2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "crypto/evp.h"
29 #include "prov/implementations.h"
30 #include "prov/provider_ctx.h"
31 #include "prov/providercommon.h"
34 extern OSSL_core_thread_start_fn *c_thread_start;
37 * TODO(3.0): Should these be stored in the provider side provctx? Could they
38 * ever be different from one init to the next? Unfortunately we can't do this
39 * at the moment because c_put_error/c_add_error_vdata do not provide
40 * us with the OPENSSL_CTX as a parameter.
43 static SELF_TEST_POST_PARAMS selftest_params;
45 /* Functions provided by the core */
46 static OSSL_core_gettable_params_fn *c_gettable_params;
47 static OSSL_core_get_params_fn *c_get_params;
48 OSSL_core_thread_start_fn *c_thread_start;
49 static OSSL_core_new_error_fn *c_new_error;
50 static OSSL_core_set_error_debug_fn *c_set_error_debug;
51 static OSSL_core_vset_error_fn *c_vset_error;
52 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
53 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
54 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
55 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
56 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
57 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
58 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
59 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
60 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
61 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
62 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
63 static OSSL_CRYPTO_mem_ctrl_fn *c_CRYPTO_mem_ctrl;
65 typedef struct fips_global_st {
66 const OSSL_PROVIDER *prov;
69 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
71 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
76 static void fips_prov_ossl_ctx_free(void *fgbl)
81 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
82 fips_prov_ossl_ctx_new,
83 fips_prov_ossl_ctx_free,
87 /* Parameters we provide to the core */
88 static const OSSL_PARAM fips_param_types[] = {
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
90 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
91 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
96 * Parameters to retrieve from the core provider - required for self testing.
97 * NOTE: inside core_get_params() these will be loaded from config items
98 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
100 static OSSL_PARAM core_params[] =
102 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
103 selftest_params.module_filename,
104 sizeof(selftest_params.module_filename)),
105 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
106 selftest_params.module_checksum_data,
107 sizeof(selftest_params.module_checksum_data)),
108 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
109 selftest_params.indicator_checksum_data,
110 sizeof(selftest_params.indicator_checksum_data)),
111 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
112 selftest_params.indicator_data,
113 sizeof(selftest_params.indicator_data)),
114 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
115 selftest_params.indicator_version,
116 sizeof(selftest_params.indicator_version)),
120 /* TODO(3.0): To be removed */
121 static int dummy_evp_call(void *provctx)
123 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
124 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
125 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
126 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
127 char msg[] = "Hello World!";
128 const unsigned char exptd[] = {
129 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
130 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
131 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
133 unsigned int dgstlen = 0;
134 unsigned char dgst[SHA256_DIGEST_LENGTH];
136 BN_CTX *bnctx = NULL;
137 BIGNUM *a = NULL, *b = NULL;
138 unsigned char randbuf[128];
139 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
140 #ifndef OPENSSL_NO_EC
144 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
147 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
149 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
151 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
153 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
156 bnctx = BN_CTX_new_ex(libctx);
160 a = BN_CTX_get(bnctx);
161 b = BN_CTX_get(bnctx);
167 || BN_cmp(a, b) != 0)
170 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
173 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
176 #ifndef OPENSSL_NO_EC
177 /* Do some dummy EC calls */
178 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
182 if (!EC_KEY_generate_key(key))
192 EVP_MD_CTX_free(ctx);
195 #ifndef OPENSSL_NO_EC
201 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
203 return fips_param_types;
206 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
210 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
211 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
213 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
214 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
216 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
217 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
223 /* FIPS specific version of the function of the same name in provlib.c */
224 const char *ossl_prov_util_nid_to_name(int nid)
226 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
241 return "SHA-512/224";
243 return "SHA-512/256";
254 case NID_aes_256_ecb:
255 return "AES-256-ECB";
256 case NID_aes_192_ecb:
257 return "AES-192-ECB";
258 case NID_aes_128_ecb:
259 return "AES-128-ECB";
260 case NID_aes_256_cbc:
261 return "AES-256-CBC";
262 case NID_aes_192_cbc:
263 return "AES-192-CBC";
264 case NID_aes_128_cbc:
265 return "AES-128-CBC";
266 case NID_aes_256_ctr:
267 return "AES-256-CTR";
268 case NID_aes_192_ctr:
269 return "AES-192-CTR";
270 case NID_aes_128_ctr:
271 return "AES-128-CTR";
272 case NID_aes_256_xts:
273 return "AES-256-XTS";
274 case NID_aes_128_xts:
275 return "AES-128-XTS";
276 case NID_aes_256_gcm:
277 return "AES-256-GCM";
278 case NID_aes_192_gcm:
279 return "AES-192-GCM";
280 case NID_aes_128_gcm:
281 return "AES-128-GCM";
282 case NID_aes_256_ccm:
283 return "AES-256-CCM";
284 case NID_aes_192_ccm:
285 return "AES-192-CCM";
286 case NID_aes_128_ccm:
287 return "AES-128-CCM";
288 case NID_id_aes256_wrap:
289 return "AES-256-WRAP";
290 case NID_id_aes192_wrap:
291 return "AES-192-WRAP";
292 case NID_id_aes128_wrap:
293 return "AES-128-WRAP";
294 case NID_id_aes256_wrap_pad:
295 return "AES-256-WRAP-PAD";
296 case NID_id_aes192_wrap_pad:
297 return "AES-192-WRAP-PAD";
298 case NID_id_aes128_wrap_pad:
299 return "AES-128-WRAP-PAD";
300 case NID_des_ede3_ecb:
302 case NID_des_ede3_cbc:
303 return "DES-EDE3-CBC";
312 * For the algorithm names, we use the following formula for our primary
315 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
317 * VERSION is only present if there are multiple versions of
318 * an alg (MD2, MD4, MD5). It may be omitted if there is only
319 * one version (if a subsequent version is released in the future,
320 * we can always change the canonical name, and add the old name
323 * SUBNAME may be present where we are combining multiple
324 * algorithms together, e.g. MD5-SHA1.
326 * SIZE is only present if multiple versions of an algorithm exist
327 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
329 * MODE is only present where applicable.
331 * We add diverse other names where applicable, such as the names that
332 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
333 * we have used historically.
335 static const OSSL_ALGORITHM fips_digests[] = {
336 /* Our primary name:NiST name[:our older names] */
337 { "SHA1:SHA-1", "fips=yes", sha1_functions },
338 { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
339 { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
340 { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
341 { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
342 { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
343 sha512_224_functions },
344 { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
345 sha512_256_functions },
347 /* We agree with NIST here, so one name only */
348 { "SHA3-224", "fips=yes", sha3_224_functions },
349 { "SHA3-256", "fips=yes", sha3_256_functions },
350 { "SHA3-384", "fips=yes", sha3_384_functions },
351 { "SHA3-512", "fips=yes", sha3_512_functions },
353 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
354 * KMAC128 and KMAC256.
356 { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
357 { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
362 static const OSSL_ALGORITHM fips_ciphers[] = {
363 /* Our primary name[:ASN.1 OID name][:our older names] */
364 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
365 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
366 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
367 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
368 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
369 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
370 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
371 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
372 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
373 { "AES-256-XTS", "fips=yes", aes256xts_functions },
374 { "AES-128-XTS", "fips=yes", aes128xts_functions },
375 { "AES-256-GCM:id-aes256-GCM", "fips=yes", aes256gcm_functions },
376 { "AES-192-GCM:id-aes192-GCM", "fips=yes", aes192gcm_functions },
377 { "AES-128-GCM:id-aes128-GCM", "fips=yes", aes128gcm_functions },
378 { "AES-256-CCM:id-aes256-CCM", "fips=yes", aes256ccm_functions },
379 { "AES-192-CCM:id-aes192-CCM", "fips=yes", aes192ccm_functions },
380 { "AES-128-CCM:id-aes128-CCM", "fips=yes", aes128ccm_functions },
381 { "AES-256-WRAP:id-aes256-wrap:AES256-WRAP", "fips=yes",
382 aes256wrap_functions },
383 { "AES-192-WRAP:id-aes192-wrap:AES192-WRAP", "fips=yes",
384 aes192wrap_functions },
385 { "AES-128-WRAP:id-aes128-wrap:AES128-WRAP", "fips=yes",
386 aes128wrap_functions },
387 { "AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", "fips=yes",
388 aes256wrappad_functions },
389 { "AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", "fips=yes",
390 aes192wrappad_functions },
391 { "AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", "fips=yes",
392 aes128wrappad_functions },
393 #ifndef OPENSSL_NO_DES
394 { "DES-EDE3-ECB:DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
395 { "DES-EDE3-CBC:DES3", "fips=yes", tdes_ede3_cbc_functions },
396 #endif /* OPENSSL_NO_DES */
400 static const OSSL_ALGORITHM fips_macs[] = {
401 #ifndef OPENSSL_NO_CMAC
402 { "CMAC", "fips=yes", cmac_functions },
404 { "GMAC", "fips=yes", gmac_functions },
405 { "HMAC", "fips=yes", hmac_functions },
406 { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
407 { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
411 static const OSSL_ALGORITHM fips_kdfs[] = {
412 { "HKDF", "fips=yes", kdf_hkdf_functions },
413 { "SSKDF", "fips=yes", kdf_sskdf_functions },
414 { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
415 { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
416 { "KBKDF", "fips=yes", kdf_kbkdf_functions },
420 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
425 switch (operation_id) {
438 /* Functions we provide to the core */
439 static const OSSL_DISPATCH fips_dispatch_table[] = {
441 * To release our resources we just need to free the OPENSSL_CTX so we just
442 * use OPENSSL_CTX_free directly as our teardown function
444 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
445 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
446 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
447 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
451 /* Functions we provide to ourself */
452 static const OSSL_DISPATCH intern_dispatch_table[] = {
453 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
458 int OSSL_provider_init(const OSSL_PROVIDER *provider,
459 const OSSL_DISPATCH *in,
460 const OSSL_DISPATCH **out,
466 for (; in->function_id != 0; in++) {
467 switch (in->function_id) {
468 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
469 c_gettable_params = OSSL_get_core_gettable_params(in);
471 case OSSL_FUNC_CORE_GET_PARAMS:
472 c_get_params = OSSL_get_core_get_params(in);
474 case OSSL_FUNC_CORE_THREAD_START:
475 c_thread_start = OSSL_get_core_thread_start(in);
477 case OSSL_FUNC_CORE_NEW_ERROR:
478 c_new_error = OSSL_get_core_new_error(in);
480 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
481 c_set_error_debug = OSSL_get_core_set_error_debug(in);
483 case OSSL_FUNC_CORE_VSET_ERROR:
484 c_vset_error = OSSL_get_core_vset_error(in);
486 case OSSL_FUNC_CRYPTO_MALLOC:
487 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
489 case OSSL_FUNC_CRYPTO_ZALLOC:
490 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
492 case OSSL_FUNC_CRYPTO_FREE:
493 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
495 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
496 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
498 case OSSL_FUNC_CRYPTO_REALLOC:
499 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
501 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
502 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
504 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
505 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
507 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
508 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
510 case OSSL_FUNC_CRYPTO_SECURE_FREE:
511 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
513 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
514 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
516 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
517 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
519 case OSSL_FUNC_CRYPTO_MEM_CTRL:
520 c_CRYPTO_mem_ctrl = OSSL_get_CRYPTO_mem_ctrl(in);
522 case OSSL_FUNC_BIO_NEW_FILE:
523 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
525 case OSSL_FUNC_BIO_NEW_MEMBUF:
526 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
528 case OSSL_FUNC_BIO_READ_EX:
529 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
531 case OSSL_FUNC_BIO_FREE:
532 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
535 /* Just ignore anything we don't understand */
540 if (!c_get_params(provider, core_params))
543 /* Create a context. */
544 if ((ctx = OPENSSL_CTX_new()) == NULL)
546 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
547 &fips_prov_ossl_ctx_method)) == NULL) {
548 OPENSSL_CTX_free(ctx);
552 fgbl->prov = provider;
554 selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
555 if (!SELF_TEST_post(&selftest_params, 0)) {
556 OPENSSL_CTX_free(ctx);
560 *out = fips_dispatch_table;
564 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
565 * EVP calls from within the FIPS module.
567 if (!dummy_evp_call(*provctx)) {
568 OPENSSL_CTX_free(*provctx);
577 * The internal init function used when the FIPS module uses EVP to call
578 * another algorithm also in the FIPS module. This is a recursive call that has
579 * been made from within the FIPS module itself. To make this work, we populate
580 * the provider context of this inner instance with the same library context
581 * that was used in the EVP call that initiated this recursive call.
583 OSSL_provider_init_fn fips_intern_provider_init;
584 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
585 const OSSL_DISPATCH *in,
586 const OSSL_DISPATCH **out,
589 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
591 for (; in->function_id != 0; in++) {
592 switch (in->function_id) {
593 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
594 c_get_libctx = OSSL_get_core_get_library_context(in);
601 if (c_get_libctx == NULL)
604 *provctx = c_get_libctx(provider);
607 * Safety measure... we should get the library context that was
608 * created up in OSSL_provider_init().
610 if (*provctx == NULL)
613 *out = intern_dispatch_table;
622 void ERR_set_debug(const char *file, int line, const char *func)
624 c_set_error_debug(NULL, file, line, func);
627 void ERR_set_error(int lib, int reason, const char *fmt, ...)
632 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
636 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
638 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
641 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
643 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
644 &fips_prov_ossl_ctx_method);
652 void *CRYPTO_malloc(size_t num, const char *file, int line)
654 return c_CRYPTO_malloc(num, file, line);
657 void *CRYPTO_zalloc(size_t num, const char *file, int line)
659 return c_CRYPTO_zalloc(num, file, line);
662 void CRYPTO_free(void *ptr, const char *file, int line)
664 c_CRYPTO_free(ptr, file, line);
667 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
669 c_CRYPTO_clear_free(ptr, num, file, line);
672 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
674 return c_CRYPTO_realloc(addr, num, file, line);
677 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
678 const char *file, int line)
680 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
683 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
685 return c_CRYPTO_secure_malloc(num, file, line);
688 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
690 return c_CRYPTO_secure_zalloc(num, file, line);
693 void CRYPTO_secure_free(void *ptr, const char *file, int line)
695 c_CRYPTO_secure_free(ptr, file, line);
698 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
700 c_CRYPTO_secure_clear_free(ptr, num, file, line);
703 int CRYPTO_secure_allocated(const void *ptr)
705 return c_CRYPTO_secure_allocated(ptr);
708 int CRYPTO_mem_ctrl(int mode)
710 return c_CRYPTO_mem_ctrl(mode);