2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/nelem.h"
29 #include "openssl/param_build.h"
30 #include "crypto/evp.h"
31 #include "prov/implementations.h"
32 #include "prov/provider_ctx.h"
33 #include "prov/providercommon.h"
34 #include "prov/provider_util.h"
35 #include "self_test.h"
37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
40 extern OSSL_core_thread_start_fn *c_thread_start;
43 * TODO(3.0): Should these be stored in the provider side provctx? Could they
44 * ever be different from one init to the next? Unfortunately we can't do this
45 * at the moment because c_put_error/c_add_error_vdata do not provide
46 * us with the OPENSSL_CTX as a parameter.
49 static SELF_TEST_POST_PARAMS selftest_params;
51 /* Functions provided by the core */
52 static OSSL_core_gettable_params_fn *c_gettable_params;
53 static OSSL_core_get_params_fn *c_get_params;
54 OSSL_core_thread_start_fn *c_thread_start;
55 static OSSL_core_new_error_fn *c_new_error;
56 static OSSL_core_set_error_debug_fn *c_set_error_debug;
57 static OSSL_core_vset_error_fn *c_vset_error;
58 static OSSL_core_set_error_mark_fn *c_set_error_mark;
59 static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
60 static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
61 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
62 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
63 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
64 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
65 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
66 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
67 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
68 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
69 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
70 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
71 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
72 static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
74 typedef struct fips_global_st {
75 const OSSL_PROVIDER *prov;
78 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
80 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
85 static void fips_prov_ossl_ctx_free(void *fgbl)
90 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
91 fips_prov_ossl_ctx_new,
92 fips_prov_ossl_ctx_free,
96 /* Parameters we provide to the core */
97 static const OSSL_PARAM fips_param_types[] = {
98 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
99 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
100 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
105 * Parameters to retrieve from the core provider - required for self testing.
106 * NOTE: inside core_get_params() these will be loaded from config items
107 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
109 static OSSL_PARAM core_params[] =
111 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
112 selftest_params.module_filename,
113 sizeof(selftest_params.module_filename)),
114 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
115 selftest_params.module_checksum_data,
116 sizeof(selftest_params.module_checksum_data)),
117 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
118 selftest_params.indicator_checksum_data,
119 sizeof(selftest_params.indicator_checksum_data)),
120 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
121 selftest_params.indicator_data,
122 sizeof(selftest_params.indicator_data)),
123 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
124 selftest_params.indicator_version,
125 sizeof(selftest_params.indicator_version)),
129 /* TODO(3.0): To be removed */
130 static int dummy_evp_call(void *provctx)
132 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
133 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
134 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
135 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
136 unsigned char dgst[SHA256_DIGEST_LENGTH];
137 unsigned int dgstlen;
139 BN_CTX *bnctx = NULL;
140 BIGNUM *a = NULL, *b = NULL;
141 unsigned char randbuf[128];
142 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
143 #ifndef OPENSSL_NO_EC
147 static const char msg[] = "Hello World!";
148 static const unsigned char exptd[] = {
149 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
150 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
151 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
154 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
157 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
159 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
161 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
163 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
166 bnctx = BN_CTX_new_ex(libctx);
170 a = BN_CTX_get(bnctx);
171 b = BN_CTX_get(bnctx);
177 || BN_cmp(a, b) != 0)
180 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
183 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
186 #ifndef OPENSSL_NO_EC
187 /* Do some dummy EC calls */
188 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
192 if (!EC_KEY_generate_key(key))
202 EVP_MD_CTX_free(ctx);
205 #ifndef OPENSSL_NO_EC
211 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
213 return fips_param_types;
216 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
220 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
221 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
223 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
224 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
226 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
227 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
233 /* FIPS specific version of the function of the same name in provlib.c */
234 const char *ossl_prov_util_nid_to_name(int nid)
236 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
251 return "SHA-512/224";
253 return "SHA-512/256";
264 case NID_aes_256_ecb:
265 return "AES-256-ECB";
266 case NID_aes_192_ecb:
267 return "AES-192-ECB";
268 case NID_aes_128_ecb:
269 return "AES-128-ECB";
270 case NID_aes_256_cbc:
271 return "AES-256-CBC";
272 case NID_aes_192_cbc:
273 return "AES-192-CBC";
274 case NID_aes_128_cbc:
275 return "AES-128-CBC";
276 case NID_aes_256_ctr:
277 return "AES-256-CTR";
278 case NID_aes_192_ctr:
279 return "AES-192-CTR";
280 case NID_aes_128_ctr:
281 return "AES-128-CTR";
282 case NID_aes_256_xts:
283 return "AES-256-XTS";
284 case NID_aes_128_xts:
285 return "AES-128-XTS";
286 case NID_aes_256_gcm:
287 return "AES-256-GCM";
288 case NID_aes_192_gcm:
289 return "AES-192-GCM";
290 case NID_aes_128_gcm:
291 return "AES-128-GCM";
292 case NID_aes_256_ccm:
293 return "AES-256-CCM";
294 case NID_aes_192_ccm:
295 return "AES-192-CCM";
296 case NID_aes_128_ccm:
297 return "AES-128-CCM";
298 case NID_id_aes256_wrap:
299 return "AES-256-WRAP";
300 case NID_id_aes192_wrap:
301 return "AES-192-WRAP";
302 case NID_id_aes128_wrap:
303 return "AES-128-WRAP";
304 case NID_id_aes256_wrap_pad:
305 return "AES-256-WRAP-PAD";
306 case NID_id_aes192_wrap_pad:
307 return "AES-192-WRAP-PAD";
308 case NID_id_aes128_wrap_pad:
309 return "AES-128-WRAP-PAD";
310 case NID_des_ede3_ecb:
312 case NID_des_ede3_cbc:
313 return "DES-EDE3-CBC";
314 case NID_aes_256_cbc_hmac_sha256:
315 return "AES-256-CBC-HMAC-SHA256";
316 case NID_aes_128_cbc_hmac_sha256:
317 return "AES-128-CBC-HMAC-SHA256";
318 case NID_aes_256_cbc_hmac_sha1:
319 return "AES-256-CBC-HMAC-SHA1";
320 case NID_aes_128_cbc_hmac_sha1:
321 return "AES-128-CBC-HMAC-SHA1";
330 * For the algorithm names, we use the following formula for our primary
333 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
335 * VERSION is only present if there are multiple versions of
336 * an alg (MD2, MD4, MD5). It may be omitted if there is only
337 * one version (if a subsequent version is released in the future,
338 * we can always change the canonical name, and add the old name
341 * SUBNAME may be present where we are combining multiple
342 * algorithms together, e.g. MD5-SHA1.
344 * SIZE is only present if multiple versions of an algorithm exist
345 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
347 * MODE is only present where applicable.
349 * We add diverse other names where applicable, such as the names that
350 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
351 * we have used historically.
353 static const OSSL_ALGORITHM fips_digests[] = {
354 /* Our primary name:NiST name[:our older names] */
355 { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
356 { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
357 { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
358 { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
359 { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
360 { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
361 sha512_224_functions },
362 { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
363 sha512_256_functions },
365 /* We agree with NIST here, so one name only */
366 { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
367 { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
368 { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
369 { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
371 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
372 * KMAC128 and KMAC256.
374 { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions },
375 { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions },
377 /* Non-FIPS algorithm to support oneshot_hash in the Ed448 code */
378 { "SHAKE-256:SHAKE256", "provider=fips,fips=no", shake_256_functions },
382 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
383 /* Our primary name[:ASN.1 OID name][:our older names] */
384 ALG("AES-256-ECB", aes256ecb_functions),
385 ALG("AES-192-ECB", aes192ecb_functions),
386 ALG("AES-128-ECB", aes128ecb_functions),
387 ALG("AES-256-CBC", aes256cbc_functions),
388 ALG("AES-192-CBC", aes192cbc_functions),
389 ALG("AES-128-CBC", aes128cbc_functions),
390 ALG("AES-256-CTR", aes256ctr_functions),
391 ALG("AES-192-CTR", aes192ctr_functions),
392 ALG("AES-128-CTR", aes128ctr_functions),
393 ALG("AES-256-XTS", aes256xts_functions),
394 ALG("AES-128-XTS", aes128xts_functions),
395 ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
396 ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
397 ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
398 ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
399 ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
400 ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
401 ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
402 ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
403 ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
404 ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
405 aes256wrappad_functions),
406 ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
407 aes192wrappad_functions),
408 ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
409 aes128wrappad_functions),
410 ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
411 cipher_capable_aes_cbc_hmac_sha1),
412 ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
413 cipher_capable_aes_cbc_hmac_sha1),
414 ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
415 cipher_capable_aes_cbc_hmac_sha256),
416 ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
417 cipher_capable_aes_cbc_hmac_sha256),
418 #ifndef OPENSSL_NO_DES
419 ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
420 ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
421 #endif /* OPENSSL_NO_DES */
422 { { NULL, NULL, NULL }, NULL }
424 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
426 static const OSSL_ALGORITHM fips_macs[] = {
427 #ifndef OPENSSL_NO_CMAC
428 { "CMAC", "provider=fips,fips=yes", cmac_functions },
430 { "GMAC", "provider=fips,fips=yes", gmac_functions },
431 { "HMAC", "provider=fips,fips=yes", hmac_functions },
432 { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
433 { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
437 static const OSSL_ALGORITHM fips_kdfs[] = {
438 { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
439 { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
440 { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
441 { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
442 { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
446 static const OSSL_ALGORITHM fips_keyexch[] = {
447 #ifndef OPENSSL_NO_DH
448 { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
450 #ifndef OPENSSL_NO_EC
451 { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
452 { "X25519", "provider=fips,fips=no", x25519_keyexch_functions },
453 { "X448", "provider=fips,fips=no", x448_keyexch_functions },
458 static const OSSL_ALGORITHM fips_signature[] = {
459 #ifndef OPENSSL_NO_DSA
460 { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
462 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
463 #ifndef OPENSSL_NO_EC
464 { "ED25519", "provider=fips,fips=no", ed25519_signature_functions },
465 { "ED448", "provider=fips,fips=no", ed448_signature_functions },
466 { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
471 static const OSSL_ALGORITHM fips_asym_cipher[] = {
472 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
476 static const OSSL_ALGORITHM fips_keymgmt[] = {
477 #ifndef OPENSSL_NO_DH
478 { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
480 #ifndef OPENSSL_NO_DSA
481 { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
483 { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
484 #ifndef OPENSSL_NO_EC
485 { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
486 { "X25519", "provider=fips,fips=no", x25519_keymgmt_functions },
487 { "X448", "provider=fips,fips=no", x448_keymgmt_functions },
488 { "ED25519", "provider=fips,fips=no", ed25519_keymgmt_functions },
489 { "ED448", "provider=fips,fips=no", ed448_keymgmt_functions },
494 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
499 switch (operation_id) {
503 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
504 return exported_fips_ciphers;
509 case OSSL_OP_KEYMGMT:
511 case OSSL_OP_KEYEXCH:
513 case OSSL_OP_SIGNATURE:
514 return fips_signature;
515 case OSSL_OP_ASYM_CIPHER:
516 return fips_asym_cipher;
521 /* Functions we provide to the core */
522 static const OSSL_DISPATCH fips_dispatch_table[] = {
524 * To release our resources we just need to free the OPENSSL_CTX so we just
525 * use OPENSSL_CTX_free directly as our teardown function
527 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
528 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
529 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
530 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
534 /* Functions we provide to ourself */
535 static const OSSL_DISPATCH intern_dispatch_table[] = {
536 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
541 int OSSL_provider_init(const OSSL_PROVIDER *provider,
542 const OSSL_DISPATCH *in,
543 const OSSL_DISPATCH **out,
548 OSSL_self_test_cb_fn *stcbfn = NULL;
549 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
551 for (; in->function_id != 0; in++) {
552 switch (in->function_id) {
553 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
554 c_get_libctx = OSSL_get_core_get_library_context(in);
556 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
557 c_gettable_params = OSSL_get_core_gettable_params(in);
559 case OSSL_FUNC_CORE_GET_PARAMS:
560 c_get_params = OSSL_get_core_get_params(in);
562 case OSSL_FUNC_CORE_THREAD_START:
563 c_thread_start = OSSL_get_core_thread_start(in);
565 case OSSL_FUNC_CORE_NEW_ERROR:
566 c_new_error = OSSL_get_core_new_error(in);
568 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
569 c_set_error_debug = OSSL_get_core_set_error_debug(in);
571 case OSSL_FUNC_CORE_VSET_ERROR:
572 c_vset_error = OSSL_get_core_vset_error(in);
574 case OSSL_FUNC_CORE_SET_ERROR_MARK:
575 c_set_error_mark = OSSL_get_core_set_error_mark(in);
577 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
578 c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
580 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
581 c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
583 case OSSL_FUNC_CRYPTO_MALLOC:
584 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
586 case OSSL_FUNC_CRYPTO_ZALLOC:
587 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
589 case OSSL_FUNC_CRYPTO_FREE:
590 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
592 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
593 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
595 case OSSL_FUNC_CRYPTO_REALLOC:
596 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
598 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
599 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
601 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
602 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
604 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
605 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
607 case OSSL_FUNC_CRYPTO_SECURE_FREE:
608 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
610 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
611 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
613 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
614 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
616 case OSSL_FUNC_BIO_NEW_FILE:
617 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
619 case OSSL_FUNC_BIO_NEW_MEMBUF:
620 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
622 case OSSL_FUNC_BIO_READ_EX:
623 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
625 case OSSL_FUNC_BIO_FREE:
626 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
628 case OSSL_FUNC_BIO_VSNPRINTF:
629 c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
631 case OSSL_FUNC_SELF_TEST_CB: {
632 stcbfn = OSSL_get_self_test_cb(in);
636 /* Just ignore anything we don't understand */
641 if (stcbfn != NULL && c_get_libctx != NULL) {
642 stcbfn(c_get_libctx(provider), &selftest_params.cb,
643 &selftest_params.cb_arg);
646 selftest_params.cb = NULL;
647 selftest_params.cb_arg = NULL;
650 if (!c_get_params(provider, core_params))
653 /* Create a context. */
654 if ((ctx = OPENSSL_CTX_new()) == NULL)
656 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
657 &fips_prov_ossl_ctx_method)) == NULL) {
658 OPENSSL_CTX_free(ctx);
662 fgbl->prov = provider;
664 selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
665 if (!SELF_TEST_post(&selftest_params, 0)) {
666 OPENSSL_CTX_free(ctx);
671 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
672 * EVP calls from within the FIPS module.
674 if (!dummy_evp_call(ctx)) {
675 OPENSSL_CTX_free(ctx);
679 *out = fips_dispatch_table;
686 * The internal init function used when the FIPS module uses EVP to call
687 * another algorithm also in the FIPS module. This is a recursive call that has
688 * been made from within the FIPS module itself. To make this work, we populate
689 * the provider context of this inner instance with the same library context
690 * that was used in the EVP call that initiated this recursive call.
692 OSSL_provider_init_fn fips_intern_provider_init;
693 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
694 const OSSL_DISPATCH *in,
695 const OSSL_DISPATCH **out,
698 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
700 for (; in->function_id != 0; in++) {
701 switch (in->function_id) {
702 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
703 c_get_libctx = OSSL_get_core_get_library_context(in);
710 if (c_get_libctx == NULL)
713 *provctx = c_get_libctx(provider);
716 * Safety measure... we should get the library context that was
717 * created up in OSSL_provider_init().
719 if (*provctx == NULL)
722 *out = intern_dispatch_table;
731 void ERR_set_debug(const char *file, int line, const char *func)
733 c_set_error_debug(NULL, file, line, func);
736 void ERR_set_error(int lib, int reason, const char *fmt, ...)
741 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
745 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
747 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
750 int ERR_set_mark(void)
752 return c_set_error_mark(NULL);
755 int ERR_clear_last_mark(void)
757 return c_clear_last_error_mark(NULL);
760 int ERR_pop_to_mark(void)
762 return c_pop_error_to_mark(NULL);
765 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
767 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
768 &fips_prov_ossl_ctx_method);
776 void *CRYPTO_malloc(size_t num, const char *file, int line)
778 return c_CRYPTO_malloc(num, file, line);
781 void *CRYPTO_zalloc(size_t num, const char *file, int line)
783 return c_CRYPTO_zalloc(num, file, line);
786 void CRYPTO_free(void *ptr, const char *file, int line)
788 c_CRYPTO_free(ptr, file, line);
791 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
793 c_CRYPTO_clear_free(ptr, num, file, line);
796 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
798 return c_CRYPTO_realloc(addr, num, file, line);
801 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
802 const char *file, int line)
804 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
807 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
809 return c_CRYPTO_secure_malloc(num, file, line);
812 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
814 return c_CRYPTO_secure_zalloc(num, file, line);
817 void CRYPTO_secure_free(void *ptr, const char *file, int line)
819 c_CRYPTO_secure_free(ptr, file, line);
822 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
824 c_CRYPTO_secure_clear_free(ptr, num, file, line);
827 int CRYPTO_secure_allocated(const void *ptr)
829 return c_CRYPTO_secure_allocated(ptr);
832 int BIO_snprintf(char *buf, size_t n, const char *format, ...)
837 va_start(args, format);
838 ret = c_BIO_vsnprintf(buf, n, format, args);