cryptlib.h"
319e518a
MC		 26#include "internal/property.h"
27#include "internal/evp_int.h"
66ad63e8 28#include "internal/provider_algs.h"
bb751e11 29#include "internal/provider_ctx.h"
da747958 30#include "internal/providercommon.h"
25e60144 31#include "selftest.h"
9efa0ae0 32
b60cba3c
RS		 33extern OSSL_core_thread_start_fn *c_thread_start;
34
da747958
MC		 35/*
36 * TODO(3.0): Should these be stored in the provider side provctx? Could they
37 * ever be different from one init to the next? Unfortunately we can't do this
b60cba3c
RS		 38 * at the moment because c_put_error/c_add_error_vdata do not provide
39 * us with the OPENSSL_CTX as a parameter.
da747958 40 */
25e60144
SL		 41
42static SELF_TEST_POST_PARAMS selftest_params;
43
9efa0ae0 44/* Functions provided by the core */
dca97d00 45static OSSL_core_gettable_params_fn *c_gettable_params;
b60cba3c
RS		 46static OSSL_core_get_params_fn *c_get_params;
47OSSL_core_thread_start_fn *c_thread_start;
036913b1
RL		 48static OSSL_core_new_error_fn *c_new_error;
49static OSSL_core_set_error_debug_fn *c_set_error_debug;
50static OSSL_core_vset_error_fn *c_vset_error;
b60cba3c
RS		 51static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
52static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
b60cba3c
RS		 53static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
54static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
55static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
56static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
57static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
58static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
59static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
60static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
61static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
9efa0ae0 62
da747958
MC		 63typedef struct fips_global_st {
64 const OSSL_PROVIDER *prov;
65} FIPS_GLOBAL;
66
67static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
68{
69 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
70
71 return fgbl;
72}
73
74static void fips_prov_ossl_ctx_free(void *fgbl)
75{
76 OPENSSL_free(fgbl);
77}
78
79static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
80 fips_prov_ossl_ctx_new,
81 fips_prov_ossl_ctx_free,
82};
83
84
9efa0ae0 85/* Parameters we provide to the core */
26175013
RL		 86static const OSSL_PARAM fips_param_types[] = {
87 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
88 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
90 OSSL_PARAM_END
9efa0ae0
MC		 91};
92
25e60144
SL		 93/*
94 * Parameters to retrieve from the core provider - required for self testing.
95 * NOTE: inside core_get_params() these will be loaded from config items
96 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
97 */
98static OSSL_PARAM core_params[] =
99{
100 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
101 selftest_params.module_filename,
102 sizeof(selftest_params.module_filename)),
103 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
104 selftest_params.module_checksum_data,
105 sizeof(selftest_params.module_checksum_data)),
106 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
107 selftest_params.indicator_checksum_data,
108 sizeof(selftest_params.indicator_checksum_data)),
109 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
110 selftest_params.indicator_data,
111 sizeof(selftest_params.indicator_data)),
112 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
113 selftest_params.indicator_version,
114 sizeof(selftest_params.indicator_version)),
115 OSSL_PARAM_END
116};
117
319e518a 118/* TODO(3.0): To be removed */
bb751e11 119static int dummy_evp_call(void *provctx)
3593266d 120{
bb751e11 121 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
319e518a
MC		 122 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
123 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
124 char msg[] = "Hello World!";
125 const unsigned char exptd[] = {
126 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
127 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
128 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
129 };
130 unsigned int dgstlen = 0;
131 unsigned char dgst[SHA256_DIGEST_LENGTH];
132 int ret = 0;
444ab3ab
MC		 133 BN_CTX *bnctx = NULL;
134 BIGNUM *a = NULL, *b = NULL;
45c54042
MC		 135 unsigned char randbuf[128];
136 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
f92e0815 137#ifndef OPENSSL_NO_EC
04ca0027 138 EC_KEY *key = NULL;
f92e0815 139#endif
319e518a 140
45c54042 141 if (ctx == NULL || sha256 == NULL || drbg == NULL)
319e518a
MC		 142 goto err;
143
144 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
145 goto err;
146 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
147 goto err;
148 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
149 goto err;
150 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
151 goto err;
152
444ab3ab
MC		 153 bnctx = BN_CTX_new_ex(libctx);
154 if (bnctx == NULL)
155 goto err;
156 BN_CTX_start(bnctx);
157 a = BN_CTX_get(bnctx);
158 b = BN_CTX_get(bnctx);
159 if (b == NULL)
160 goto err;
161 BN_zero(a);
162 if (!BN_one(b)
163 || !BN_add(a, a, b)
164 || BN_cmp(a, b) != 0)
165 goto err;
4bd8b240 166
45c54042
MC		 167 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
168 goto err;
169
eba3ebd7
MC		 170 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
171 goto err;
172
f92e0815 173#ifndef OPENSSL_NO_EC
04ca0027
MC		 174 /* Do some dummy EC calls */
175 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
176 if (key == NULL)
177 goto err;
178
179 if (!EC_KEY_generate_key(key))
180 goto err;
f92e0815 181#endif
04ca0027 182
319e518a
MC		 183 ret = 1;
184 err:
444ab3ab
MC		 185 BN_CTX_end(bnctx);
186 BN_CTX_free(bnctx);
4bd8b240 187
319e518a 188 EVP_MD_CTX_free(ctx);
3fd70262 189 EVP_MD_free(sha256);
04ca0027 190
f92e0815 191#ifndef OPENSSL_NO_EC
04ca0027 192 EC_KEY_free(key);
f92e0815 193#endif
319e518a 194 return ret;
3593266d
MC		 195}
196
dca97d00 197static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
9efa0ae0
MC		 198{
199 return fips_param_types;
200}
201
4e7991b4 202static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
9efa0ae0 203{
4e7991b4 204 OSSL_PARAM *p;
9efa0ae0
MC		 205
206 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
207 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
208 return 0;
209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
211 return 0;
212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
213 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
214 return 0;
215
216 return 1;
217}
218
4cecf7a1
MC		 219/* FIPS specific version of the function of the same name in provlib.c */
220const char *ossl_prov_util_nid_to_name(int nid)
221{
222 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
223
224 switch (nid) {
225 /* Digests */
226 case NID_sha1:
227 return "SHA224";
228 case NID_sha224:
229 return "SHA224";
230 case NID_sha256:
231 return "SHA256";
232 case NID_sha384:
233 return "SHA384";
234 case NID_sha512:
235 return "SHA512";
236 case NID_sha512_224:
237 return "SHA512-224";
238 case NID_sha512_256:
239 return "SHA512-256";
240 case NID_sha3_224:
241 return "SHA3-224";
242 case NID_sha3_256:
243 return "SHA3-256";
244 case NID_sha3_384:
245 return "SHA3-384";
246 case NID_sha3_512:
247 return "SHA3-512";
248
249 /* Ciphers */
250 case NID_aes_256_ecb:
251 return "AES-256-ECB";
252 case NID_aes_192_ecb:
253 return "AES-192-ECB";
254 case NID_aes_128_ecb:
255 return "AES-128-ECB";
256 case NID_aes_256_cbc:
257 return "AES-256-CBC";
258 case NID_aes_192_cbc:
259 return "AES-192-CBC";
260 case NID_aes_128_cbc:
261 return "AES-128-CBC";
262 case NID_aes_256_ctr:
263 return "AES-256-CTR";
264 case NID_aes_192_ctr:
265 return "AES-192-CTR";
266 case NID_aes_128_ctr:
267 return "AES-128-CTR";
3bfe9005
SL		 268 /* TODO(3.0) Change these when we have aliases */
269 case NID_aes_256_gcm:
270 return "id-aes256-GCM";
271 case NID_aes_192_gcm:
272 return "id-aes192-GCM";
273 case NID_aes_128_gcm:
274 return "id-aes128-GCM";
275 case NID_aes_256_ccm:
276 return "id-aes256-CCM";
277 case NID_aes_192_ccm:
278 return "id-aes192-CCM";
279 case NID_aes_128_ccm:
280 return "id-aes128-CCM";
281 default:
282 break;
4cecf7a1
MC		 283 }
284
285 return NULL;
286}
287
9efa0ae0 288static const OSSL_ALGORITHM fips_digests[] = {
d5e5e2ff
SL		 289 { "SHA1", "fips=yes", sha1_functions },
290 { "SHA224", "fips=yes", sha224_functions },
9efa0ae0 291 { "SHA256", "fips=yes", sha256_functions },
d5e5e2ff
SL		 292 { "SHA384", "fips=yes", sha384_functions },
293 { "SHA512", "fips=yes", sha512_functions },
294 { "SHA512-224", "fips=yes", sha512_224_functions },
295 { "SHA512-256", "fips=yes", sha512_256_functions },
296 { "SHA3-224", "fips=yes", sha3_224_functions },
297 { "SHA3-256", "fips=yes", sha3_256_functions },
298 { "SHA3-384", "fips=yes", sha3_384_functions },
299 { "SHA3-512", "fips=yes", sha3_512_functions },
e23cda00 300 /*
bb31895d
RL		 301 * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for
302 * the KMAC128 and KMAC256.
e23cda00 303 */
bb31895d
RL		 304 { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions },
305 { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions },
d5e5e2ff 306
9efa0ae0
MC		 307 { NULL, NULL, NULL }
308};
309
66ad63e8
MC		 310static const OSSL_ALGORITHM fips_ciphers[] = {
311 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
312 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
313 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
314 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
315 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
316 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
317 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
318 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
319 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
3bfe9005 320 /* TODO(3.0) Add aliases for these ciphers */
a672a02a
SL		 321 { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
322 { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
323 { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
3bfe9005
SL		 324 { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
325 { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
326 { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
cb1548bc 327#ifndef OPENSSL_NO_DES
4a42e264
SL		 328 { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
329 { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
cb1548bc 330#endif /* OPENSSL_NO_DES */
66ad63e8
MC		 331 { NULL, NULL, NULL }
332};
333
2e5db6ad 334static const OSSL_ALGORITHM fips_macs[] = {
bad41b68 335#ifndef OPENSSL_NO_CMAC
2e5db6ad 336 { "CMAC", "fips=yes", cmac_functions },
bad41b68 337#endif
d33313be 338 { "GMAC", "fips=yes", gmac_functions },
5183ebdc 339 { "HMAC", "fips=yes", hmac_functions },
e23cda00
RL		 340 { "KMAC128", "fips=yes", kmac128_functions },
341 { "KMAC256", "fips=yes", kmac256_functions },
2e5db6ad
RL		 342 { NULL, NULL, NULL }
343};
344
9efa0ae0
MC		 345static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
346 int operation_id,
347 int *no_cache)
348{
349 *no_cache = 0;
350 switch (operation_id) {
351 case OSSL_OP_DIGEST:
352 return fips_digests;
66ad63e8
MC		 353 case OSSL_OP_CIPHER:
354 return fips_ciphers;
2e5db6ad
RL		 355 case OSSL_OP_MAC:
356 return fips_macs;
9efa0ae0
MC		 357 }
358 return NULL;
359}
360
361/* Functions we provide to the core */
362static const OSSL_DISPATCH fips_dispatch_table[] = {
319e518a
MC		 363 /*
364 * To release our resources we just need to free the OPENSSL_CTX so we just
365 * use OPENSSL_CTX_free directly as our teardown function
366 */
367 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
dca97d00 368 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
9efa0ae0
MC		 369 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
370 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
371 { 0, NULL }
372};
373
319e518a
MC		 374/* Functions we provide to ourself */
375static const OSSL_DISPATCH intern_dispatch_table[] = {
376 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
377 { 0, NULL }
378};
379
380
9efa0ae0
MC		 381int OSSL_provider_init(const OSSL_PROVIDER *provider,
382 const OSSL_DISPATCH *in,
a39eb840
RL		 383 const OSSL_DISPATCH **out,
384 void **provctx)
9efa0ae0 385{
da747958 386 FIPS_GLOBAL *fgbl;
03361afb 387 OPENSSL_CTX *ctx;
319e518a 388
9efa0ae0
MC		 389 for (; in->function_id != 0; in++) {
390 switch (in->function_id) {
dca97d00
RL		 391 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
392 c_gettable_params = OSSL_get_core_gettable_params(in);
9efa0ae0
MC		 393 break;
394 case OSSL_FUNC_CORE_GET_PARAMS:
395 c_get_params = OSSL_get_core_get_params(in);
396 break;
da747958
MC		 397 case OSSL_FUNC_CORE_THREAD_START:
398 c_thread_start = OSSL_get_core_thread_start(in);
399 break;
036913b1
RL		 400 case OSSL_FUNC_CORE_NEW_ERROR:
401 c_new_error = OSSL_get_core_new_error(in);
3593266d 402 break;
036913b1
RL		 403 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
404 c_set_error_debug = OSSL_get_core_set_error_debug(in);
405 break;
406 case OSSL_FUNC_CORE_VSET_ERROR:
407 c_vset_error = OSSL_get_core_vset_error(in);
3593266d 408 break;
b60cba3c
RS		 409 case OSSL_FUNC_CRYPTO_MALLOC:
410 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
411 break;
412 case OSSL_FUNC_CRYPTO_ZALLOC:
413 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
414 break;
b60cba3c
RS		 415 case OSSL_FUNC_CRYPTO_FREE:
416 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
417 break;
418 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
419 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
420 break;
421 case OSSL_FUNC_CRYPTO_REALLOC:
422 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
423 break;
424 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
425 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
426 break;
427 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
428 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
429 break;
430 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
431 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
432 break;
433 case OSSL_FUNC_CRYPTO_SECURE_FREE:
434 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
435 break;
436 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
437 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
438 break;
439 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
440 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
441 break;
25e60144
SL		 442 case OSSL_FUNC_BIO_NEW_FILE:
443 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
444 break;
445 case OSSL_FUNC_BIO_NEW_MEMBUF:
446 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
447 break;
448 case OSSL_FUNC_BIO_READ:
449 selftest_params.bio_read_cb = OSSL_get_BIO_read(in);
450 break;
451 case OSSL_FUNC_BIO_FREE:
452 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
453 break;
9efa0ae0 454 default:
b60cba3c 455 /* Just ignore anything we don't understand */
9efa0ae0
MC		 456 break;
457 }
458 }
459
25e60144
SL		 460 if (!c_get_params(provider, core_params))
461 return 0;
462
b60cba3c
RS		 463 /* Create a context. */
464 if ((ctx = OPENSSL_CTX_new()) == NULL)
319e518a 465 return 0;
b60cba3c
RS		 466 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
467 &fips_prov_ossl_ctx_method)) == NULL) {
468 OPENSSL_CTX_free(ctx);
469 return 0;
470 }
03361afb 471 fgbl->prov = provider;
bb751e11
RL		 472 *out = fips_dispatch_table;
473 *provctx = ctx;
474
319e518a
MC		 475 /*
476 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
477 * EVP calls from within the FIPS module.
478 */
bb751e11
RL		 479 if (!dummy_evp_call(*provctx)) {
480 OPENSSL_CTX_free(*provctx);
481 *provctx = NULL;
319e518a
MC		 482 return 0;
483 }
484
9efa0ae0
MC		 485 return 1;
486}
3593266d 487
319e518a
MC		 488/*
489 * The internal init function used when the FIPS module uses EVP to call
b1eb3fd7 490 * another algorithm also in the FIPS module. This is a recursive call that has
bb751e11
RL		 491 * been made from within the FIPS module itself. To make this work, we populate
492 * the provider context of this inner instance with the same library context
493 * that was used in the EVP call that initiated this recursive call.
319e518a 494 */
3593266d
MC		 495OSSL_provider_init_fn fips_intern_provider_init;
496int fips_intern_provider_init(const OSSL_PROVIDER *provider,
497 const OSSL_DISPATCH *in,
319e518a
MC		 498 const OSSL_DISPATCH **out,
499 void **provctx)
3593266d 500{
bb751e11
RL		 501 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
502
503 for (; in->function_id != 0; in++) {
504 switch (in->function_id) {
505 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
506 c_get_libctx = OSSL_get_core_get_library_context(in);
507 break;
508 default:
509 break;
510 }
511 }
512
513 if (c_get_libctx == NULL)
514 return 0;
515
516 *provctx = c_get_libctx(provider);
517
518 /*
519 * Safety measure... we should get the library context that was
520 * created up in OSSL_provider_init().
521 */
522 if (*provctx == NULL)
523 return 0;
524
319e518a 525 *out = intern_dispatch_table;
3593266d
MC		 526 return 1;
527}
528
036913b1 529void ERR_new(void)
3593266d 530{
036913b1
RL		 531 c_new_error(NULL);
532}
533
534void ERR_set_debug(const char *file, int line, const char *func)
535{
536 c_set_error_debug(NULL, file, line, func);
3593266d
MC		 537}
538
036913b1 539void ERR_set_error(int lib, int reason, const char *fmt, ...)
3593266d
MC		 540{
541 va_list args;
8908d18c 542
036913b1
RL		 543 va_start(args, fmt);
544 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d
MC		 545 va_end(args);
546}
547
036913b1 548void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
3593266d 549{
036913b1 550 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d 551}
da747958
MC		 552
553const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
554{
555 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
556 &fips_prov_ossl_ctx_method);
557
558 if (fgbl == NULL)
559 return NULL;
560
561 return fgbl->prov;
562}
b60cba3c
RS		 563
564void *CRYPTO_malloc(size_t num, const char *file, int line)
565{
566 return c_CRYPTO_malloc(num, file, line);
567}
568
569void *CRYPTO_zalloc(size_t num, const char *file, int line)
570{
571 return c_CRYPTO_zalloc(num, file, line);
572}
573
b60cba3c
RS		 574void CRYPTO_free(void *ptr, const char *file, int line)
575{
576 c_CRYPTO_free(ptr, file, line);
577}
578
579void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
580{
581 c_CRYPTO_clear_free(ptr, num, file, line);
582}
583
584void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
585{
586 return c_CRYPTO_realloc(addr, num, file, line);
587}
588
589void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
590 const char *file, int line)
591{
592 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
593}
594
595void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
596{
597 return c_CRYPTO_secure_malloc(num, file, line);
598}
599
600void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
601{
602 return c_CRYPTO_secure_zalloc(num, file, line);
603}
604
605void CRYPTO_secure_free(void *ptr, const char *file, int line)
606{
607 c_CRYPTO_secure_free(ptr, file, line);
608}
609
610void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
611{
612 c_CRYPTO_secure_clear_free(ptr, num, file, line);
613}
614
b60cba3c
RS		 615int CRYPTO_secure_allocated(const void *ptr)
616{
617 return c_CRYPTO_secure_allocated(ptr);
618}
A mirror of the official openssl repository