2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
19 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
20 #include <openssl/sha.h>
21 #include <openssl/rand_drbg.h>
22 #include <openssl/ec.h>
23 #include <openssl/fips_names.h>
25 #include "internal/cryptlib.h"
26 #include "internal/property.h"
27 #include "internal/evp_int.h"
28 #include "internal/provider_algs.h"
29 #include "internal/provider_ctx.h"
30 #include "internal/providercommon.h"
33 extern OSSL_core_thread_start_fn *c_thread_start;
36 * TODO(3.0): Should these be stored in the provider side provctx? Could they
37 * ever be different from one init to the next? Unfortunately we can't do this
38 * at the moment because c_put_error/c_add_error_vdata do not provide
39 * us with the OPENSSL_CTX as a parameter.
42 static SELF_TEST_POST_PARAMS selftest_params;
44 /* Functions provided by the core */
45 static OSSL_core_gettable_params_fn *c_gettable_params;
46 static OSSL_core_get_params_fn *c_get_params;
47 OSSL_core_thread_start_fn *c_thread_start;
48 static OSSL_core_new_error_fn *c_new_error;
49 static OSSL_core_set_error_debug_fn *c_set_error_debug;
50 static OSSL_core_vset_error_fn *c_vset_error;
51 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
52 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
53 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
54 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
55 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
56 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
57 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
58 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
59 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
60 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
61 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
63 typedef struct fips_global_st {
64 const OSSL_PROVIDER *prov;
67 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
69 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
74 static void fips_prov_ossl_ctx_free(void *fgbl)
79 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
80 fips_prov_ossl_ctx_new,
81 fips_prov_ossl_ctx_free,
85 /* Parameters we provide to the core */
86 static const OSSL_PARAM fips_param_types[] = {
87 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
88 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
94 * Parameters to retrieve from the core provider - required for self testing.
95 * NOTE: inside core_get_params() these will be loaded from config items
96 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
98 static OSSL_PARAM core_params[] =
100 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
101 selftest_params.module_filename,
102 sizeof(selftest_params.module_filename)),
103 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
104 selftest_params.module_checksum_data,
105 sizeof(selftest_params.module_checksum_data)),
106 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
107 selftest_params.indicator_checksum_data,
108 sizeof(selftest_params.indicator_checksum_data)),
109 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
110 selftest_params.indicator_data,
111 sizeof(selftest_params.indicator_data)),
112 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
113 selftest_params.indicator_version,
114 sizeof(selftest_params.indicator_version)),
118 /* TODO(3.0): To be removed */
119 static int dummy_evp_call(void *provctx)
121 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
122 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
123 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
124 char msg[] = "Hello World!";
125 const unsigned char exptd[] = {
126 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
127 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
128 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
130 unsigned int dgstlen = 0;
131 unsigned char dgst[SHA256_DIGEST_LENGTH];
133 BN_CTX *bnctx = NULL;
134 BIGNUM *a = NULL, *b = NULL;
135 unsigned char randbuf[128];
136 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
137 #ifndef OPENSSL_NO_EC
141 if (ctx == NULL || sha256 == NULL || drbg == NULL)
144 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
146 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
148 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
150 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
153 bnctx = BN_CTX_new_ex(libctx);
157 a = BN_CTX_get(bnctx);
158 b = BN_CTX_get(bnctx);
164 || BN_cmp(a, b) != 0)
167 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
170 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
173 #ifndef OPENSSL_NO_EC
174 /* Do some dummy EC calls */
175 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
179 if (!EC_KEY_generate_key(key))
188 EVP_MD_CTX_free(ctx);
189 EVP_MD_meth_free(sha256);
191 #ifndef OPENSSL_NO_EC
197 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
199 return fips_param_types;
202 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
206 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
207 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
213 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
219 /* FIPS specific version of the function of the same name in provlib.c */
220 const char *ossl_prov_util_nid_to_name(int nid)
222 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
250 case NID_aes_256_ecb:
251 return "AES-256-ECB";
252 case NID_aes_192_ecb:
253 return "AES-192-ECB";
254 case NID_aes_128_ecb:
255 return "AES-128-ECB";
256 case NID_aes_256_cbc:
257 return "AES-256-CBC";
258 case NID_aes_192_cbc:
259 return "AES-192-CBC";
260 case NID_aes_128_cbc:
261 return "AES-128-CBC";
262 case NID_aes_256_ctr:
263 return "AES-256-CTR";
264 case NID_aes_192_ctr:
265 return "AES-192-CTR";
266 case NID_aes_128_ctr:
267 return "AES-128-CTR";
268 /* TODO(3.0) Change these when we have aliases */
269 case NID_aes_256_gcm:
270 return "id-aes256-GCM";
271 case NID_aes_192_gcm:
272 return "id-aes192-GCM";
273 case NID_aes_128_gcm:
274 return "id-aes128-GCM";
275 case NID_aes_256_ccm:
276 return "id-aes256-CCM";
277 case NID_aes_192_ccm:
278 return "id-aes192-CCM";
279 case NID_aes_128_ccm:
280 return "id-aes128-CCM";
288 static const OSSL_ALGORITHM fips_digests[] = {
289 { "SHA1", "fips=yes", sha1_functions },
290 { "SHA224", "fips=yes", sha224_functions },
291 { "SHA256", "fips=yes", sha256_functions },
292 { "SHA384", "fips=yes", sha384_functions },
293 { "SHA512", "fips=yes", sha512_functions },
294 { "SHA512-224", "fips=yes", sha512_224_functions },
295 { "SHA512-256", "fips=yes", sha512_256_functions },
296 { "SHA3-224", "fips=yes", sha3_224_functions },
297 { "SHA3-256", "fips=yes", sha3_256_functions },
298 { "SHA3-384", "fips=yes", sha3_384_functions },
299 { "SHA3-512", "fips=yes", sha3_512_functions },
301 * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for
302 * the KMAC128 and KMAC256.
304 { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions },
305 { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions },
310 static const OSSL_ALGORITHM fips_ciphers[] = {
311 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
312 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
313 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
314 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
315 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
316 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
317 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
318 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
319 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
320 /* TODO(3.0) Add aliases for these ciphers */
321 { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
322 { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
323 { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
324 { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
325 { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
326 { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
327 { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
328 { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
332 static const OSSL_ALGORITHM fips_macs[] = {
333 { "CMAC", "fips=yes", cmac_functions },
334 { "GMAC", "fips=yes", gmac_functions },
335 { "HMAC", "fips=yes", hmac_functions },
336 { "KMAC128", "fips=yes", kmac128_functions },
337 { "KMAC256", "fips=yes", kmac256_functions },
341 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
346 switch (operation_id) {
357 /* Functions we provide to the core */
358 static const OSSL_DISPATCH fips_dispatch_table[] = {
360 * To release our resources we just need to free the OPENSSL_CTX so we just
361 * use OPENSSL_CTX_free directly as our teardown function
363 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
364 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
365 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
366 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
370 /* Functions we provide to ourself */
371 static const OSSL_DISPATCH intern_dispatch_table[] = {
372 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
377 int OSSL_provider_init(const OSSL_PROVIDER *provider,
378 const OSSL_DISPATCH *in,
379 const OSSL_DISPATCH **out,
385 for (; in->function_id != 0; in++) {
386 switch (in->function_id) {
387 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
388 c_gettable_params = OSSL_get_core_gettable_params(in);
390 case OSSL_FUNC_CORE_GET_PARAMS:
391 c_get_params = OSSL_get_core_get_params(in);
393 case OSSL_FUNC_CORE_THREAD_START:
394 c_thread_start = OSSL_get_core_thread_start(in);
396 case OSSL_FUNC_CORE_NEW_ERROR:
397 c_new_error = OSSL_get_core_new_error(in);
399 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
400 c_set_error_debug = OSSL_get_core_set_error_debug(in);
402 case OSSL_FUNC_CORE_VSET_ERROR:
403 c_vset_error = OSSL_get_core_vset_error(in);
405 case OSSL_FUNC_CRYPTO_MALLOC:
406 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
408 case OSSL_FUNC_CRYPTO_ZALLOC:
409 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
411 case OSSL_FUNC_CRYPTO_FREE:
412 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
414 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
415 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
417 case OSSL_FUNC_CRYPTO_REALLOC:
418 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
420 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
421 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
423 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
424 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
426 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
427 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
429 case OSSL_FUNC_CRYPTO_SECURE_FREE:
430 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
432 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
433 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
435 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
436 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
438 case OSSL_FUNC_BIO_NEW_FILE:
439 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
441 case OSSL_FUNC_BIO_NEW_MEMBUF:
442 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
444 case OSSL_FUNC_BIO_READ:
445 selftest_params.bio_read_cb = OSSL_get_BIO_read(in);
447 case OSSL_FUNC_BIO_FREE:
448 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
451 /* Just ignore anything we don't understand */
456 if (!c_get_params(provider, core_params))
459 /* Create a context. */
460 if ((ctx = OPENSSL_CTX_new()) == NULL)
462 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
463 &fips_prov_ossl_ctx_method)) == NULL) {
464 OPENSSL_CTX_free(ctx);
467 fgbl->prov = provider;
468 *out = fips_dispatch_table;
472 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
473 * EVP calls from within the FIPS module.
475 if (!dummy_evp_call(*provctx)) {
476 OPENSSL_CTX_free(*provctx);
485 * The internal init function used when the FIPS module uses EVP to call
486 * another algorithm also in the FIPS module. This is a recursive call that has
487 * been made from within the FIPS module itself. To make this work, we populate
488 * the provider context of this inner instance with the same library context
489 * that was used in the EVP call that initiated this recursive call.
491 OSSL_provider_init_fn fips_intern_provider_init;
492 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
493 const OSSL_DISPATCH *in,
494 const OSSL_DISPATCH **out,
497 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
499 for (; in->function_id != 0; in++) {
500 switch (in->function_id) {
501 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
502 c_get_libctx = OSSL_get_core_get_library_context(in);
509 if (c_get_libctx == NULL)
512 *provctx = c_get_libctx(provider);
515 * Safety measure... we should get the library context that was
516 * created up in OSSL_provider_init().
518 if (*provctx == NULL)
521 *out = intern_dispatch_table;
530 void ERR_set_debug(const char *file, int line, const char *func)
532 c_set_error_debug(NULL, file, line, func);
535 void ERR_set_error(int lib, int reason, const char *fmt, ...)
540 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
544 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
546 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
549 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
551 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
552 &fips_prov_ossl_ctx_method);
560 void *CRYPTO_malloc(size_t num, const char *file, int line)
562 return c_CRYPTO_malloc(num, file, line);
565 void *CRYPTO_zalloc(size_t num, const char *file, int line)
567 return c_CRYPTO_zalloc(num, file, line);
570 void CRYPTO_free(void *ptr, const char *file, int line)
572 c_CRYPTO_free(ptr, file, line);
575 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
577 c_CRYPTO_clear_free(ptr, num, file, line);
580 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
582 return c_CRYPTO_realloc(addr, num, file, line);
585 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
586 const char *file, int line)
588 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
591 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
593 return c_CRYPTO_secure_malloc(num, file, line);
596 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
598 return c_CRYPTO_secure_zalloc(num, file, line);
601 void CRYPTO_secure_free(void *ptr, const char *file, int line)
603 c_CRYPTO_secure_free(ptr, file, line);
606 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
608 c_CRYPTO_secure_clear_free(ptr, num, file, line);
611 int CRYPTO_secure_allocated(const void *ptr)
613 return c_CRYPTO_secure_allocated(ptr);