2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/nelem.h"
29 #include "crypto/evp.h"
30 #include "prov/implementations.h"
31 #include "prov/provider_ctx.h"
32 #include "prov/providercommon.h"
33 #include "prov/provider_util.h"
36 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
37 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
39 extern OSSL_core_thread_start_fn *c_thread_start;
42 * TODO(3.0): Should these be stored in the provider side provctx? Could they
43 * ever be different from one init to the next? Unfortunately we can't do this
44 * at the moment because c_put_error/c_add_error_vdata do not provide
45 * us with the OPENSSL_CTX as a parameter.
48 static SELF_TEST_POST_PARAMS selftest_params;
50 /* Functions provided by the core */
51 static OSSL_core_gettable_params_fn *c_gettable_params;
52 static OSSL_core_get_params_fn *c_get_params;
53 OSSL_core_thread_start_fn *c_thread_start;
54 static OSSL_core_new_error_fn *c_new_error;
55 static OSSL_core_set_error_debug_fn *c_set_error_debug;
56 static OSSL_core_vset_error_fn *c_vset_error;
57 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
58 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
59 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
60 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
61 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
62 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
63 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
64 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
65 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
66 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
67 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
69 typedef struct fips_global_st {
70 const OSSL_PROVIDER *prov;
73 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
75 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
80 static void fips_prov_ossl_ctx_free(void *fgbl)
85 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
86 fips_prov_ossl_ctx_new,
87 fips_prov_ossl_ctx_free,
91 /* Parameters we provide to the core */
92 static const OSSL_PARAM fips_param_types[] = {
93 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
94 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
95 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
100 * Parameters to retrieve from the core provider - required for self testing.
101 * NOTE: inside core_get_params() these will be loaded from config items
102 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
104 static OSSL_PARAM core_params[] =
106 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
107 selftest_params.module_filename,
108 sizeof(selftest_params.module_filename)),
109 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
110 selftest_params.module_checksum_data,
111 sizeof(selftest_params.module_checksum_data)),
112 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
113 selftest_params.indicator_checksum_data,
114 sizeof(selftest_params.indicator_checksum_data)),
115 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
116 selftest_params.indicator_data,
117 sizeof(selftest_params.indicator_data)),
118 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
119 selftest_params.indicator_version,
120 sizeof(selftest_params.indicator_version)),
124 /* TODO(3.0): To be removed */
125 static int dummy_evp_call(void *provctx)
127 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
128 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
129 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
130 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
131 char msg[] = "Hello World!";
132 const unsigned char exptd[] = {
133 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
134 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
135 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
137 unsigned int dgstlen = 0;
138 unsigned char dgst[SHA256_DIGEST_LENGTH];
140 BN_CTX *bnctx = NULL;
141 BIGNUM *a = NULL, *b = NULL;
142 unsigned char randbuf[128];
143 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
144 #ifndef OPENSSL_NO_EC
148 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
151 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
153 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
155 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
157 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
160 bnctx = BN_CTX_new_ex(libctx);
164 a = BN_CTX_get(bnctx);
165 b = BN_CTX_get(bnctx);
171 || BN_cmp(a, b) != 0)
174 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
177 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
180 #ifndef OPENSSL_NO_EC
181 /* Do some dummy EC calls */
182 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
186 if (!EC_KEY_generate_key(key))
196 EVP_MD_CTX_free(ctx);
199 #ifndef OPENSSL_NO_EC
205 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
207 return fips_param_types;
210 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
214 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
215 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
217 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
218 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
220 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
221 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
227 /* FIPS specific version of the function of the same name in provlib.c */
228 const char *ossl_prov_util_nid_to_name(int nid)
230 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
245 return "SHA-512/224";
247 return "SHA-512/256";
258 case NID_aes_256_ecb:
259 return "AES-256-ECB";
260 case NID_aes_192_ecb:
261 return "AES-192-ECB";
262 case NID_aes_128_ecb:
263 return "AES-128-ECB";
264 case NID_aes_256_cbc:
265 return "AES-256-CBC";
266 case NID_aes_192_cbc:
267 return "AES-192-CBC";
268 case NID_aes_128_cbc:
269 return "AES-128-CBC";
270 case NID_aes_256_ctr:
271 return "AES-256-CTR";
272 case NID_aes_192_ctr:
273 return "AES-192-CTR";
274 case NID_aes_128_ctr:
275 return "AES-128-CTR";
276 case NID_aes_256_xts:
277 return "AES-256-XTS";
278 case NID_aes_128_xts:
279 return "AES-128-XTS";
280 case NID_aes_256_gcm:
281 return "AES-256-GCM";
282 case NID_aes_192_gcm:
283 return "AES-192-GCM";
284 case NID_aes_128_gcm:
285 return "AES-128-GCM";
286 case NID_aes_256_ccm:
287 return "AES-256-CCM";
288 case NID_aes_192_ccm:
289 return "AES-192-CCM";
290 case NID_aes_128_ccm:
291 return "AES-128-CCM";
292 case NID_id_aes256_wrap:
293 return "AES-256-WRAP";
294 case NID_id_aes192_wrap:
295 return "AES-192-WRAP";
296 case NID_id_aes128_wrap:
297 return "AES-128-WRAP";
298 case NID_id_aes256_wrap_pad:
299 return "AES-256-WRAP-PAD";
300 case NID_id_aes192_wrap_pad:
301 return "AES-192-WRAP-PAD";
302 case NID_id_aes128_wrap_pad:
303 return "AES-128-WRAP-PAD";
304 case NID_des_ede3_ecb:
306 case NID_des_ede3_cbc:
307 return "DES-EDE3-CBC";
308 case NID_aes_256_cbc_hmac_sha256:
309 return "AES-256-CBC-HMAC-SHA256";
310 case NID_aes_128_cbc_hmac_sha256:
311 return "AES-128-CBC-HMAC-SHA256";
312 case NID_aes_256_cbc_hmac_sha1:
313 return "AES-256-CBC-HMAC-SHA1";
314 case NID_aes_128_cbc_hmac_sha1:
315 return "AES-128-CBC-HMAC-SHA1";
324 * For the algorithm names, we use the following formula for our primary
327 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
329 * VERSION is only present if there are multiple versions of
330 * an alg (MD2, MD4, MD5). It may be omitted if there is only
331 * one version (if a subsequent version is released in the future,
332 * we can always change the canonical name, and add the old name
335 * SUBNAME may be present where we are combining multiple
336 * algorithms together, e.g. MD5-SHA1.
338 * SIZE is only present if multiple versions of an algorithm exist
339 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
341 * MODE is only present where applicable.
343 * We add diverse other names where applicable, such as the names that
344 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
345 * we have used historically.
347 static const OSSL_ALGORITHM fips_digests[] = {
348 /* Our primary name:NiST name[:our older names] */
349 { "SHA1:SHA-1", "fips=yes", sha1_functions },
350 { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
351 { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
352 { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
353 { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
354 { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
355 sha512_224_functions },
356 { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
357 sha512_256_functions },
359 /* We agree with NIST here, so one name only */
360 { "SHA3-224", "fips=yes", sha3_224_functions },
361 { "SHA3-256", "fips=yes", sha3_256_functions },
362 { "SHA3-384", "fips=yes", sha3_384_functions },
363 { "SHA3-512", "fips=yes", sha3_512_functions },
365 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
366 * KMAC128 and KMAC256.
368 { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
369 { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
374 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
375 /* Our primary name[:ASN.1 OID name][:our older names] */
376 ALG("AES-256-ECB", aes256ecb_functions),
377 ALG("AES-192-ECB", aes192ecb_functions),
378 ALG("AES-128-ECB", aes128ecb_functions),
379 ALG("AES-256-CBC", aes256cbc_functions),
380 ALG("AES-192-CBC", aes192cbc_functions),
381 ALG("AES-128-CBC", aes128cbc_functions),
382 ALG("AES-256-CTR", aes256ctr_functions),
383 ALG("AES-192-CTR", aes192ctr_functions),
384 ALG("AES-128-CTR", aes128ctr_functions),
385 ALG("AES-256-XTS", aes256xts_functions),
386 ALG("AES-128-XTS", aes128xts_functions),
387 ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
388 ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
389 ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
390 ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
391 ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
392 ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
393 ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
394 ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
395 ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
396 ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
397 aes256wrappad_functions),
398 ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
399 aes192wrappad_functions),
400 ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
401 aes128wrappad_functions),
402 ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
403 cipher_capable_aes_cbc_hmac_sha1),
404 ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
405 cipher_capable_aes_cbc_hmac_sha1),
406 ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
407 cipher_capable_aes_cbc_hmac_sha256),
408 ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
409 cipher_capable_aes_cbc_hmac_sha256),
410 #ifndef OPENSSL_NO_DES
411 ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
412 ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
413 #endif /* OPENSSL_NO_DES */
414 { { NULL, NULL, NULL }, NULL }
416 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
418 static const OSSL_ALGORITHM fips_macs[] = {
419 #ifndef OPENSSL_NO_CMAC
420 { "CMAC", "fips=yes", cmac_functions },
422 { "GMAC", "fips=yes", gmac_functions },
423 { "HMAC", "fips=yes", hmac_functions },
424 { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
425 { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
429 static const OSSL_ALGORITHM fips_kdfs[] = {
430 { "HKDF", "fips=yes", kdf_hkdf_functions },
431 { "SSKDF", "fips=yes", kdf_sskdf_functions },
432 { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
433 { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
434 { "KBKDF", "fips=yes", kdf_kbkdf_functions },
439 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
444 switch (operation_id) {
448 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
449 return exported_fips_ciphers;
458 /* Functions we provide to the core */
459 static const OSSL_DISPATCH fips_dispatch_table[] = {
461 * To release our resources we just need to free the OPENSSL_CTX so we just
462 * use OPENSSL_CTX_free directly as our teardown function
464 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
465 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
466 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
467 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
471 /* Functions we provide to ourself */
472 static const OSSL_DISPATCH intern_dispatch_table[] = {
473 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
478 int OSSL_provider_init(const OSSL_PROVIDER *provider,
479 const OSSL_DISPATCH *in,
480 const OSSL_DISPATCH **out,
486 for (; in->function_id != 0; in++) {
487 switch (in->function_id) {
488 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
489 c_gettable_params = OSSL_get_core_gettable_params(in);
491 case OSSL_FUNC_CORE_GET_PARAMS:
492 c_get_params = OSSL_get_core_get_params(in);
494 case OSSL_FUNC_CORE_THREAD_START:
495 c_thread_start = OSSL_get_core_thread_start(in);
497 case OSSL_FUNC_CORE_NEW_ERROR:
498 c_new_error = OSSL_get_core_new_error(in);
500 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
501 c_set_error_debug = OSSL_get_core_set_error_debug(in);
503 case OSSL_FUNC_CORE_VSET_ERROR:
504 c_vset_error = OSSL_get_core_vset_error(in);
506 case OSSL_FUNC_CRYPTO_MALLOC:
507 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
509 case OSSL_FUNC_CRYPTO_ZALLOC:
510 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
512 case OSSL_FUNC_CRYPTO_FREE:
513 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
515 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
516 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
518 case OSSL_FUNC_CRYPTO_REALLOC:
519 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
521 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
522 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
524 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
525 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
527 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
528 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
530 case OSSL_FUNC_CRYPTO_SECURE_FREE:
531 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
533 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
534 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
536 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
537 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
539 case OSSL_FUNC_BIO_NEW_FILE:
540 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
542 case OSSL_FUNC_BIO_NEW_MEMBUF:
543 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
545 case OSSL_FUNC_BIO_READ_EX:
546 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
548 case OSSL_FUNC_BIO_FREE:
549 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
552 /* Just ignore anything we don't understand */
557 if (!c_get_params(provider, core_params))
560 /* Create a context. */
561 if ((ctx = OPENSSL_CTX_new()) == NULL)
563 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
564 &fips_prov_ossl_ctx_method)) == NULL) {
565 OPENSSL_CTX_free(ctx);
569 fgbl->prov = provider;
571 selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
572 if (!SELF_TEST_post(&selftest_params, 0)) {
573 OPENSSL_CTX_free(ctx);
577 *out = fips_dispatch_table;
581 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
582 * EVP calls from within the FIPS module.
584 if (!dummy_evp_call(*provctx)) {
585 OPENSSL_CTX_free(*provctx);
594 * The internal init function used when the FIPS module uses EVP to call
595 * another algorithm also in the FIPS module. This is a recursive call that has
596 * been made from within the FIPS module itself. To make this work, we populate
597 * the provider context of this inner instance with the same library context
598 * that was used in the EVP call that initiated this recursive call.
600 OSSL_provider_init_fn fips_intern_provider_init;
601 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
602 const OSSL_DISPATCH *in,
603 const OSSL_DISPATCH **out,
606 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
608 for (; in->function_id != 0; in++) {
609 switch (in->function_id) {
610 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
611 c_get_libctx = OSSL_get_core_get_library_context(in);
618 if (c_get_libctx == NULL)
621 *provctx = c_get_libctx(provider);
624 * Safety measure... we should get the library context that was
625 * created up in OSSL_provider_init().
627 if (*provctx == NULL)
630 *out = intern_dispatch_table;
639 void ERR_set_debug(const char *file, int line, const char *func)
641 c_set_error_debug(NULL, file, line, func);
644 void ERR_set_error(int lib, int reason, const char *fmt, ...)
649 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
653 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
655 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
658 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
660 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
661 &fips_prov_ossl_ctx_method);
669 void *CRYPTO_malloc(size_t num, const char *file, int line)
671 return c_CRYPTO_malloc(num, file, line);
674 void *CRYPTO_zalloc(size_t num, const char *file, int line)
676 return c_CRYPTO_zalloc(num, file, line);
679 void CRYPTO_free(void *ptr, const char *file, int line)
681 c_CRYPTO_free(ptr, file, line);
684 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
686 c_CRYPTO_clear_free(ptr, num, file, line);
689 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
691 return c_CRYPTO_realloc(addr, num, file, line);
694 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
695 const char *file, int line)
697 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
700 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
702 return c_CRYPTO_secure_malloc(num, file, line);
705 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
707 return c_CRYPTO_secure_zalloc(num, file, line);
710 void CRYPTO_secure_free(void *ptr, const char *file, int line)
712 c_CRYPTO_secure_free(ptr, file, line);
715 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
717 c_CRYPTO_secure_clear_free(ptr, num, file, line);
720 int CRYPTO_secure_allocated(const void *ptr)
722 return c_CRYPTO_secure_allocated(ptr);