2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/nelem.h"
29 #include "internal/param_build.h"
30 #include "crypto/evp.h"
31 #include "prov/implementations.h"
32 #include "prov/provider_ctx.h"
33 #include "prov/providercommon.h"
34 #include "prov/provider_util.h"
35 #include "self_test.h"
37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
40 extern OSSL_core_thread_start_fn
*c_thread_start
;
43 * TODO(3.0): Should these be stored in the provider side provctx? Could they
44 * ever be different from one init to the next? Unfortunately we can't do this
45 * at the moment because c_put_error/c_add_error_vdata do not provide
46 * us with the OPENSSL_CTX as a parameter.
49 static SELF_TEST_POST_PARAMS selftest_params
;
51 /* Functions provided by the core */
52 static OSSL_core_gettable_params_fn
*c_gettable_params
;
53 static OSSL_core_get_params_fn
*c_get_params
;
54 OSSL_core_thread_start_fn
*c_thread_start
;
55 static OSSL_core_new_error_fn
*c_new_error
;
56 static OSSL_core_set_error_debug_fn
*c_set_error_debug
;
57 static OSSL_core_vset_error_fn
*c_vset_error
;
58 static OSSL_core_set_error_mark_fn
*c_set_error_mark
;
59 static OSSL_core_clear_last_error_mark_fn
*c_clear_last_error_mark
;
60 static OSSL_core_pop_error_to_mark_fn
*c_pop_error_to_mark
;
61 static OSSL_CRYPTO_malloc_fn
*c_CRYPTO_malloc
;
62 static OSSL_CRYPTO_zalloc_fn
*c_CRYPTO_zalloc
;
63 static OSSL_CRYPTO_free_fn
*c_CRYPTO_free
;
64 static OSSL_CRYPTO_clear_free_fn
*c_CRYPTO_clear_free
;
65 static OSSL_CRYPTO_realloc_fn
*c_CRYPTO_realloc
;
66 static OSSL_CRYPTO_clear_realloc_fn
*c_CRYPTO_clear_realloc
;
67 static OSSL_CRYPTO_secure_malloc_fn
*c_CRYPTO_secure_malloc
;
68 static OSSL_CRYPTO_secure_zalloc_fn
*c_CRYPTO_secure_zalloc
;
69 static OSSL_CRYPTO_secure_free_fn
*c_CRYPTO_secure_free
;
70 static OSSL_CRYPTO_secure_clear_free_fn
*c_CRYPTO_secure_clear_free
;
71 static OSSL_CRYPTO_secure_allocated_fn
*c_CRYPTO_secure_allocated
;
73 typedef struct fips_global_st
{
74 const OSSL_PROVIDER
*prov
;
77 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX
*libctx
)
79 FIPS_GLOBAL
*fgbl
= OPENSSL_zalloc(sizeof(*fgbl
));
84 static void fips_prov_ossl_ctx_free(void *fgbl
)
89 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method
= {
90 fips_prov_ossl_ctx_new
,
91 fips_prov_ossl_ctx_free
,
95 /* Parameters we provide to the core */
96 static const OSSL_PARAM fips_param_types
[] = {
97 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME
, OSSL_PARAM_UTF8_PTR
, NULL
, 0),
98 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION
, OSSL_PARAM_UTF8_PTR
, NULL
, 0),
99 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO
, OSSL_PARAM_UTF8_PTR
, NULL
, 0),
104 * Parameters to retrieve from the core provider - required for self testing.
105 * NOTE: inside core_get_params() these will be loaded from config items
106 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
108 static OSSL_PARAM core_params
[] =
110 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME
,
111 selftest_params
.module_filename
,
112 sizeof(selftest_params
.module_filename
)),
113 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC
,
114 selftest_params
.module_checksum_data
,
115 sizeof(selftest_params
.module_checksum_data
)),
116 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC
,
117 selftest_params
.indicator_checksum_data
,
118 sizeof(selftest_params
.indicator_checksum_data
)),
119 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS
,
120 selftest_params
.indicator_data
,
121 sizeof(selftest_params
.indicator_data
)),
122 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION
,
123 selftest_params
.indicator_version
,
124 sizeof(selftest_params
.indicator_version
)),
129 * Convert a string into a bignumber.
130 * The array of hex_data is used to get around compilers that dont like
131 * strings longer than 509 bytes,
133 static int hextobn(const char *hex_data
[], BIGNUM
**bn
)
139 /* Get the total length of the strings */
140 for (slen
= 0, i
= 0; hex_data
[i
] != NULL
; ++i
)
141 slen
+= strlen(hex_data
[i
]);
143 /* Add 1 for the string terminator */
144 str
= OPENSSL_zalloc(slen
+ 1);
148 /* join the strings together into 1 buffer */
149 for (i
= 0; hex_data
[i
] != NULL
; ++i
)
150 strcat(str
, hex_data
[i
]);
152 if (BN_hex2bn(bn
, str
) <= 0)
160 static int hextobin(const char *hex_data
[], unsigned char **out
, size_t *len
)
164 unsigned char *buf
= NULL
;
166 if (!hextobn(hex_data
, &bn
))
168 sz
= BN_num_bytes(bn
);
169 buf
= OPENSSL_zalloc(sz
);
172 if (BN_bn2binpad(bn
, buf
, sz
) <= 0)
177 buf
= NULL
; /* Set to NULL so it is not freed */
185 #ifndef OPENSSL_NO_DSA
186 static int dsa_key_signature_test(OPENSSL_CTX
*libctx
)
189 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
190 BIGNUM
*pub
= NULL
, *priv
= NULL
;
191 OSSL_PARAM
*params
= NULL
, *params_sig
= NULL
;
193 EVP_PKEY_CTX
*sctx
= NULL
, *kctx
= NULL
;
194 EVP_PKEY
*pkey
= NULL
;
195 unsigned char sig
[64];
198 static const unsigned char dgst
[SHA256_DIGEST_LENGTH
] = {
199 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
200 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
201 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
204 static const char *dsa_p_hex
[] = {
205 "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
206 "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
207 "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
208 "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
209 "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
210 "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
211 "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
212 "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
215 static const char *dsa_q_hex
[] = {
216 "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
219 static const char *dsa_g_hex
[] = {
220 "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
221 "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
222 "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
223 "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
224 "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
225 "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
226 "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
227 "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
230 static const char *dsa_pub_hex
[] = {
231 "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
232 "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
233 "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
234 "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
235 "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
236 "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
237 "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
238 "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
241 static const char *dsa_priv_hex
[] = {
242 "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
246 if (!hextobn(dsa_p_hex
, &p
)
247 || !hextobn(dsa_q_hex
, &q
)
248 || !hextobn(dsa_g_hex
, &g
)
249 || !hextobn(dsa_pub_hex
, &pub
)
250 || !hextobn(dsa_priv_hex
, &priv
))
253 ossl_param_bld_init(&bld
);
254 if (!ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_P
, p
)
255 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_Q
, q
)
256 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_G
, g
)
257 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_DSA_PUB_KEY
, pub
)
258 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_DSA_PRIV_KEY
, priv
))
260 params
= ossl_param_bld_to_param(&bld
);
262 /* Create a EVP_PKEY_CTX to load the DSA key into */
263 kctx
= EVP_PKEY_CTX_new_from_name(libctx
, SN_dsa
, "");
264 if (kctx
== NULL
|| params
== NULL
)
266 if (EVP_PKEY_key_fromdata_init(kctx
) <= 0
267 || EVP_PKEY_fromdata(kctx
, &pkey
, params
) <= 0)
270 /* Create a EVP_PKEY_CTX to use for the signing operation */
271 sctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, NULL
);
273 || EVP_PKEY_sign_init(sctx
) <= 0)
276 /* set signature parameters */
277 ossl_param_bld_init(&bld
);
278 if (!ossl_param_bld_push_utf8_string(&bld
, OSSL_SIGNATURE_PARAM_DIGEST
,
279 SN_sha256
,strlen(SN_sha256
) + 1))
281 params_sig
= ossl_param_bld_to_param(&bld
);
282 if (EVP_PKEY_CTX_set_params(sctx
, params_sig
) <= 0)
285 if (EVP_PKEY_sign(sctx
, sig
, &siglen
, dgst
, sizeof(dgst
)) <= 0
286 || EVP_PKEY_verify_init(sctx
) <= 0
287 || EVP_PKEY_verify(sctx
, sig
, siglen
, dgst
, sizeof(dgst
)) <= 0)
291 ossl_param_bld_free(params
);
292 ossl_param_bld_free(params_sig
);
299 EVP_PKEY_CTX_free(kctx
);
300 EVP_PKEY_CTX_free(sctx
);
303 #endif /* OPENSSL_NO_DSA */
305 #ifndef OPENSSL_NO_DH
306 static int dh_key_exchange_test(OPENSSL_CTX
*libctx
)
309 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
;
310 BIGNUM
*pub
= NULL
, *priv
= NULL
, *pub_peer
= NULL
;
311 unsigned char *kat_secret
= NULL
;
312 EVP_PKEY_CTX
*kactx
= NULL
, *dctx
= NULL
;
313 EVP_PKEY
*pkey
= NULL
, *peerkey
= NULL
;
314 OSSL_PARAM
*params
= NULL
;
315 OSSL_PARAM
*params_peer
= NULL
;
316 unsigned char secret
[256];
317 size_t secret_len
, kat_secret_len
= 0;
321 static const char *dh_p_hex
[] = {
322 "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
323 "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
324 "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
325 "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
326 "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
327 "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
328 "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
329 "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
332 static const char *dh_q_hex
[] = {
333 "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
336 static const char *dh_g_hex
[] = {
337 "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
338 "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
339 "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
340 "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
341 "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
342 "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
343 "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
344 "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
345 "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
349 static const char *dh_priv_hex
[] = {
350 "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
353 static const char *dh_pub_hex
[] = {
354 "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
355 "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
356 "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
357 "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
358 "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
359 "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
360 "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
361 "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
362 "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
366 static const char *dh_peer_pub_hex
[] = {
367 "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
368 "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
369 "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
370 "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
371 "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
372 "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
373 "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
374 "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
375 "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
379 static const char *dh_secret_exptd_hex
[] = {
380 "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
381 "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
382 "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
383 "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
384 "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
385 "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
386 "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
387 "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
388 "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
393 if (!hextobn(dh_p_hex
, &p
)
394 || !hextobn(dh_q_hex
, &q
)
395 || !hextobn(dh_g_hex
, &g
)
396 || !hextobn(dh_pub_hex
, &pub
)
397 || !hextobn(dh_priv_hex
, &priv
)
398 || !hextobn(dh_peer_pub_hex
, &pub_peer
)
399 || !hextobin(dh_secret_exptd_hex
, &kat_secret
, &kat_secret_len
))
402 ossl_param_bld_init(&bld
);
403 if (!ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_P
, p
)
404 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_Q
, q
)
405 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_G
, g
)
406 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_DH_PUB_KEY
, pub
)
407 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_DH_PRIV_KEY
, priv
))
409 params
= ossl_param_bld_to_param(&bld
);
411 ossl_param_bld_init(&bld
);
412 if (!ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_P
, p
)
413 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_Q
, q
)
414 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_FFC_G
, g
)
415 || !ossl_param_bld_push_BN(&bld
, OSSL_PKEY_PARAM_DH_PUB_KEY
, pub_peer
))
418 params_peer
= ossl_param_bld_to_param(&bld
);
419 if (params
== NULL
|| params_peer
== NULL
)
422 /* Create a EVP_PKEY_CTX to load the DH keys into */
423 kactx
= EVP_PKEY_CTX_new_from_name(libctx
, "DH", "");
426 if (EVP_PKEY_key_fromdata_init(kactx
) <= 0
427 || EVP_PKEY_fromdata(kactx
, &pkey
, params
) <= 0)
429 if (EVP_PKEY_key_fromdata_init(kactx
) <= 0
430 || EVP_PKEY_fromdata(kactx
, &peerkey
, params_peer
) <= 0)
433 /* Create a EVP_PKEY_CTX to perform key derivation */
434 dctx
= EVP_PKEY_CTX_new_from_pkey(libctx
, pkey
, NULL
);
438 if (EVP_PKEY_derive_init(dctx
) <= 0
439 || EVP_PKEY_derive_set_peer(dctx
, peerkey
) <= 0
440 || EVP_PKEY_derive(dctx
, secret
, &secret_len
) <= 0)
443 if (secret_len
!= kat_secret_len
444 || memcmp(secret
, kat_secret
, secret_len
) != 0)
448 ossl_param_bld_free(params_peer
);
449 ossl_param_bld_free(params
);
456 OPENSSL_free(kat_secret
);
458 EVP_PKEY_free(peerkey
);
459 EVP_PKEY_CTX_free(kactx
);
460 EVP_PKEY_CTX_free(dctx
);
463 #endif /* OPENSSL_NO_DH */
465 /* TODO(3.0): To be removed */
466 static int dummy_evp_call(void *provctx
)
468 OPENSSL_CTX
*libctx
= PROV_LIBRARY_CONTEXT_OF(provctx
);
469 EVP_MD_CTX
*ctx
= EVP_MD_CTX_new();
470 EVP_MD
*sha256
= EVP_MD_fetch(libctx
, "SHA256", NULL
);
471 EVP_KDF
*kdf
= EVP_KDF_fetch(libctx
, OSSL_KDF_NAME_PBKDF2
, NULL
);
472 unsigned char dgst
[SHA256_DIGEST_LENGTH
];
473 unsigned int dgstlen
;
475 BN_CTX
*bnctx
= NULL
;
476 BIGNUM
*a
= NULL
, *b
= NULL
;
477 unsigned char randbuf
[128];
478 RAND_DRBG
*drbg
= OPENSSL_CTX_get0_public_drbg(libctx
);
479 #ifndef OPENSSL_NO_EC
483 static const char msg
[] = "Hello World!";
484 static const unsigned char exptd
[] = {
485 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
486 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
487 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
490 if (ctx
== NULL
|| sha256
== NULL
|| drbg
== NULL
|| kdf
== NULL
)
493 if (!EVP_DigestInit_ex(ctx
, sha256
, NULL
))
495 if (!EVP_DigestUpdate(ctx
, msg
, sizeof(msg
) - 1))
497 if (!EVP_DigestFinal(ctx
, dgst
, &dgstlen
))
499 if (dgstlen
!= sizeof(exptd
) || memcmp(dgst
, exptd
, sizeof(exptd
)) != 0)
502 bnctx
= BN_CTX_new_ex(libctx
);
506 a
= BN_CTX_get(bnctx
);
507 b
= BN_CTX_get(bnctx
);
513 || BN_cmp(a
, b
) != 0)
516 if (RAND_DRBG_bytes(drbg
, randbuf
, sizeof(randbuf
)) <= 0)
519 if (!BN_rand_ex(a
, 256, BN_RAND_TOP_ANY
, BN_RAND_BOTTOM_ANY
, bnctx
))
522 #ifndef OPENSSL_NO_EC
523 /* Do some dummy EC calls */
524 key
= EC_KEY_new_by_curve_name_ex(libctx
, NID_X9_62_prime256v1
);
528 if (!EC_KEY_generate_key(key
))
532 #ifndef OPENSSL_NO_DSA
533 if (!dsa_key_signature_test(libctx
))
537 #ifndef OPENSSL_NO_DH
538 if (!dh_key_exchange_test(libctx
))
540 #endif /* OPENSSL_NO_DH */
548 EVP_MD_CTX_free(ctx
);
551 #ifndef OPENSSL_NO_EC
557 static const OSSL_PARAM
*fips_gettable_params(const OSSL_PROVIDER
*prov
)
559 return fips_param_types
;
562 static int fips_get_params(const OSSL_PROVIDER
*prov
, OSSL_PARAM params
[])
566 p
= OSSL_PARAM_locate(params
, OSSL_PROV_PARAM_NAME
);
567 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, "OpenSSL FIPS Provider"))
569 p
= OSSL_PARAM_locate(params
, OSSL_PROV_PARAM_VERSION
);
570 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, OPENSSL_VERSION_STR
))
572 p
= OSSL_PARAM_locate(params
, OSSL_PROV_PARAM_BUILDINFO
);
573 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, OPENSSL_FULL_VERSION_STR
))
579 /* FIPS specific version of the function of the same name in provlib.c */
580 const char *ossl_prov_util_nid_to_name(int nid
)
582 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
597 return "SHA-512/224";
599 return "SHA-512/256";
610 case NID_aes_256_ecb
:
611 return "AES-256-ECB";
612 case NID_aes_192_ecb
:
613 return "AES-192-ECB";
614 case NID_aes_128_ecb
:
615 return "AES-128-ECB";
616 case NID_aes_256_cbc
:
617 return "AES-256-CBC";
618 case NID_aes_192_cbc
:
619 return "AES-192-CBC";
620 case NID_aes_128_cbc
:
621 return "AES-128-CBC";
622 case NID_aes_256_ctr
:
623 return "AES-256-CTR";
624 case NID_aes_192_ctr
:
625 return "AES-192-CTR";
626 case NID_aes_128_ctr
:
627 return "AES-128-CTR";
628 case NID_aes_256_xts
:
629 return "AES-256-XTS";
630 case NID_aes_128_xts
:
631 return "AES-128-XTS";
632 case NID_aes_256_gcm
:
633 return "AES-256-GCM";
634 case NID_aes_192_gcm
:
635 return "AES-192-GCM";
636 case NID_aes_128_gcm
:
637 return "AES-128-GCM";
638 case NID_aes_256_ccm
:
639 return "AES-256-CCM";
640 case NID_aes_192_ccm
:
641 return "AES-192-CCM";
642 case NID_aes_128_ccm
:
643 return "AES-128-CCM";
644 case NID_id_aes256_wrap
:
645 return "AES-256-WRAP";
646 case NID_id_aes192_wrap
:
647 return "AES-192-WRAP";
648 case NID_id_aes128_wrap
:
649 return "AES-128-WRAP";
650 case NID_id_aes256_wrap_pad
:
651 return "AES-256-WRAP-PAD";
652 case NID_id_aes192_wrap_pad
:
653 return "AES-192-WRAP-PAD";
654 case NID_id_aes128_wrap_pad
:
655 return "AES-128-WRAP-PAD";
656 case NID_des_ede3_ecb
:
658 case NID_des_ede3_cbc
:
659 return "DES-EDE3-CBC";
660 case NID_aes_256_cbc_hmac_sha256
:
661 return "AES-256-CBC-HMAC-SHA256";
662 case NID_aes_128_cbc_hmac_sha256
:
663 return "AES-128-CBC-HMAC-SHA256";
664 case NID_aes_256_cbc_hmac_sha1
:
665 return "AES-256-CBC-HMAC-SHA1";
666 case NID_aes_128_cbc_hmac_sha1
:
667 return "AES-128-CBC-HMAC-SHA1";
676 * For the algorithm names, we use the following formula for our primary
679 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
681 * VERSION is only present if there are multiple versions of
682 * an alg (MD2, MD4, MD5). It may be omitted if there is only
683 * one version (if a subsequent version is released in the future,
684 * we can always change the canonical name, and add the old name
687 * SUBNAME may be present where we are combining multiple
688 * algorithms together, e.g. MD5-SHA1.
690 * SIZE is only present if multiple versions of an algorithm exist
691 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
693 * MODE is only present where applicable.
695 * We add diverse other names where applicable, such as the names that
696 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
697 * we have used historically.
699 static const OSSL_ALGORITHM fips_digests
[] = {
700 /* Our primary name:NiST name[:our older names] */
701 { "SHA1:SHA-1", "fips=yes", sha1_functions
},
702 { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions
},
703 { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions
},
704 { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions
},
705 { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions
},
706 { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
707 sha512_224_functions
},
708 { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
709 sha512_256_functions
},
711 /* We agree with NIST here, so one name only */
712 { "SHA3-224", "fips=yes", sha3_224_functions
},
713 { "SHA3-256", "fips=yes", sha3_256_functions
},
714 { "SHA3-384", "fips=yes", sha3_384_functions
},
715 { "SHA3-512", "fips=yes", sha3_512_functions
},
717 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
718 * KMAC128 and KMAC256.
720 { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions
},
721 { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions
},
726 static const OSSL_ALGORITHM_CAPABLE fips_ciphers
[] = {
727 /* Our primary name[:ASN.1 OID name][:our older names] */
728 ALG("AES-256-ECB", aes256ecb_functions
),
729 ALG("AES-192-ECB", aes192ecb_functions
),
730 ALG("AES-128-ECB", aes128ecb_functions
),
731 ALG("AES-256-CBC", aes256cbc_functions
),
732 ALG("AES-192-CBC", aes192cbc_functions
),
733 ALG("AES-128-CBC", aes128cbc_functions
),
734 ALG("AES-256-CTR", aes256ctr_functions
),
735 ALG("AES-192-CTR", aes192ctr_functions
),
736 ALG("AES-128-CTR", aes128ctr_functions
),
737 ALG("AES-256-XTS", aes256xts_functions
),
738 ALG("AES-128-XTS", aes128xts_functions
),
739 ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions
),
740 ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions
),
741 ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions
),
742 ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions
),
743 ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions
),
744 ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions
),
745 ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions
),
746 ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions
),
747 ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions
),
748 ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
749 aes256wrappad_functions
),
750 ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
751 aes192wrappad_functions
),
752 ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
753 aes128wrappad_functions
),
754 ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions
,
755 cipher_capable_aes_cbc_hmac_sha1
),
756 ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions
,
757 cipher_capable_aes_cbc_hmac_sha1
),
758 ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions
,
759 cipher_capable_aes_cbc_hmac_sha256
),
760 ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions
,
761 cipher_capable_aes_cbc_hmac_sha256
),
762 #ifndef OPENSSL_NO_DES
763 ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions
),
764 ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions
),
765 #endif /* OPENSSL_NO_DES */
766 { { NULL
, NULL
, NULL
}, NULL
}
768 static OSSL_ALGORITHM exported_fips_ciphers
[OSSL_NELEM(fips_ciphers
)];
770 static const OSSL_ALGORITHM fips_macs
[] = {
771 #ifndef OPENSSL_NO_CMAC
772 { "CMAC", "fips=yes", cmac_functions
},
774 { "GMAC", "fips=yes", gmac_functions
},
775 { "HMAC", "fips=yes", hmac_functions
},
776 { "KMAC-128:KMAC128", "fips=yes", kmac128_functions
},
777 { "KMAC-256:KMAC256", "fips=yes", kmac256_functions
},
781 static const OSSL_ALGORITHM fips_kdfs
[] = {
782 { "HKDF", "fips=yes", kdf_hkdf_functions
},
783 { "SSKDF", "fips=yes", kdf_sskdf_functions
},
784 { "PBKDF2", "fips=yes", kdf_pbkdf2_functions
},
785 { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions
},
786 { "KBKDF", "fips=yes", kdf_kbkdf_functions
},
790 static const OSSL_ALGORITHM fips_keyexch
[] = {
791 #ifndef OPENSSL_NO_DH
792 { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions
},
797 static const OSSL_ALGORITHM fips_signature
[] = {
798 #ifndef OPENSSL_NO_DSA
799 { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions
},
804 static const OSSL_ALGORITHM fips_keymgmt
[] = {
805 #ifndef OPENSSL_NO_DH
806 { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions
},
808 #ifndef OPENSSL_NO_DSA
809 { "DSA", "fips=yes", dsa_keymgmt_functions
},
814 static const OSSL_ALGORITHM
*fips_query(OSSL_PROVIDER
*prov
,
819 switch (operation_id
) {
823 ossl_prov_cache_exported_algorithms(fips_ciphers
, exported_fips_ciphers
);
824 return exported_fips_ciphers
;
829 case OSSL_OP_KEYMGMT
:
831 case OSSL_OP_KEYEXCH
:
833 case OSSL_OP_SIGNATURE
:
834 return fips_signature
;
839 /* Functions we provide to the core */
840 static const OSSL_DISPATCH fips_dispatch_table
[] = {
842 * To release our resources we just need to free the OPENSSL_CTX so we just
843 * use OPENSSL_CTX_free directly as our teardown function
845 { OSSL_FUNC_PROVIDER_TEARDOWN
, (void (*)(void))OPENSSL_CTX_free
},
846 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS
, (void (*)(void))fips_gettable_params
},
847 { OSSL_FUNC_PROVIDER_GET_PARAMS
, (void (*)(void))fips_get_params
},
848 { OSSL_FUNC_PROVIDER_QUERY_OPERATION
, (void (*)(void))fips_query
},
852 /* Functions we provide to ourself */
853 static const OSSL_DISPATCH intern_dispatch_table
[] = {
854 { OSSL_FUNC_PROVIDER_QUERY_OPERATION
, (void (*)(void))fips_query
},
859 int OSSL_provider_init(const OSSL_PROVIDER
*provider
,
860 const OSSL_DISPATCH
*in
,
861 const OSSL_DISPATCH
**out
,
866 OSSL_self_test_cb_fn
*stcbfn
= NULL
;
867 OSSL_core_get_library_context_fn
*c_get_libctx
= NULL
;
869 for (; in
->function_id
!= 0; in
++) {
870 switch (in
->function_id
) {
871 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT
:
872 c_get_libctx
= OSSL_get_core_get_library_context(in
);
874 case OSSL_FUNC_CORE_GETTABLE_PARAMS
:
875 c_gettable_params
= OSSL_get_core_gettable_params(in
);
877 case OSSL_FUNC_CORE_GET_PARAMS
:
878 c_get_params
= OSSL_get_core_get_params(in
);
880 case OSSL_FUNC_CORE_THREAD_START
:
881 c_thread_start
= OSSL_get_core_thread_start(in
);
883 case OSSL_FUNC_CORE_NEW_ERROR
:
884 c_new_error
= OSSL_get_core_new_error(in
);
886 case OSSL_FUNC_CORE_SET_ERROR_DEBUG
:
887 c_set_error_debug
= OSSL_get_core_set_error_debug(in
);
889 case OSSL_FUNC_CORE_VSET_ERROR
:
890 c_vset_error
= OSSL_get_core_vset_error(in
);
892 case OSSL_FUNC_CORE_SET_ERROR_MARK
:
893 c_set_error_mark
= OSSL_get_core_set_error_mark(in
);
895 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK
:
896 c_clear_last_error_mark
= OSSL_get_core_clear_last_error_mark(in
);
898 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK
:
899 c_pop_error_to_mark
= OSSL_get_core_pop_error_to_mark(in
);
901 case OSSL_FUNC_CRYPTO_MALLOC
:
902 c_CRYPTO_malloc
= OSSL_get_CRYPTO_malloc(in
);
904 case OSSL_FUNC_CRYPTO_ZALLOC
:
905 c_CRYPTO_zalloc
= OSSL_get_CRYPTO_zalloc(in
);
907 case OSSL_FUNC_CRYPTO_FREE
:
908 c_CRYPTO_free
= OSSL_get_CRYPTO_free(in
);
910 case OSSL_FUNC_CRYPTO_CLEAR_FREE
:
911 c_CRYPTO_clear_free
= OSSL_get_CRYPTO_clear_free(in
);
913 case OSSL_FUNC_CRYPTO_REALLOC
:
914 c_CRYPTO_realloc
= OSSL_get_CRYPTO_realloc(in
);
916 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC
:
917 c_CRYPTO_clear_realloc
= OSSL_get_CRYPTO_clear_realloc(in
);
919 case OSSL_FUNC_CRYPTO_SECURE_MALLOC
:
920 c_CRYPTO_secure_malloc
= OSSL_get_CRYPTO_secure_malloc(in
);
922 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC
:
923 c_CRYPTO_secure_zalloc
= OSSL_get_CRYPTO_secure_zalloc(in
);
925 case OSSL_FUNC_CRYPTO_SECURE_FREE
:
926 c_CRYPTO_secure_free
= OSSL_get_CRYPTO_secure_free(in
);
928 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE
:
929 c_CRYPTO_secure_clear_free
= OSSL_get_CRYPTO_secure_clear_free(in
);
931 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED
:
932 c_CRYPTO_secure_allocated
= OSSL_get_CRYPTO_secure_allocated(in
);
934 case OSSL_FUNC_BIO_NEW_FILE
:
935 selftest_params
.bio_new_file_cb
= OSSL_get_BIO_new_file(in
);
937 case OSSL_FUNC_BIO_NEW_MEMBUF
:
938 selftest_params
.bio_new_buffer_cb
= OSSL_get_BIO_new_membuf(in
);
940 case OSSL_FUNC_BIO_READ_EX
:
941 selftest_params
.bio_read_ex_cb
= OSSL_get_BIO_read_ex(in
);
943 case OSSL_FUNC_BIO_FREE
:
944 selftest_params
.bio_free_cb
= OSSL_get_BIO_free(in
);
946 case OSSL_FUNC_SELF_TEST_CB
: {
947 stcbfn
= OSSL_get_self_test_cb(in
);
951 /* Just ignore anything we don't understand */
956 if (stcbfn
!= NULL
&& c_get_libctx
!= NULL
) {
957 stcbfn(c_get_libctx(provider
), &selftest_params
.event_cb
,
958 &selftest_params
.event_cb_arg
);
961 selftest_params
.event_cb
= NULL
;
962 selftest_params
.event_cb_arg
= NULL
;
965 if (!c_get_params(provider
, core_params
))
968 /* Create a context. */
969 if ((ctx
= OPENSSL_CTX_new()) == NULL
)
971 if ((fgbl
= openssl_ctx_get_data(ctx
, OPENSSL_CTX_FIPS_PROV_INDEX
,
972 &fips_prov_ossl_ctx_method
)) == NULL
) {
973 OPENSSL_CTX_free(ctx
);
977 fgbl
->prov
= provider
;
979 selftest_params
.libctx
= PROV_LIBRARY_CONTEXT_OF(ctx
);
980 if (!SELF_TEST_post(&selftest_params
, 0)) {
981 OPENSSL_CTX_free(ctx
);
986 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
987 * EVP calls from within the FIPS module.
989 if (!dummy_evp_call(ctx
)) {
990 OPENSSL_CTX_free(ctx
);
994 *out
= fips_dispatch_table
;
1001 * The internal init function used when the FIPS module uses EVP to call
1002 * another algorithm also in the FIPS module. This is a recursive call that has
1003 * been made from within the FIPS module itself. To make this work, we populate
1004 * the provider context of this inner instance with the same library context
1005 * that was used in the EVP call that initiated this recursive call.
1007 OSSL_provider_init_fn fips_intern_provider_init
;
1008 int fips_intern_provider_init(const OSSL_PROVIDER
*provider
,
1009 const OSSL_DISPATCH
*in
,
1010 const OSSL_DISPATCH
**out
,
1013 OSSL_core_get_library_context_fn
*c_get_libctx
= NULL
;
1015 for (; in
->function_id
!= 0; in
++) {
1016 switch (in
->function_id
) {
1017 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT
:
1018 c_get_libctx
= OSSL_get_core_get_library_context(in
);
1025 if (c_get_libctx
== NULL
)
1028 *provctx
= c_get_libctx(provider
);
1031 * Safety measure... we should get the library context that was
1032 * created up in OSSL_provider_init().
1034 if (*provctx
== NULL
)
1037 *out
= intern_dispatch_table
;
1046 void ERR_set_debug(const char *file
, int line
, const char *func
)
1048 c_set_error_debug(NULL
, file
, line
, func
);
1051 void ERR_set_error(int lib
, int reason
, const char *fmt
, ...)
1055 va_start(args
, fmt
);
1056 c_vset_error(NULL
, ERR_PACK(lib
, 0, reason
), fmt
, args
);
1060 void ERR_vset_error(int lib
, int reason
, const char *fmt
, va_list args
)
1062 c_vset_error(NULL
, ERR_PACK(lib
, 0, reason
), fmt
, args
);
1065 int ERR_set_mark(void)
1067 return c_set_error_mark(NULL
);
1070 int ERR_clear_last_mark(void)
1072 return c_clear_last_error_mark(NULL
);
1075 int ERR_pop_to_mark(void)
1077 return c_pop_error_to_mark(NULL
);
1080 const OSSL_PROVIDER
*FIPS_get_provider(OPENSSL_CTX
*ctx
)
1082 FIPS_GLOBAL
*fgbl
= openssl_ctx_get_data(ctx
, OPENSSL_CTX_FIPS_PROV_INDEX
,
1083 &fips_prov_ossl_ctx_method
);
1091 void *CRYPTO_malloc(size_t num
, const char *file
, int line
)
1093 return c_CRYPTO_malloc(num
, file
, line
);
1096 void *CRYPTO_zalloc(size_t num
, const char *file
, int line
)
1098 return c_CRYPTO_zalloc(num
, file
, line
);
1101 void CRYPTO_free(void *ptr
, const char *file
, int line
)
1103 c_CRYPTO_free(ptr
, file
, line
);
1106 void CRYPTO_clear_free(void *ptr
, size_t num
, const char *file
, int line
)
1108 c_CRYPTO_clear_free(ptr
, num
, file
, line
);
1111 void *CRYPTO_realloc(void *addr
, size_t num
, const char *file
, int line
)
1113 return c_CRYPTO_realloc(addr
, num
, file
, line
);
1116 void *CRYPTO_clear_realloc(void *addr
, size_t old_num
, size_t num
,
1117 const char *file
, int line
)
1119 return c_CRYPTO_clear_realloc(addr
, old_num
, num
, file
, line
);
1122 void *CRYPTO_secure_malloc(size_t num
, const char *file
, int line
)
1124 return c_CRYPTO_secure_malloc(num
, file
, line
);
1127 void *CRYPTO_secure_zalloc(size_t num
, const char *file
, int line
)
1129 return c_CRYPTO_secure_zalloc(num
, file
, line
);
1132 void CRYPTO_secure_free(void *ptr
, const char *file
, int line
)
1134 c_CRYPTO_secure_free(ptr
, file
, line
);
1137 void CRYPTO_secure_clear_free(void *ptr
, size_t num
, const char *file
, int line
)
1139 c_CRYPTO_secure_clear_free(ptr
, num
, file
, line
);
1142 int CRYPTO_secure_allocated(const void *ptr
)
1144 return c_CRYPTO_secure_allocated(ptr
);