]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/fips/fipsprov.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add aes_xts cipher to providers
[thirdparty/openssl.git] / providers / fips / fipsprov.c
1 /*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <stdio.h>
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
19
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
25
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/evp_int.h"
29 #include "internal/provider_algs.h"
30 #include "internal/provider_ctx.h"
31 #include "internal/providercommon.h"
32 #include "selftest.h"
33
34 extern OSSL_core_thread_start_fn *c_thread_start;
35
36 /*
37 * TODO(3.0): Should these be stored in the provider side provctx? Could they
38 * ever be different from one init to the next? Unfortunately we can't do this
39 * at the moment because c_put_error/c_add_error_vdata do not provide
40 * us with the OPENSSL_CTX as a parameter.
41 */
42
43 static SELF_TEST_POST_PARAMS selftest_params;
44
45 /* Functions provided by the core */
46 static OSSL_core_gettable_params_fn *c_gettable_params;
47 static OSSL_core_get_params_fn *c_get_params;
48 OSSL_core_thread_start_fn *c_thread_start;
49 static OSSL_core_new_error_fn *c_new_error;
50 static OSSL_core_set_error_debug_fn *c_set_error_debug;
51 static OSSL_core_vset_error_fn *c_vset_error;
52 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
53 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
54 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
55 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
56 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
57 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
58 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
59 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
60 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
61 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
62 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
63
64 typedef struct fips_global_st {
65 const OSSL_PROVIDER *prov;
66 } FIPS_GLOBAL;
67
68 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
69 {
70 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
71
72 return fgbl;
73 }
74
75 static void fips_prov_ossl_ctx_free(void *fgbl)
76 {
77 OPENSSL_free(fgbl);
78 }
79
80 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
81 fips_prov_ossl_ctx_new,
82 fips_prov_ossl_ctx_free,
83 };
84
85
86 /* Parameters we provide to the core */
87 static const OSSL_PARAM fips_param_types[] = {
88 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
90 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
91 OSSL_PARAM_END
92 };
93
94 /*
95 * Parameters to retrieve from the core provider - required for self testing.
96 * NOTE: inside core_get_params() these will be loaded from config items
97 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
98 */
99 static OSSL_PARAM core_params[] =
100 {
101 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
102 selftest_params.module_filename,
103 sizeof(selftest_params.module_filename)),
104 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
105 selftest_params.module_checksum_data,
106 sizeof(selftest_params.module_checksum_data)),
107 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
108 selftest_params.indicator_checksum_data,
109 sizeof(selftest_params.indicator_checksum_data)),
110 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
111 selftest_params.indicator_data,
112 sizeof(selftest_params.indicator_data)),
113 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
114 selftest_params.indicator_version,
115 sizeof(selftest_params.indicator_version)),
116 OSSL_PARAM_END
117 };
118
119 /* TODO(3.0): To be removed */
120 static int dummy_evp_call(void *provctx)
121 {
122 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
123 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
124 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
125 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
126 char msg[] = "Hello World!";
127 const unsigned char exptd[] = {
128 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
129 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
130 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
131 };
132 unsigned int dgstlen = 0;
133 unsigned char dgst[SHA256_DIGEST_LENGTH];
134 int ret = 0;
135 BN_CTX *bnctx = NULL;
136 BIGNUM *a = NULL, *b = NULL;
137 unsigned char randbuf[128];
138 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
139 #ifndef OPENSSL_NO_EC
140 EC_KEY *key = NULL;
141 #endif
142
143 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
144 goto err;
145
146 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
147 goto err;
148 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
149 goto err;
150 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
151 goto err;
152 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
153 goto err;
154
155 bnctx = BN_CTX_new_ex(libctx);
156 if (bnctx == NULL)
157 goto err;
158 BN_CTX_start(bnctx);
159 a = BN_CTX_get(bnctx);
160 b = BN_CTX_get(bnctx);
161 if (b == NULL)
162 goto err;
163 BN_zero(a);
164 if (!BN_one(b)
165 || !BN_add(a, a, b)
166 || BN_cmp(a, b) != 0)
167 goto err;
168
169 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
170 goto err;
171
172 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
173 goto err;
174
175 #ifndef OPENSSL_NO_EC
176 /* Do some dummy EC calls */
177 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
178 if (key == NULL)
179 goto err;
180
181 if (!EC_KEY_generate_key(key))
182 goto err;
183 #endif
184
185 ret = 1;
186 err:
187 BN_CTX_end(bnctx);
188 BN_CTX_free(bnctx);
189
190 EVP_KDF_free(kdf);
191 EVP_MD_CTX_free(ctx);
192 EVP_MD_free(sha256);
193
194 #ifndef OPENSSL_NO_EC
195 EC_KEY_free(key);
196 #endif
197 return ret;
198 }
199
200 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
201 {
202 return fips_param_types;
203 }
204
205 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
206 {
207 OSSL_PARAM *p;
208
209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
211 return 0;
212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
213 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
214 return 0;
215 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
216 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
217 return 0;
218
219 return 1;
220 }
221
222 /* FIPS specific version of the function of the same name in provlib.c */
223 const char *ossl_prov_util_nid_to_name(int nid)
224 {
225 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
226
227 switch (nid) {
228 /* Digests */
229 case NID_sha1:
230 return "SHA224";
231 case NID_sha224:
232 return "SHA224";
233 case NID_sha256:
234 return "SHA256";
235 case NID_sha384:
236 return "SHA384";
237 case NID_sha512:
238 return "SHA512";
239 case NID_sha512_224:
240 return "SHA512-224";
241 case NID_sha512_256:
242 return "SHA512-256";
243 case NID_sha3_224:
244 return "SHA3-224";
245 case NID_sha3_256:
246 return "SHA3-256";
247 case NID_sha3_384:
248 return "SHA3-384";
249 case NID_sha3_512:
250 return "SHA3-512";
251
252 /* Ciphers */
253 case NID_aes_256_ecb:
254 return "AES-256-ECB";
255 case NID_aes_192_ecb:
256 return "AES-192-ECB";
257 case NID_aes_128_ecb:
258 return "AES-128-ECB";
259 case NID_aes_256_cbc:
260 return "AES-256-CBC";
261 case NID_aes_192_cbc:
262 return "AES-192-CBC";
263 case NID_aes_128_cbc:
264 return "AES-128-CBC";
265 case NID_aes_256_ctr:
266 return "AES-256-CTR";
267 case NID_aes_192_ctr:
268 return "AES-192-CTR";
269 case NID_aes_128_ctr:
270 return "AES-128-CTR";
271 case NID_aes_256_xts:
272 return "AES-256-XTS";
273 case NID_aes_128_xts:
274 return "AES-128-XTS";
275 /* TODO(3.0) Change these when we have aliases */
276 case NID_aes_256_gcm:
277 return "id-aes256-GCM";
278 case NID_aes_192_gcm:
279 return "id-aes192-GCM";
280 case NID_aes_128_gcm:
281 return "id-aes128-GCM";
282 case NID_aes_256_ccm:
283 return "id-aes256-CCM";
284 case NID_aes_192_ccm:
285 return "id-aes192-CCM";
286 case NID_aes_128_ccm:
287 return "id-aes128-CCM";
288 default:
289 break;
290 }
291
292 return NULL;
293 }
294
295 static const OSSL_ALGORITHM fips_digests[] = {
296 { "SHA1", "fips=yes", sha1_functions },
297 { "SHA224", "fips=yes", sha224_functions },
298 { "SHA256", "fips=yes", sha256_functions },
299 { "SHA384", "fips=yes", sha384_functions },
300 { "SHA512", "fips=yes", sha512_functions },
301 { "SHA512-224", "fips=yes", sha512_224_functions },
302 { "SHA512-256", "fips=yes", sha512_256_functions },
303 { "SHA3-224", "fips=yes", sha3_224_functions },
304 { "SHA3-256", "fips=yes", sha3_256_functions },
305 { "SHA3-384", "fips=yes", sha3_384_functions },
306 { "SHA3-512", "fips=yes", sha3_512_functions },
307 /*
308 * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for
309 * the KMAC128 and KMAC256.
310 */
311 { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions },
312 { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions },
313
314 { NULL, NULL, NULL }
315 };
316
317 static const OSSL_ALGORITHM fips_ciphers[] = {
318 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
319 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
320 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
321 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
322 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
323 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
324 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
325 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
326 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
327 { "AES-256-XTS", "fips=yes", aes256xts_functions },
328 { "AES-128-XTS", "fips=yes", aes128xts_functions },
329 /* TODO(3.0) Add aliases for these ciphers */
330 { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
331 { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
332 { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
333 { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
334 { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
335 { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
336 #ifndef OPENSSL_NO_DES
337 { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
338 { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
339 #endif /* OPENSSL_NO_DES */
340 { NULL, NULL, NULL }
341 };
342
343 static const OSSL_ALGORITHM fips_macs[] = {
344 #ifndef OPENSSL_NO_CMAC
345 { "CMAC", "fips=yes", cmac_functions },
346 #endif
347 { "GMAC", "fips=yes", gmac_functions },
348 { "HMAC", "fips=yes", hmac_functions },
349 { "KMAC128", "fips=yes", kmac128_functions },
350 { "KMAC256", "fips=yes", kmac256_functions },
351 { NULL, NULL, NULL }
352 };
353
354 static const OSSL_ALGORITHM fips_kdfs[] = {
355 { OSSL_KDF_NAME_HKDF, "fips=yes", kdf_hkdf_functions },
356 { OSSL_KDF_NAME_SSKDF, "fips=yes", kdf_sskdf_functions },
357 { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions },
358 { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions },
359 { NULL, NULL, NULL }
360 };
361
362 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
363 int operation_id,
364 int *no_cache)
365 {
366 *no_cache = 0;
367 switch (operation_id) {
368 case OSSL_OP_DIGEST:
369 return fips_digests;
370 case OSSL_OP_CIPHER:
371 return fips_ciphers;
372 case OSSL_OP_MAC:
373 return fips_macs;
374 case OSSL_OP_KDF:
375 return fips_kdfs;
376 }
377 return NULL;
378 }
379
380 /* Functions we provide to the core */
381 static const OSSL_DISPATCH fips_dispatch_table[] = {
382 /*
383 * To release our resources we just need to free the OPENSSL_CTX so we just
384 * use OPENSSL_CTX_free directly as our teardown function
385 */
386 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
387 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
388 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
389 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
390 { 0, NULL }
391 };
392
393 /* Functions we provide to ourself */
394 static const OSSL_DISPATCH intern_dispatch_table[] = {
395 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
396 { 0, NULL }
397 };
398
399
400 int OSSL_provider_init(const OSSL_PROVIDER *provider,
401 const OSSL_DISPATCH *in,
402 const OSSL_DISPATCH **out,
403 void **provctx)
404 {
405 FIPS_GLOBAL *fgbl;
406 OPENSSL_CTX *ctx;
407
408 for (; in->function_id != 0; in++) {
409 switch (in->function_id) {
410 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
411 c_gettable_params = OSSL_get_core_gettable_params(in);
412 break;
413 case OSSL_FUNC_CORE_GET_PARAMS:
414 c_get_params = OSSL_get_core_get_params(in);
415 break;
416 case OSSL_FUNC_CORE_THREAD_START:
417 c_thread_start = OSSL_get_core_thread_start(in);
418 break;
419 case OSSL_FUNC_CORE_NEW_ERROR:
420 c_new_error = OSSL_get_core_new_error(in);
421 break;
422 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
423 c_set_error_debug = OSSL_get_core_set_error_debug(in);
424 break;
425 case OSSL_FUNC_CORE_VSET_ERROR:
426 c_vset_error = OSSL_get_core_vset_error(in);
427 break;
428 case OSSL_FUNC_CRYPTO_MALLOC:
429 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
430 break;
431 case OSSL_FUNC_CRYPTO_ZALLOC:
432 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
433 break;
434 case OSSL_FUNC_CRYPTO_FREE:
435 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
436 break;
437 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
438 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
439 break;
440 case OSSL_FUNC_CRYPTO_REALLOC:
441 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
442 break;
443 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
444 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
445 break;
446 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
447 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
448 break;
449 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
450 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
451 break;
452 case OSSL_FUNC_CRYPTO_SECURE_FREE:
453 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
454 break;
455 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
456 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
457 break;
458 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
459 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
460 break;
461 case OSSL_FUNC_BIO_NEW_FILE:
462 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
463 break;
464 case OSSL_FUNC_BIO_NEW_MEMBUF:
465 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
466 break;
467 case OSSL_FUNC_BIO_READ:
468 selftest_params.bio_read_cb = OSSL_get_BIO_read(in);
469 break;
470 case OSSL_FUNC_BIO_FREE:
471 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
472 break;
473 default:
474 /* Just ignore anything we don't understand */
475 break;
476 }
477 }
478
479 if (!c_get_params(provider, core_params))
480 return 0;
481
482 /* Create a context. */
483 if ((ctx = OPENSSL_CTX_new()) == NULL)
484 return 0;
485 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
486 &fips_prov_ossl_ctx_method)) == NULL) {
487 OPENSSL_CTX_free(ctx);
488 return 0;
489 }
490 fgbl->prov = provider;
491 *out = fips_dispatch_table;
492 *provctx = ctx;
493
494 /*
495 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
496 * EVP calls from within the FIPS module.
497 */
498 if (!dummy_evp_call(*provctx)) {
499 OPENSSL_CTX_free(*provctx);
500 *provctx = NULL;
501 return 0;
502 }
503
504 return 1;
505 }
506
507 /*
508 * The internal init function used when the FIPS module uses EVP to call
509 * another algorithm also in the FIPS module. This is a recursive call that has
510 * been made from within the FIPS module itself. To make this work, we populate
511 * the provider context of this inner instance with the same library context
512 * that was used in the EVP call that initiated this recursive call.
513 */
514 OSSL_provider_init_fn fips_intern_provider_init;
515 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
516 const OSSL_DISPATCH *in,
517 const OSSL_DISPATCH **out,
518 void **provctx)
519 {
520 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
521
522 for (; in->function_id != 0; in++) {
523 switch (in->function_id) {
524 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
525 c_get_libctx = OSSL_get_core_get_library_context(in);
526 break;
527 default:
528 break;
529 }
530 }
531
532 if (c_get_libctx == NULL)
533 return 0;
534
535 *provctx = c_get_libctx(provider);
536
537 /*
538 * Safety measure... we should get the library context that was
539 * created up in OSSL_provider_init().
540 */
541 if (*provctx == NULL)
542 return 0;
543
544 *out = intern_dispatch_table;
545 return 1;
546 }
547
548 void ERR_new(void)
549 {
550 c_new_error(NULL);
551 }
552
553 void ERR_set_debug(const char *file, int line, const char *func)
554 {
555 c_set_error_debug(NULL, file, line, func);
556 }
557
558 void ERR_set_error(int lib, int reason, const char *fmt, ...)
559 {
560 va_list args;
561
562 va_start(args, fmt);
563 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
564 va_end(args);
565 }
566
567 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
568 {
569 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
570 }
571
572 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
573 {
574 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
575 &fips_prov_ossl_ctx_method);
576
577 if (fgbl == NULL)
578 return NULL;
579
580 return fgbl->prov;
581 }
582
583 void *CRYPTO_malloc(size_t num, const char *file, int line)
584 {
585 return c_CRYPTO_malloc(num, file, line);
586 }
587
588 void *CRYPTO_zalloc(size_t num, const char *file, int line)
589 {
590 return c_CRYPTO_zalloc(num, file, line);
591 }
592
593 void CRYPTO_free(void *ptr, const char *file, int line)
594 {
595 c_CRYPTO_free(ptr, file, line);
596 }
597
598 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
599 {
600 c_CRYPTO_clear_free(ptr, num, file, line);
601 }
602
603 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
604 {
605 return c_CRYPTO_realloc(addr, num, file, line);
606 }
607
608 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
609 const char *file, int line)
610 {
611 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
612 }
613
614 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
615 {
616 return c_CRYPTO_secure_malloc(num, file, line);
617 }
618
619 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
620 {
621 return c_CRYPTO_secure_zalloc(num, file, line);
622 }
623
624 void CRYPTO_secure_free(void *ptr, const char *file, int line)
625 {
626 c_CRYPTO_secure_free(ptr, file, line);
627 }
628
629 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
630 {
631 c_CRYPTO_secure_clear_free(ptr, num, file, line);
632 }
633
634 int CRYPTO_secure_allocated(const void *ptr)
635 {
636 return c_CRYPTO_secure_allocated(ptr);
637 }
A mirror of the official openssl repository