2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
19 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
20 #include <openssl/sha.h>
21 #include <openssl/rand_drbg.h>
23 #include "internal/cryptlib.h"
24 #include "internal/property.h"
25 #include "internal/evp_int.h"
26 #include "internal/provider_algs.h"
27 #include "internal/provider_ctx.h"
28 #include "internal/providercommon.h"
30 extern OSSL_core_thread_start_fn
*c_thread_start
;
33 * TODO(3.0): Should these be stored in the provider side provctx? Could they
34 * ever be different from one init to the next? Unfortunately we can't do this
35 * at the moment because c_put_error/c_add_error_vdata do not provide
36 * us with the OPENSSL_CTX as a parameter.
38 /* Functions provided by the core */
39 static OSSL_core_get_param_types_fn
*c_get_param_types
;
40 static OSSL_core_get_params_fn
*c_get_params
;
41 OSSL_core_thread_start_fn
*c_thread_start
;
42 static OSSL_core_put_error_fn
*c_put_error
;
43 static OSSL_core_add_error_vdata_fn
*c_add_error_vdata
;
44 static OSSL_CRYPTO_malloc_fn
*c_CRYPTO_malloc
;
45 static OSSL_CRYPTO_zalloc_fn
*c_CRYPTO_zalloc
;
46 static OSSL_CRYPTO_memdup_fn
*c_CRYPTO_memdup
;
47 static OSSL_CRYPTO_strdup_fn
*c_CRYPTO_strdup
;
48 static OSSL_CRYPTO_strndup_fn
*c_CRYPTO_strndup
;
49 static OSSL_CRYPTO_free_fn
*c_CRYPTO_free
;
50 static OSSL_CRYPTO_clear_free_fn
*c_CRYPTO_clear_free
;
51 static OSSL_CRYPTO_realloc_fn
*c_CRYPTO_realloc
;
52 static OSSL_CRYPTO_clear_realloc_fn
*c_CRYPTO_clear_realloc
;
53 static OSSL_CRYPTO_secure_malloc_fn
*c_CRYPTO_secure_malloc
;
54 static OSSL_CRYPTO_secure_zalloc_fn
*c_CRYPTO_secure_zalloc
;
55 static OSSL_CRYPTO_secure_free_fn
*c_CRYPTO_secure_free
;
56 static OSSL_CRYPTO_secure_clear_free_fn
*c_CRYPTO_secure_clear_free
;
57 static OSSL_CRYPTO_secure_allocated_fn
*c_CRYPTO_secure_allocated
;
58 static OSSL_OPENSSL_hexstr2buf_fn
*c_OPENSSL_hexstr2buf
;
60 typedef struct fips_global_st
{
61 const OSSL_PROVIDER
*prov
;
64 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX
*libctx
)
66 FIPS_GLOBAL
*fgbl
= OPENSSL_zalloc(sizeof(*fgbl
));
71 static void fips_prov_ossl_ctx_free(void *fgbl
)
76 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method
= {
77 fips_prov_ossl_ctx_new
,
78 fips_prov_ossl_ctx_free
,
82 /* Parameters we provide to the core */
83 static const OSSL_ITEM fips_param_types
[] = {
84 { OSSL_PARAM_UTF8_PTR
, OSSL_PROV_PARAM_NAME
},
85 { OSSL_PARAM_UTF8_PTR
, OSSL_PROV_PARAM_VERSION
},
86 { OSSL_PARAM_UTF8_PTR
, OSSL_PROV_PARAM_BUILDINFO
},
90 /* TODO(3.0): To be removed */
91 static int dummy_evp_call(void *provctx
)
93 OPENSSL_CTX
*libctx
= PROV_LIBRARY_CONTEXT_OF(provctx
);
94 EVP_MD_CTX
*ctx
= EVP_MD_CTX_new();
95 EVP_MD
*sha256
= EVP_MD_fetch(libctx
, "SHA256", NULL
);
96 char msg
[] = "Hello World!";
97 const unsigned char exptd
[] = {
98 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
99 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
100 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
102 unsigned int dgstlen
= 0;
103 unsigned char dgst
[SHA256_DIGEST_LENGTH
];
105 BN_CTX
*bnctx
= NULL
;
106 BIGNUM
*a
= NULL
, *b
= NULL
;
107 unsigned char randbuf
[128];
108 RAND_DRBG
*drbg
= OPENSSL_CTX_get0_public_drbg(libctx
);
110 if (ctx
== NULL
|| sha256
== NULL
|| drbg
== NULL
)
113 if (!EVP_DigestInit_ex(ctx
, sha256
, NULL
))
115 if (!EVP_DigestUpdate(ctx
, msg
, sizeof(msg
) - 1))
117 if (!EVP_DigestFinal(ctx
, dgst
, &dgstlen
))
119 if (dgstlen
!= sizeof(exptd
) || memcmp(dgst
, exptd
, sizeof(exptd
)) != 0)
122 bnctx
= BN_CTX_new_ex(libctx
);
126 a
= BN_CTX_get(bnctx
);
127 b
= BN_CTX_get(bnctx
);
133 || BN_cmp(a
, b
) != 0)
136 if (RAND_DRBG_bytes(drbg
, randbuf
, sizeof(randbuf
)) <= 0)
139 if (!BN_rand_ex(a
, 256, BN_RAND_TOP_ANY
, BN_RAND_BOTTOM_ANY
, bnctx
))
147 EVP_MD_CTX_free(ctx
);
148 EVP_MD_meth_free(sha256
);
152 static const OSSL_ITEM
*fips_get_param_types(const OSSL_PROVIDER
*prov
)
154 return fips_param_types
;
157 static int fips_get_params(const OSSL_PROVIDER
*prov
, OSSL_PARAM params
[])
161 p
= OSSL_PARAM_locate(params
, OSSL_PROV_PARAM_NAME
);
162 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, "OpenSSL FIPS Provider"))
164 p
= OSSL_PARAM_locate(params
, OSSL_PROV_PARAM_VERSION
);
165 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, OPENSSL_VERSION_STR
))
167 p
= OSSL_PARAM_locate(params
, OSSL_PROV_PARAM_BUILDINFO
);
168 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, OPENSSL_FULL_VERSION_STR
))
174 /* FIPS specific version of the function of the same name in provlib.c */
175 const char *ossl_prov_util_nid_to_name(int nid
)
177 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
205 case NID_aes_256_ecb
:
206 return "AES-256-ECB";
207 case NID_aes_192_ecb
:
208 return "AES-192-ECB";
209 case NID_aes_128_ecb
:
210 return "AES-128-ECB";
211 case NID_aes_256_cbc
:
212 return "AES-256-CBC";
213 case NID_aes_192_cbc
:
214 return "AES-192-CBC";
215 case NID_aes_128_cbc
:
216 return "AES-128-CBC";
217 case NID_aes_256_ctr
:
218 return "AES-256-CTR";
219 case NID_aes_192_ctr
:
220 return "AES-192-CTR";
221 case NID_aes_128_ctr
:
222 return "AES-128-CTR";
228 static const OSSL_ALGORITHM fips_digests
[] = {
229 { "SHA1", "fips=yes", sha1_functions
},
230 { "SHA224", "fips=yes", sha224_functions
},
231 { "SHA256", "fips=yes", sha256_functions
},
232 { "SHA384", "fips=yes", sha384_functions
},
233 { "SHA512", "fips=yes", sha512_functions
},
234 { "SHA512-224", "fips=yes", sha512_224_functions
},
235 { "SHA512-256", "fips=yes", sha512_256_functions
},
236 { "SHA3-224", "fips=yes", sha3_224_functions
},
237 { "SHA3-256", "fips=yes", sha3_256_functions
},
238 { "SHA3-384", "fips=yes", sha3_384_functions
},
239 { "SHA3-512", "fips=yes", sha3_512_functions
},
240 { "KMAC128", "fips=yes", keccak_kmac_128_functions
},
241 { "KMAC256", "fips=yes", keccak_kmac_256_functions
},
246 static const OSSL_ALGORITHM fips_ciphers
[] = {
247 { "AES-256-ECB", "fips=yes", aes256ecb_functions
},
248 { "AES-192-ECB", "fips=yes", aes192ecb_functions
},
249 { "AES-128-ECB", "fips=yes", aes128ecb_functions
},
250 { "AES-256-CBC", "fips=yes", aes256cbc_functions
},
251 { "AES-192-CBC", "fips=yes", aes192cbc_functions
},
252 { "AES-128-CBC", "fips=yes", aes128cbc_functions
},
253 { "AES-256-CTR", "fips=yes", aes256ctr_functions
},
254 { "AES-192-CTR", "fips=yes", aes192ctr_functions
},
255 { "AES-128-CTR", "fips=yes", aes128ctr_functions
},
259 static const OSSL_ALGORITHM
*fips_query(OSSL_PROVIDER
*prov
,
264 switch (operation_id
) {
273 /* Functions we provide to the core */
274 static const OSSL_DISPATCH fips_dispatch_table
[] = {
276 * To release our resources we just need to free the OPENSSL_CTX so we just
277 * use OPENSSL_CTX_free directly as our teardown function
279 { OSSL_FUNC_PROVIDER_TEARDOWN
, (void (*)(void))OPENSSL_CTX_free
},
280 { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES
, (void (*)(void))fips_get_param_types
},
281 { OSSL_FUNC_PROVIDER_GET_PARAMS
, (void (*)(void))fips_get_params
},
282 { OSSL_FUNC_PROVIDER_QUERY_OPERATION
, (void (*)(void))fips_query
},
286 /* Functions we provide to ourself */
287 static const OSSL_DISPATCH intern_dispatch_table
[] = {
288 { OSSL_FUNC_PROVIDER_QUERY_OPERATION
, (void (*)(void))fips_query
},
293 int OSSL_provider_init(const OSSL_PROVIDER
*provider
,
294 const OSSL_DISPATCH
*in
,
295 const OSSL_DISPATCH
**out
,
301 for (; in
->function_id
!= 0; in
++) {
302 switch (in
->function_id
) {
303 case OSSL_FUNC_CORE_GET_PARAM_TYPES
:
304 c_get_param_types
= OSSL_get_core_get_param_types(in
);
306 case OSSL_FUNC_CORE_GET_PARAMS
:
307 c_get_params
= OSSL_get_core_get_params(in
);
309 case OSSL_FUNC_CORE_THREAD_START
:
310 c_thread_start
= OSSL_get_core_thread_start(in
);
312 case OSSL_FUNC_CORE_PUT_ERROR
:
313 c_put_error
= OSSL_get_core_put_error(in
);
315 case OSSL_FUNC_CORE_ADD_ERROR_VDATA
:
316 c_add_error_vdata
= OSSL_get_core_add_error_vdata(in
);
318 case OSSL_FUNC_CRYPTO_MALLOC
:
319 c_CRYPTO_malloc
= OSSL_get_CRYPTO_malloc(in
);
321 case OSSL_FUNC_CRYPTO_ZALLOC
:
322 c_CRYPTO_zalloc
= OSSL_get_CRYPTO_zalloc(in
);
324 case OSSL_FUNC_CRYPTO_MEMDUP
:
325 c_CRYPTO_memdup
= OSSL_get_CRYPTO_memdup(in
);
327 case OSSL_FUNC_CRYPTO_STRDUP
:
328 c_CRYPTO_strdup
= OSSL_get_CRYPTO_strdup(in
);
330 case OSSL_FUNC_CRYPTO_STRNDUP
:
331 c_CRYPTO_strndup
= OSSL_get_CRYPTO_strndup(in
);
333 case OSSL_FUNC_CRYPTO_FREE
:
334 c_CRYPTO_free
= OSSL_get_CRYPTO_free(in
);
336 case OSSL_FUNC_CRYPTO_CLEAR_FREE
:
337 c_CRYPTO_clear_free
= OSSL_get_CRYPTO_clear_free(in
);
339 case OSSL_FUNC_CRYPTO_REALLOC
:
340 c_CRYPTO_realloc
= OSSL_get_CRYPTO_realloc(in
);
342 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC
:
343 c_CRYPTO_clear_realloc
= OSSL_get_CRYPTO_clear_realloc(in
);
345 case OSSL_FUNC_CRYPTO_SECURE_MALLOC
:
346 c_CRYPTO_secure_malloc
= OSSL_get_CRYPTO_secure_malloc(in
);
348 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC
:
349 c_CRYPTO_secure_zalloc
= OSSL_get_CRYPTO_secure_zalloc(in
);
351 case OSSL_FUNC_CRYPTO_SECURE_FREE
:
352 c_CRYPTO_secure_free
= OSSL_get_CRYPTO_secure_free(in
);
354 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE
:
355 c_CRYPTO_secure_clear_free
= OSSL_get_CRYPTO_secure_clear_free(in
);
357 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED
:
358 c_CRYPTO_secure_allocated
= OSSL_get_CRYPTO_secure_allocated(in
);
360 case OSSL_FUNC_OPENSSL_HEXSTR2BUF
:
361 c_OPENSSL_hexstr2buf
= OSSL_get_OPENSSL_hexstr2buf(in
);
364 /* Just ignore anything we don't understand */
369 /* Create a context. */
370 if ((ctx
= OPENSSL_CTX_new()) == NULL
)
372 if ((fgbl
= openssl_ctx_get_data(ctx
, OPENSSL_CTX_FIPS_PROV_INDEX
,
373 &fips_prov_ossl_ctx_method
)) == NULL
) {
374 OPENSSL_CTX_free(ctx
);
377 fgbl
->prov
= provider
;
378 *out
= fips_dispatch_table
;
382 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
383 * EVP calls from within the FIPS module.
385 if (!dummy_evp_call(*provctx
)) {
386 OPENSSL_CTX_free(*provctx
);
395 * The internal init function used when the FIPS module uses EVP to call
396 * another algorithm also in the FIPS module. This is a recursive call that has
397 * been made from within the FIPS module itself. To make this work, we populate
398 * the provider context of this inner instance with the same library context
399 * that was used in the EVP call that initiated this recursive call.
401 OSSL_provider_init_fn fips_intern_provider_init
;
402 int fips_intern_provider_init(const OSSL_PROVIDER
*provider
,
403 const OSSL_DISPATCH
*in
,
404 const OSSL_DISPATCH
**out
,
407 OSSL_core_get_library_context_fn
*c_get_libctx
= NULL
;
409 for (; in
->function_id
!= 0; in
++) {
410 switch (in
->function_id
) {
411 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT
:
412 c_get_libctx
= OSSL_get_core_get_library_context(in
);
419 if (c_get_libctx
== NULL
)
422 *provctx
= c_get_libctx(provider
);
425 * Safety measure... we should get the library context that was
426 * created up in OSSL_provider_init().
428 if (*provctx
== NULL
)
431 *out
= intern_dispatch_table
;
435 void ERR_put_error(int lib
, int func
, int reason
, const char *file
, int line
)
438 * TODO(3.0) the first argument is currently NULL but is expected to
439 * be passed something else in the future, either an OSSL_PROVIDER or
440 * a OPENSSL_CTX pointer.
442 c_put_error(NULL
, ERR_PACK(lib
, func
, reason
), file
, line
);
443 ERR_add_error_data(1, "(in the FIPS module)");
446 void ERR_add_error_data(int num
, ...)
451 ERR_add_error_vdata(num
, args
);
455 void ERR_add_error_vdata(int num
, va_list args
)
457 c_add_error_vdata(NULL
, num
, args
);
460 const OSSL_PROVIDER
*FIPS_get_provider(OPENSSL_CTX
*ctx
)
462 FIPS_GLOBAL
*fgbl
= openssl_ctx_get_data(ctx
, OPENSSL_CTX_FIPS_PROV_INDEX
,
463 &fips_prov_ossl_ctx_method
);
471 void *CRYPTO_malloc(size_t num
, const char *file
, int line
)
473 return c_CRYPTO_malloc(num
, file
, line
);
476 void *CRYPTO_zalloc(size_t num
, const char *file
, int line
)
478 return c_CRYPTO_zalloc(num
, file
, line
);
481 void *CRYPTO_memdup(const void *str
, size_t siz
, const char *file
, int line
)
483 return c_CRYPTO_memdup(str
, siz
, file
, line
);
486 char *CRYPTO_strdup(const char *str
, const char *file
, int line
)
488 return c_CRYPTO_strdup(str
, file
, line
);
491 char *CRYPTO_strndup(const char *str
, size_t s
, const char *file
, int line
)
493 return c_CRYPTO_strndup(str
, s
, file
, line
);
496 void CRYPTO_free(void *ptr
, const char *file
, int line
)
498 c_CRYPTO_free(ptr
, file
, line
);
501 void CRYPTO_clear_free(void *ptr
, size_t num
, const char *file
, int line
)
503 c_CRYPTO_clear_free(ptr
, num
, file
, line
);
506 void *CRYPTO_realloc(void *addr
, size_t num
, const char *file
, int line
)
508 return c_CRYPTO_realloc(addr
, num
, file
, line
);
511 void *CRYPTO_clear_realloc(void *addr
, size_t old_num
, size_t num
,
512 const char *file
, int line
)
514 return c_CRYPTO_clear_realloc(addr
, old_num
, num
, file
, line
);
517 void *CRYPTO_secure_malloc(size_t num
, const char *file
, int line
)
519 return c_CRYPTO_secure_malloc(num
, file
, line
);
522 void *CRYPTO_secure_zalloc(size_t num
, const char *file
, int line
)
524 return c_CRYPTO_secure_zalloc(num
, file
, line
);
527 void CRYPTO_secure_free(void *ptr
, const char *file
, int line
)
529 c_CRYPTO_secure_free(ptr
, file
, line
);
532 void CRYPTO_secure_clear_free(void *ptr
, size_t num
, const char *file
, int line
)
534 c_CRYPTO_secure_clear_free(ptr
, num
, file
, line
);
537 unsigned char *OPENSSL_hexstr2buf(const char *str
, long *len
)
539 return c_OPENSSL_hexstr2buf(str
, len
);
542 int CRYPTO_secure_allocated(const void *ptr
)
544 return c_CRYPTO_secure_allocated(ptr
);