1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <assert.h> 11 #include <openssl/core_dispatch.h> 12 #include <openssl/core_names.h> 13 #include <openssl/params.h> 14 #include <openssl/fips_names.h> 15 #include <openssl/fipskey.h> 16 #include <openssl/rand.h> /* RAND_get0_public() */ 17 #include <openssl/proverr.h> 18 #include <openssl/indicator.h> 19 #include "internal/cryptlib.h" 20 #include "internal/provider.h" 21 #include "prov/implementations.h" 22 #include "prov/names.h" 23 #include "prov/provider_ctx.h" 24 #include "prov/providercommon.h" 25 #include "prov/provider_util.h" 26 #include "prov/seeding.h" 27 #include "internal/nelem.h" 28 #include "self_test.h" 29 #include "crypto/context.h" 30 #include "fipscommon.h" 31 #include "internal/core.h" 32 33 static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; 34 static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; 35 36 /* 37 * Forward declarations to ensure that interface functions are correctly 38 * defined. 39 */ 40 static OSSL_FUNC_provider_teardown_fn fips_teardown; 41 static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; 42 static OSSL_FUNC_provider_get_params_fn fips_get_params; 43 static OSSL_FUNC_provider_query_operation_fn fips_query; 44 static OSSL_FUNC_provider_query_operation_fn fips_query_internal; 45 static OSSL_FUNC_provider_random_bytes_fn fips_random_bytes; 46 47 #define ALGC(NAMES, FUNC, CHECK) \ 48 { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } 49 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) 50 51 extern OSSL_FUNC_core_thread_start_fn *c_thread_start; 52 53 /* 54 * Should these function pointers be stored in the provider side provctx? Could 55 * they ever be different from one init to the next? We assume not for now. 56 */ 57 58 /* Functions provided by the core */ 59 static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; 60 static OSSL_FUNC_core_get_params_fn *c_get_params; 61 OSSL_FUNC_core_thread_start_fn *c_thread_start; 62 static OSSL_FUNC_core_new_error_fn *c_new_error; 63 static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug; 64 static OSSL_FUNC_core_vset_error_fn *c_vset_error; 65 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; 66 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; 67 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; 68 static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark; 69 static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; 70 static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; 71 static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; 72 static OSSL_FUNC_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; 73 static OSSL_FUNC_CRYPTO_realloc_fn *c_CRYPTO_realloc; 74 static OSSL_FUNC_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; 75 static OSSL_FUNC_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; 76 static OSSL_FUNC_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; 77 static OSSL_FUNC_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; 78 static OSSL_FUNC_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; 79 static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; 80 static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; 81 static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL; 82 static OSSL_FUNC_indicator_cb_fn *c_indcbfn = NULL; 83 static OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; 84 85 typedef struct { 86 const char *option; 87 unsigned char enabled; 88 } FIPS_OPTION; 89 90 typedef struct fips_global_st { 91 const OSSL_CORE_HANDLE *handle; 92 SELF_TEST_POST_PARAMS selftest_params; 93 94 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 95 FIPS_OPTION fips_##structname; 96 #include "fips_indicator_params.inc" 97 #undef OSSL_FIPS_PARAM 98 99 } FIPS_GLOBAL; 100 101 static void init_fips_option(FIPS_OPTION *opt, int enabled) 102 { 103 opt->enabled = enabled; 104 opt->option = enabled ? "1" : "0"; 105 } 106 107 void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) 108 { 109 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); 110 111 if (fgbl == NULL) 112 return NULL; 113 114 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 115 init_fips_option(&fgbl->fips_##structname, initvalue); 116 #include "fips_indicator_params.inc" 117 #undef OSSL_FIPS_PARAM 118 119 return fgbl; 120 } 121 122 void ossl_fips_prov_ossl_ctx_free(void *fgbl) 123 { 124 OPENSSL_free(fgbl); 125 } 126 127 static int fips_random_bytes(ossl_unused void *vprov, int which, 128 void *buf, size_t n, unsigned int strength) 129 { 130 OSSL_LIB_CTX *libctx; 131 PROV_CTX *prov = (PROV_CTX *)vprov; 132 133 if (prov == NULL) 134 return 0; 135 libctx = ossl_prov_ctx_get0_libctx(prov); 136 if (which == OSSL_PROV_RANDOM_PRIVATE) 137 return RAND_priv_bytes_ex(libctx, buf, n, strength); 138 return RAND_bytes_ex(libctx, buf, n, strength); 139 } 140 141 /* 142 * Parameters to retrieve from the core provider 143 * NOTE: inside core_get_params() these will be loaded from config items 144 * stored inside prov->parameters 145 */ 146 static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) 147 { 148 OSSL_PARAM core_params[32], *p = core_params; 149 150 #define OSSL_FIPS_PARAM(structname, paramname) \ 151 *p++ = OSSL_PARAM_construct_utf8_ptr( \ 152 paramname, (char **)&fgbl->selftest_params.structname, \ 153 sizeof(fgbl->selftest_params.structname)); 154 155 /* Parameters required for self testing */ 156 #include "fips_selftest_params.inc" 157 #undef OSSL_FIPS_PARAM 158 159 /* FIPS indicator options can be enabled or disabled independently */ 160 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 161 *p++ = OSSL_PARAM_construct_utf8_ptr( \ 162 OSSL_PROV_PARAM_##paramname, \ 163 (char **)&fgbl->fips_##structname.option, \ 164 sizeof(fgbl->fips_##structname.option)); 165 #include "fips_indicator_params.inc" 166 #undef OSSL_FIPS_PARAM 167 168 *p = OSSL_PARAM_construct_end(); 169 170 if (!c_get_params(fgbl->handle, core_params)) { 171 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 172 return 0; 173 } 174 175 return 1; 176 } 177 178 static const OSSL_PARAM *fips_gettable_params(void *provctx) 179 { 180 /* Parameters we provide to the core */ 181 static const OSSL_PARAM fips_param_types[] = { 182 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), 183 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), 184 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), 185 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), 186 187 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 188 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_##paramname, OSSL_PARAM_INTEGER, NULL, 0), 189 #include "fips_indicator_params.inc" 190 #undef OSSL_FIPS_PARAM 191 192 OSSL_PARAM_END 193 }; 194 return fips_param_types; 195 } 196 197 static int fips_get_params(void *provctx, OSSL_PARAM params[]) 198 { 199 OSSL_PARAM *p; 200 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), 201 OSSL_LIB_CTX_FIPS_PROV_INDEX); 202 203 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); 204 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR)) 205 return 0; 206 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); 207 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) 208 return 0; 209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); 210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) 211 return 0; 212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); 213 if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) 214 return 0; 215 216 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 217 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_##paramname); \ 218 if (p != NULL && !OSSL_PARAM_set_int(p, fgbl->fips_##structname.enabled)) \ 219 return 0; 220 #include "fips_indicator_params.inc" 221 #undef OSSL_FIPS_PARAM 222 223 return 1; 224 } 225 226 static void set_self_test_cb(FIPS_GLOBAL *fgbl) 227 { 228 const OSSL_CORE_HANDLE *handle = 229 FIPS_get_core_handle(fgbl->selftest_params.libctx); 230 231 if (c_stcbfn != NULL && c_get_libctx != NULL) { 232 c_stcbfn(c_get_libctx(handle), &fgbl->selftest_params.cb, 233 &fgbl->selftest_params.cb_arg); 234 } else { 235 fgbl->selftest_params.cb = NULL; 236 fgbl->selftest_params.cb_arg = NULL; 237 } 238 } 239 240 static int fips_self_test(void *provctx) 241 { 242 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), 243 OSSL_LIB_CTX_FIPS_PROV_INDEX); 244 245 set_self_test_cb(fgbl); 246 return SELF_TEST_post(&fgbl->selftest_params, 1) ? 1 : 0; 247 } 248 249 /* 250 * For the algorithm names, we use the following formula for our primary 251 * names: 252 * 253 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] 254 * 255 * VERSION is only present if there are multiple versions of 256 * an alg (MD2, MD4, MD5). It may be omitted if there is only 257 * one version (if a subsequent version is released in the future, 258 * we can always change the canonical name, and add the old name 259 * as an alias). 260 * 261 * SUBNAME may be present where we are combining multiple 262 * algorithms together, e.g. MD5-SHA1. 263 * 264 * SIZE is only present if multiple versions of an algorithm exist 265 * with different sizes (e.g. AES-128-CBC, AES-256-CBC) 266 * 267 * MODE is only present where applicable. 268 * 269 * We add diverse other names where applicable, such as the names that 270 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names 271 * we have used historically. 272 */ 273 static const OSSL_ALGORITHM fips_digests[] = { 274 /* Our primary name:NiST name[:our older names] */ 275 { PROV_NAMES_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_sha1_functions }, 276 { PROV_NAMES_SHA2_224, FIPS_DEFAULT_PROPERTIES, ossl_sha224_functions }, 277 { PROV_NAMES_SHA2_256, FIPS_DEFAULT_PROPERTIES, ossl_sha256_functions }, 278 { PROV_NAMES_SHA2_384, FIPS_DEFAULT_PROPERTIES, ossl_sha384_functions }, 279 { PROV_NAMES_SHA2_512, FIPS_DEFAULT_PROPERTIES, ossl_sha512_functions }, 280 { PROV_NAMES_SHA2_512_224, FIPS_DEFAULT_PROPERTIES, 281 ossl_sha512_224_functions }, 282 { PROV_NAMES_SHA2_512_256, FIPS_DEFAULT_PROPERTIES, 283 ossl_sha512_256_functions }, 284 285 /* We agree with NIST here, so one name only */ 286 { PROV_NAMES_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_sha3_224_functions }, 287 { PROV_NAMES_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_sha3_256_functions }, 288 { PROV_NAMES_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_sha3_384_functions }, 289 { PROV_NAMES_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_sha3_512_functions }, 290 291 { PROV_NAMES_SHAKE_128, FIPS_DEFAULT_PROPERTIES, ossl_shake_128_functions }, 292 { PROV_NAMES_SHAKE_256, FIPS_DEFAULT_PROPERTIES, ossl_shake_256_functions }, 293 294 /* 295 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for 296 * KMAC128 and KMAC256. 297 */ 298 { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, 299 ossl_keccak_kmac_128_functions }, 300 { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, 301 ossl_keccak_kmac_256_functions }, 302 { NULL, NULL, NULL } 303 }; 304 305 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { 306 /* Our primary name[:ASN.1 OID name][:our older names] */ 307 ALG(PROV_NAMES_AES_256_ECB, ossl_aes256ecb_functions), 308 ALG(PROV_NAMES_AES_192_ECB, ossl_aes192ecb_functions), 309 ALG(PROV_NAMES_AES_128_ECB, ossl_aes128ecb_functions), 310 ALG(PROV_NAMES_AES_256_CBC, ossl_aes256cbc_functions), 311 ALG(PROV_NAMES_AES_192_CBC, ossl_aes192cbc_functions), 312 ALG(PROV_NAMES_AES_128_CBC, ossl_aes128cbc_functions), 313 ALG(PROV_NAMES_AES_256_CBC_CTS, ossl_aes256cbc_cts_functions), 314 ALG(PROV_NAMES_AES_192_CBC_CTS, ossl_aes192cbc_cts_functions), 315 ALG(PROV_NAMES_AES_128_CBC_CTS, ossl_aes128cbc_cts_functions), 316 ALG(PROV_NAMES_AES_256_OFB, ossl_aes256ofb_functions), 317 ALG(PROV_NAMES_AES_192_OFB, ossl_aes192ofb_functions), 318 ALG(PROV_NAMES_AES_128_OFB, ossl_aes128ofb_functions), 319 ALG(PROV_NAMES_AES_256_CFB, ossl_aes256cfb_functions), 320 ALG(PROV_NAMES_AES_192_CFB, ossl_aes192cfb_functions), 321 ALG(PROV_NAMES_AES_128_CFB, ossl_aes128cfb_functions), 322 ALG(PROV_NAMES_AES_256_CFB1, ossl_aes256cfb1_functions), 323 ALG(PROV_NAMES_AES_192_CFB1, ossl_aes192cfb1_functions), 324 ALG(PROV_NAMES_AES_128_CFB1, ossl_aes128cfb1_functions), 325 ALG(PROV_NAMES_AES_256_CFB8, ossl_aes256cfb8_functions), 326 ALG(PROV_NAMES_AES_192_CFB8, ossl_aes192cfb8_functions), 327 ALG(PROV_NAMES_AES_128_CFB8, ossl_aes128cfb8_functions), 328 ALG(PROV_NAMES_AES_256_CTR, ossl_aes256ctr_functions), 329 ALG(PROV_NAMES_AES_192_CTR, ossl_aes192ctr_functions), 330 ALG(PROV_NAMES_AES_128_CTR, ossl_aes128ctr_functions), 331 ALG(PROV_NAMES_AES_256_XTS, ossl_aes256xts_functions), 332 ALG(PROV_NAMES_AES_128_XTS, ossl_aes128xts_functions), 333 ALG(PROV_NAMES_AES_256_GCM, ossl_aes256gcm_functions), 334 ALG(PROV_NAMES_AES_192_GCM, ossl_aes192gcm_functions), 335 ALG(PROV_NAMES_AES_128_GCM, ossl_aes128gcm_functions), 336 ALG(PROV_NAMES_AES_256_CCM, ossl_aes256ccm_functions), 337 ALG(PROV_NAMES_AES_192_CCM, ossl_aes192ccm_functions), 338 ALG(PROV_NAMES_AES_128_CCM, ossl_aes128ccm_functions), 339 ALG(PROV_NAMES_AES_256_WRAP, ossl_aes256wrap_functions), 340 ALG(PROV_NAMES_AES_192_WRAP, ossl_aes192wrap_functions), 341 ALG(PROV_NAMES_AES_128_WRAP, ossl_aes128wrap_functions), 342 ALG(PROV_NAMES_AES_256_WRAP_PAD, ossl_aes256wrappad_functions), 343 ALG(PROV_NAMES_AES_192_WRAP_PAD, ossl_aes192wrappad_functions), 344 ALG(PROV_NAMES_AES_128_WRAP_PAD, ossl_aes128wrappad_functions), 345 ALG(PROV_NAMES_AES_256_WRAP_INV, ossl_aes256wrapinv_functions), 346 ALG(PROV_NAMES_AES_192_WRAP_INV, ossl_aes192wrapinv_functions), 347 ALG(PROV_NAMES_AES_128_WRAP_INV, ossl_aes128wrapinv_functions), 348 ALG(PROV_NAMES_AES_256_WRAP_PAD_INV, ossl_aes256wrappadinv_functions), 349 ALG(PROV_NAMES_AES_192_WRAP_PAD_INV, ossl_aes192wrappadinv_functions), 350 ALG(PROV_NAMES_AES_128_WRAP_PAD_INV, ossl_aes128wrappadinv_functions), 351 ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1, ossl_aes128cbc_hmac_sha1_functions, 352 ossl_cipher_capable_aes_cbc_hmac_sha1), 353 ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1, ossl_aes256cbc_hmac_sha1_functions, 354 ossl_cipher_capable_aes_cbc_hmac_sha1), 355 ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA256, ossl_aes128cbc_hmac_sha256_functions, 356 ossl_cipher_capable_aes_cbc_hmac_sha256), 357 ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, 358 ossl_cipher_capable_aes_cbc_hmac_sha256), 359 #ifndef OPENSSL_NO_DES 360 ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), 361 ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), 362 #endif /* OPENSSL_NO_DES */ 363 { { NULL, NULL, NULL }, NULL } 364 }; 365 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; 366 367 static const OSSL_ALGORITHM fips_macs[] = { 368 #ifndef OPENSSL_NO_CMAC 369 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, 370 #endif 371 { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, 372 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, 373 { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, 374 { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, 375 { NULL, NULL, NULL } 376 }; 377 378 static const OSSL_ALGORITHM fips_macs_internal[] = { 379 #ifndef OPENSSL_NO_CMAC 380 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, 381 #endif 382 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_internal_functions }, 383 { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_internal_functions }, 384 { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_internal_functions }, 385 { NULL, NULL, NULL } 386 }; 387 388 static const OSSL_ALGORITHM fips_kdfs[] = { 389 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, 390 { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, 391 ossl_kdf_tls1_3_kdf_functions }, 392 { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, 393 { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, 394 { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, 395 { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, 396 ossl_kdf_x963_kdf_functions }, 397 { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, 398 ossl_kdf_x942_kdf_functions }, 399 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, 400 ossl_kdf_tls1_prf_functions }, 401 { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, 402 { NULL, NULL, NULL } 403 }; 404 405 static const OSSL_ALGORITHM fips_rands[] = { 406 { PROV_NAMES_CRNG_TEST, FIPS_UNAPPROVED_PROPERTIES, ossl_crng_test_functions }, 407 { PROV_NAMES_CTR_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_ctr_functions }, 408 { PROV_NAMES_HASH_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_hash_functions }, 409 { PROV_NAMES_HMAC_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_ossl_hmac_functions }, 410 #ifndef OPENSSL_NO_FIPS_JITTER 411 { PROV_NAMES_JITTER, FIPS_DEFAULT_PROPERTIES, ossl_jitter_functions }, 412 #endif 413 { PROV_NAMES_TEST_RAND, FIPS_UNAPPROVED_PROPERTIES, ossl_test_rng_functions }, 414 { NULL, NULL, NULL } 415 }; 416 417 static const OSSL_ALGORITHM fips_keyexch[] = { 418 #ifndef OPENSSL_NO_DH 419 { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keyexch_functions }, 420 #endif 421 #ifndef OPENSSL_NO_EC 422 { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, 423 # ifndef OPENSSL_NO_ECX 424 { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions }, 425 { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions }, 426 # endif 427 #endif 428 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, 429 ossl_kdf_tls1_prf_keyexch_functions }, 430 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_keyexch_functions }, 431 { NULL, NULL, NULL } 432 }; 433 434 static const OSSL_ALGORITHM fips_signature[] = { 435 #ifndef OPENSSL_NO_DSA 436 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, 437 { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions }, 438 { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions }, 439 { PROV_NAMES_DSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha256_signature_functions }, 440 { PROV_NAMES_DSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha384_signature_functions }, 441 { PROV_NAMES_DSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha512_signature_functions }, 442 { PROV_NAMES_DSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_224_signature_functions }, 443 { PROV_NAMES_DSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_256_signature_functions }, 444 { PROV_NAMES_DSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_384_signature_functions }, 445 { PROV_NAMES_DSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_512_signature_functions }, 446 #endif 447 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, 448 { PROV_NAMES_RSA_SHA1, FIPS_DEFAULT_PROPERTIES, 449 ossl_rsa_sha1_signature_functions }, 450 { PROV_NAMES_RSA_SHA224, FIPS_DEFAULT_PROPERTIES, 451 ossl_rsa_sha224_signature_functions }, 452 { PROV_NAMES_RSA_SHA256, FIPS_DEFAULT_PROPERTIES, 453 ossl_rsa_sha256_signature_functions }, 454 { PROV_NAMES_RSA_SHA384, FIPS_DEFAULT_PROPERTIES, 455 ossl_rsa_sha384_signature_functions }, 456 { PROV_NAMES_RSA_SHA512, FIPS_DEFAULT_PROPERTIES, 457 ossl_rsa_sha512_signature_functions }, 458 { PROV_NAMES_RSA_SHA512_224, FIPS_DEFAULT_PROPERTIES, 459 ossl_rsa_sha512_224_signature_functions }, 460 { PROV_NAMES_RSA_SHA512_256, FIPS_DEFAULT_PROPERTIES, 461 ossl_rsa_sha512_256_signature_functions }, 462 { PROV_NAMES_RSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, 463 ossl_rsa_sha3_224_signature_functions }, 464 { PROV_NAMES_RSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, 465 ossl_rsa_sha3_256_signature_functions }, 466 { PROV_NAMES_RSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, 467 ossl_rsa_sha3_384_signature_functions }, 468 { PROV_NAMES_RSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, 469 ossl_rsa_sha3_512_signature_functions }, 470 #ifndef OPENSSL_NO_EC 471 # ifndef OPENSSL_NO_ECX 472 { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, 473 ossl_ed25519_signature_functions }, 474 { PROV_NAMES_ED25519ph, FIPS_DEFAULT_PROPERTIES, 475 ossl_ed25519ph_signature_functions }, 476 { PROV_NAMES_ED25519ctx, FIPS_DEFAULT_PROPERTIES, 477 ossl_ed25519ctx_signature_functions }, 478 { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, 479 ossl_ed448_signature_functions }, 480 { PROV_NAMES_ED448ph, FIPS_DEFAULT_PROPERTIES, 481 ossl_ed448ph_signature_functions }, 482 # endif 483 { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, 484 { PROV_NAMES_ECDSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha1_signature_functions }, 485 { PROV_NAMES_ECDSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha224_signature_functions }, 486 { PROV_NAMES_ECDSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha256_signature_functions }, 487 { PROV_NAMES_ECDSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha384_signature_functions }, 488 { PROV_NAMES_ECDSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha512_signature_functions }, 489 { PROV_NAMES_ECDSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_224_signature_functions }, 490 { PROV_NAMES_ECDSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_256_signature_functions }, 491 { PROV_NAMES_ECDSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_384_signature_functions }, 492 { PROV_NAMES_ECDSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_512_signature_functions }, 493 #endif 494 #ifndef OPENSSL_NO_ML_DSA 495 { PROV_NAMES_ML_DSA_44, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_44_signature_functions }, 496 { PROV_NAMES_ML_DSA_65, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_65_signature_functions }, 497 { PROV_NAMES_ML_DSA_87, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_87_signature_functions }, 498 #endif 499 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, 500 ossl_mac_legacy_hmac_signature_functions }, 501 #ifndef OPENSSL_NO_CMAC 502 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, 503 ossl_mac_legacy_cmac_signature_functions }, 504 #endif 505 #ifndef OPENSSL_NO_SLH_DSA 506 { PROV_NAMES_SLH_DSA_SHA2_128S, FIPS_DEFAULT_PROPERTIES, 507 ossl_slh_dsa_sha2_128s_signature_functions, PROV_DESCS_SLH_DSA_SHA2_128S }, 508 { PROV_NAMES_SLH_DSA_SHA2_128F, FIPS_DEFAULT_PROPERTIES, 509 ossl_slh_dsa_sha2_128f_signature_functions, PROV_DESCS_SLH_DSA_SHA2_128F }, 510 { PROV_NAMES_SLH_DSA_SHA2_192S, FIPS_DEFAULT_PROPERTIES, 511 ossl_slh_dsa_sha2_192s_signature_functions, PROV_DESCS_SLH_DSA_SHA2_192S }, 512 { PROV_NAMES_SLH_DSA_SHA2_192F, FIPS_DEFAULT_PROPERTIES, 513 ossl_slh_dsa_sha2_192f_signature_functions, PROV_DESCS_SLH_DSA_SHA2_192F }, 514 { PROV_NAMES_SLH_DSA_SHA2_256S, FIPS_DEFAULT_PROPERTIES, 515 ossl_slh_dsa_sha2_256s_signature_functions, PROV_DESCS_SLH_DSA_SHA2_256S }, 516 { PROV_NAMES_SLH_DSA_SHA2_256F, FIPS_DEFAULT_PROPERTIES, 517 ossl_slh_dsa_sha2_256f_signature_functions, PROV_DESCS_SLH_DSA_SHA2_256F }, 518 { PROV_NAMES_SLH_DSA_SHAKE_128S, FIPS_DEFAULT_PROPERTIES, 519 ossl_slh_dsa_shake_128s_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_128S }, 520 { PROV_NAMES_SLH_DSA_SHAKE_128F, FIPS_DEFAULT_PROPERTIES, 521 ossl_slh_dsa_shake_128f_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_128F }, 522 { PROV_NAMES_SLH_DSA_SHAKE_192S, FIPS_DEFAULT_PROPERTIES, 523 ossl_slh_dsa_shake_192s_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_192S }, 524 { PROV_NAMES_SLH_DSA_SHAKE_192F, FIPS_DEFAULT_PROPERTIES, 525 ossl_slh_dsa_shake_192f_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_192F }, 526 { PROV_NAMES_SLH_DSA_SHAKE_256S, FIPS_DEFAULT_PROPERTIES, 527 ossl_slh_dsa_shake_256s_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_256S }, 528 { PROV_NAMES_SLH_DSA_SHAKE_256F, FIPS_DEFAULT_PROPERTIES, 529 ossl_slh_dsa_shake_256f_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_256F }, 530 #endif /* OPENSSL_NO_SLH_DSA */ 531 { NULL, NULL, NULL } 532 }; 533 534 static const OSSL_ALGORITHM fips_asym_cipher[] = { 535 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, 536 { NULL, NULL, NULL } 537 }; 538 539 static const OSSL_ALGORITHM fips_asym_kem[] = { 540 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_kem_functions }, 541 #ifndef OPENSSL_NO_ML_KEM 542 { PROV_NAMES_ML_KEM_512, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions }, 543 { PROV_NAMES_ML_KEM_768, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions }, 544 { PROV_NAMES_ML_KEM_1024, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions }, 545 # if !defined(OPENSSL_NO_ECX) 546 { "X25519MLKEM768", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 547 { "X448MLKEM1024", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 548 # endif 549 # if !defined(OPENSSL_NO_EC) 550 { "SecP256r1MLKEM768", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 551 { "SecP384r1MLKEM1024", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 552 # endif 553 #endif 554 { NULL, NULL, NULL } 555 }; 556 557 static const OSSL_ALGORITHM fips_keymgmt[] = { 558 #ifndef OPENSSL_NO_DH 559 { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions, 560 PROV_DESCS_DH }, 561 { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions, 562 PROV_DESCS_DHX }, 563 #endif 564 #ifndef OPENSSL_NO_DSA 565 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, 566 PROV_DESCS_DSA }, 567 #endif 568 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, 569 PROV_DESCS_RSA }, 570 { PROV_NAMES_RSA_PSS, FIPS_DEFAULT_PROPERTIES, 571 ossl_rsapss_keymgmt_functions, PROV_DESCS_RSA_PSS }, 572 #ifndef OPENSSL_NO_EC 573 { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, 574 PROV_DESCS_EC }, 575 # ifndef OPENSSL_NO_ECX 576 { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions, 577 PROV_DESCS_X25519 }, 578 { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions, 579 PROV_DESCS_X448 }, 580 { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, 581 PROV_DESCS_ED25519 }, 582 { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, 583 PROV_DESCS_ED448 }, 584 # endif 585 #endif 586 #ifndef OPENSSL_NO_ML_DSA 587 { PROV_NAMES_ML_DSA_44, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_44_keymgmt_functions, 588 PROV_DESCS_ML_DSA_44 }, 589 { PROV_NAMES_ML_DSA_65, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_65_keymgmt_functions, 590 PROV_DESCS_ML_DSA_65 }, 591 { PROV_NAMES_ML_DSA_87, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_87_keymgmt_functions, 592 PROV_DESCS_ML_DSA_87 }, 593 #endif /* OPENSSL_NO_ML_DSA */ 594 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, 595 PROV_DESCS_TLS1_PRF_SIGN }, 596 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, 597 PROV_DESCS_HKDF_SIGN }, 598 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_mac_legacy_keymgmt_functions, 599 PROV_DESCS_HMAC_SIGN }, 600 #ifndef OPENSSL_NO_CMAC 601 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, 602 ossl_cmac_legacy_keymgmt_functions, PROV_DESCS_CMAC_SIGN }, 603 #endif 604 #ifndef OPENSSL_NO_ML_KEM 605 { PROV_NAMES_ML_KEM_512, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_512_keymgmt_functions, 606 PROV_DESCS_ML_KEM_512 }, 607 { PROV_NAMES_ML_KEM_768, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_768_keymgmt_functions, 608 PROV_DESCS_ML_KEM_768 }, 609 { PROV_NAMES_ML_KEM_1024, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_1024_keymgmt_functions, 610 PROV_DESCS_ML_KEM_1024 }, 611 # if !defined(OPENSSL_NO_ECX) 612 { PROV_NAMES_X25519MLKEM768, FIPS_DEFAULT_PROPERTIES, ossl_mlx_x25519_kem_kmgmt_functions, 613 PROV_DESCS_X25519MLKEM768 }, 614 { PROV_NAMES_X448MLKEM1024, FIPS_DEFAULT_PROPERTIES, ossl_mlx_x448_kem_kmgmt_functions, 615 PROV_DESCS_X448MLKEM1024 }, 616 # endif 617 # if !defined(OPENSSL_NO_EC) 618 { PROV_NAMES_SecP256r1MLKEM768, FIPS_DEFAULT_PROPERTIES, ossl_mlx_p256_kem_kmgmt_functions, 619 PROV_DESCS_SecP256r1MLKEM768 }, 620 { PROV_NAMES_SecP384r1MLKEM1024, FIPS_DEFAULT_PROPERTIES, ossl_mlx_p384_kem_kmgmt_functions, 621 PROV_DESCS_SecP384r1MLKEM1024 }, 622 # endif 623 #endif 624 #ifndef OPENSSL_NO_SLH_DSA 625 { PROV_NAMES_SLH_DSA_SHA2_128S, FIPS_DEFAULT_PROPERTIES, 626 ossl_slh_dsa_sha2_128s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_128S }, 627 { PROV_NAMES_SLH_DSA_SHA2_128F, FIPS_DEFAULT_PROPERTIES, 628 ossl_slh_dsa_sha2_128f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_128F }, 629 { PROV_NAMES_SLH_DSA_SHA2_192S, FIPS_DEFAULT_PROPERTIES, 630 ossl_slh_dsa_sha2_192s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_192S }, 631 { PROV_NAMES_SLH_DSA_SHA2_192F, FIPS_DEFAULT_PROPERTIES, 632 ossl_slh_dsa_sha2_192f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_192F }, 633 { PROV_NAMES_SLH_DSA_SHA2_256S, FIPS_DEFAULT_PROPERTIES, 634 ossl_slh_dsa_sha2_256s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_256S }, 635 { PROV_NAMES_SLH_DSA_SHA2_256F, FIPS_DEFAULT_PROPERTIES, 636 ossl_slh_dsa_sha2_256f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_256F }, 637 { PROV_NAMES_SLH_DSA_SHAKE_128S, FIPS_DEFAULT_PROPERTIES, 638 ossl_slh_dsa_shake_128s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_128S }, 639 { PROV_NAMES_SLH_DSA_SHAKE_128F, FIPS_DEFAULT_PROPERTIES, 640 ossl_slh_dsa_shake_128f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_128F }, 641 { PROV_NAMES_SLH_DSA_SHAKE_192S, FIPS_DEFAULT_PROPERTIES, 642 ossl_slh_dsa_shake_192s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_192S }, 643 { PROV_NAMES_SLH_DSA_SHAKE_192F, FIPS_DEFAULT_PROPERTIES, 644 ossl_slh_dsa_shake_192f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_192F }, 645 { PROV_NAMES_SLH_DSA_SHAKE_256S, FIPS_DEFAULT_PROPERTIES, 646 ossl_slh_dsa_shake_256s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_256S }, 647 { PROV_NAMES_SLH_DSA_SHAKE_256F, FIPS_DEFAULT_PROPERTIES, 648 ossl_slh_dsa_shake_256f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_256F }, 649 #endif /* OPENSSL_NO_SLH_DSA */ 650 { NULL, NULL, NULL } 651 }; 652 653 static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, 654 int *no_cache) 655 { 656 *no_cache = 0; 657 658 if (!ossl_prov_is_running()) 659 return NULL; 660 661 switch (operation_id) { 662 case OSSL_OP_DIGEST: 663 return fips_digests; 664 case OSSL_OP_CIPHER: 665 return exported_fips_ciphers; 666 case OSSL_OP_MAC: 667 return fips_macs; 668 case OSSL_OP_KDF: 669 return fips_kdfs; 670 case OSSL_OP_RAND: 671 return fips_rands; 672 case OSSL_OP_KEYMGMT: 673 return fips_keymgmt; 674 case OSSL_OP_KEYEXCH: 675 return fips_keyexch; 676 case OSSL_OP_SIGNATURE: 677 return fips_signature; 678 case OSSL_OP_ASYM_CIPHER: 679 return fips_asym_cipher; 680 case OSSL_OP_KEM: 681 return fips_asym_kem; 682 } 683 return NULL; 684 } 685 686 static const OSSL_ALGORITHM *fips_query_internal(void *provctx, int operation_id, 687 int *no_cache) 688 { 689 if (operation_id == OSSL_OP_MAC) { 690 *no_cache = 0; 691 if (!ossl_prov_is_running()) 692 return NULL; 693 return fips_macs_internal; 694 } 695 return fips_query(provctx, operation_id, no_cache); 696 } 697 698 static void fips_teardown(void *provctx) 699 { 700 OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); 701 ossl_prov_ctx_free(provctx); 702 } 703 704 static void fips_intern_teardown(void *provctx) 705 { 706 /* 707 * We know that the library context is the same as for the outer provider, 708 * so no need to destroy it here. 709 */ 710 ossl_prov_ctx_free(provctx); 711 } 712 713 /* Functions we provide to the core */ 714 static const OSSL_DISPATCH fips_dispatch_table[] = { 715 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown }, 716 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, 717 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, 718 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, 719 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, 720 (void (*)(void))ossl_prov_get_capabilities }, 721 { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, 722 { OSSL_FUNC_PROVIDER_RANDOM_BYTES, (void (*)(void))fips_random_bytes }, 723 OSSL_DISPATCH_END 724 }; 725 726 /* Functions we provide to ourself */ 727 static const OSSL_DISPATCH intern_dispatch_table[] = { 728 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, 729 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query_internal }, 730 OSSL_DISPATCH_END 731 }; 732 733 /* 734 * On VMS, the provider init function name is expected to be uppercase, 735 * see the pragmas in <openssl/core.h>. Let's do the same with this 736 * internal name. This is how symbol names are treated by default 737 * by the compiler if nothing else is said, but since this is part 738 * of libfips, and we build our libraries with mixed case symbol names, 739 * we must switch back to this default explicitly here. 740 */ 741 #ifdef __VMS 742 # pragma names save 743 # pragma names uppercase,truncated 744 #endif 745 OSSL_provider_init_fn OSSL_provider_init_int; 746 #ifdef __VMS 747 # pragma names restore 748 #endif 749 int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, 750 const OSSL_DISPATCH *in, 751 const OSSL_DISPATCH **out, 752 void **provctx) 753 { 754 FIPS_GLOBAL *fgbl; 755 OSSL_LIB_CTX *libctx = NULL; 756 SELF_TEST_POST_PARAMS selftest_params; 757 758 memset(&selftest_params, 0, sizeof(selftest_params)); 759 760 if (!ossl_prov_seeding_from_dispatch(in)) 761 goto err; 762 for (; in->function_id != 0; in++) { 763 /* 764 * We do not support the scenario of an application linked against 765 * multiple versions of libcrypto (e.g. one static and one dynamic), but 766 * sharing a single fips.so. We do a simple sanity check here. 767 */ 768 #define set_func(c, f) if (c == NULL) c = f; else if (c != f) return 0; 769 switch (in->function_id) { 770 case OSSL_FUNC_CORE_GET_LIBCTX: 771 set_func(c_get_libctx, OSSL_FUNC_core_get_libctx(in)); 772 break; 773 case OSSL_FUNC_CORE_GETTABLE_PARAMS: 774 set_func(c_gettable_params, OSSL_FUNC_core_gettable_params(in)); 775 break; 776 case OSSL_FUNC_CORE_GET_PARAMS: 777 set_func(c_get_params, OSSL_FUNC_core_get_params(in)); 778 break; 779 case OSSL_FUNC_CORE_THREAD_START: 780 set_func(c_thread_start, OSSL_FUNC_core_thread_start(in)); 781 break; 782 case OSSL_FUNC_CORE_NEW_ERROR: 783 set_func(c_new_error, OSSL_FUNC_core_new_error(in)); 784 break; 785 case OSSL_FUNC_CORE_SET_ERROR_DEBUG: 786 set_func(c_set_error_debug, OSSL_FUNC_core_set_error_debug(in)); 787 break; 788 case OSSL_FUNC_CORE_VSET_ERROR: 789 set_func(c_vset_error, OSSL_FUNC_core_vset_error(in)); 790 break; 791 case OSSL_FUNC_CORE_SET_ERROR_MARK: 792 set_func(c_set_error_mark, OSSL_FUNC_core_set_error_mark(in)); 793 break; 794 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: 795 set_func(c_clear_last_error_mark, 796 OSSL_FUNC_core_clear_last_error_mark(in)); 797 break; 798 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: 799 set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); 800 break; 801 case OSSL_FUNC_CORE_COUNT_TO_MARK: 802 set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in)); 803 break; 804 case OSSL_FUNC_CRYPTO_MALLOC: 805 set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in)); 806 break; 807 case OSSL_FUNC_CRYPTO_ZALLOC: 808 set_func(c_CRYPTO_zalloc, OSSL_FUNC_CRYPTO_zalloc(in)); 809 break; 810 case OSSL_FUNC_CRYPTO_FREE: 811 set_func(c_CRYPTO_free, OSSL_FUNC_CRYPTO_free(in)); 812 break; 813 case OSSL_FUNC_CRYPTO_CLEAR_FREE: 814 set_func(c_CRYPTO_clear_free, OSSL_FUNC_CRYPTO_clear_free(in)); 815 break; 816 case OSSL_FUNC_CRYPTO_REALLOC: 817 set_func(c_CRYPTO_realloc, OSSL_FUNC_CRYPTO_realloc(in)); 818 break; 819 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: 820 set_func(c_CRYPTO_clear_realloc, 821 OSSL_FUNC_CRYPTO_clear_realloc(in)); 822 break; 823 case OSSL_FUNC_CRYPTO_SECURE_MALLOC: 824 set_func(c_CRYPTO_secure_malloc, 825 OSSL_FUNC_CRYPTO_secure_malloc(in)); 826 break; 827 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: 828 set_func(c_CRYPTO_secure_zalloc, 829 OSSL_FUNC_CRYPTO_secure_zalloc(in)); 830 break; 831 case OSSL_FUNC_CRYPTO_SECURE_FREE: 832 set_func(c_CRYPTO_secure_free, 833 OSSL_FUNC_CRYPTO_secure_free(in)); 834 break; 835 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: 836 set_func(c_CRYPTO_secure_clear_free, 837 OSSL_FUNC_CRYPTO_secure_clear_free(in)); 838 break; 839 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: 840 set_func(c_CRYPTO_secure_allocated, 841 OSSL_FUNC_CRYPTO_secure_allocated(in)); 842 break; 843 case OSSL_FUNC_BIO_NEW_FILE: 844 set_func(selftest_params.bio_new_file_cb, 845 OSSL_FUNC_BIO_new_file(in)); 846 break; 847 case OSSL_FUNC_BIO_NEW_MEMBUF: 848 set_func(selftest_params.bio_new_buffer_cb, 849 OSSL_FUNC_BIO_new_membuf(in)); 850 break; 851 case OSSL_FUNC_BIO_READ_EX: 852 set_func(selftest_params.bio_read_ex_cb, 853 OSSL_FUNC_BIO_read_ex(in)); 854 break; 855 case OSSL_FUNC_BIO_FREE: 856 set_func(selftest_params.bio_free_cb, OSSL_FUNC_BIO_free(in)); 857 break; 858 case OSSL_FUNC_BIO_VSNPRINTF: 859 set_func(c_BIO_vsnprintf, OSSL_FUNC_BIO_vsnprintf(in)); 860 break; 861 case OSSL_FUNC_SELF_TEST_CB: 862 set_func(c_stcbfn, OSSL_FUNC_self_test_cb(in)); 863 break; 864 case OSSL_FUNC_INDICATOR_CB: 865 set_func(c_indcbfn, OSSL_FUNC_indicator_cb(in)); 866 break; 867 default: 868 /* Just ignore anything we don't understand */ 869 break; 870 } 871 } 872 873 OPENSSL_cpuid_setup(); 874 875 /* Create a context. */ 876 if ((*provctx = ossl_prov_ctx_new()) == NULL 877 || (libctx = OSSL_LIB_CTX_new()) == NULL) 878 goto err; 879 880 if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX)) == NULL) 881 goto err; 882 883 fgbl->handle = handle; 884 885 /* 886 * We need to register this thread to receive thread lifecycle callbacks. 887 * This wouldn't matter if the current thread is also the same thread that 888 * closes the FIPS provider down. But if that happens on a different thread 889 * then memory leaks could otherwise occur. 890 */ 891 if (!ossl_thread_register_fips(libctx)) 892 goto err; 893 894 /* 895 * Ensure our internal provider is loaded. We use this whenever the FIPS 896 * provider internally uses the EVP API. We proactively load this now 897 * rather than waiting for lazy loading to ensure it is always present when 898 * we need it. 899 */ 900 if (!ossl_provider_activate_fallbacks(libctx)) 901 goto err; 902 903 /* 904 * We did initial set up of selftest_params in a local copy, because we 905 * could not create fgbl until c_CRYPTO_zalloc was defined in the loop 906 * above. 907 */ 908 fgbl->selftest_params = selftest_params; 909 910 fgbl->selftest_params.libctx = libctx; 911 912 set_self_test_cb(fgbl); 913 914 if (!fips_get_params_from_core(fgbl)) { 915 /* Error already raised */ 916 goto err; 917 } 918 /* 919 * Disable the conditional error check if it's disabled in the fips config 920 * file. 921 */ 922 if (fgbl->selftest_params.conditional_error_check != NULL 923 && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0) 924 SELF_TEST_disable_conditional_error_state(); 925 926 /* Enable or disable FIPS provider options */ 927 #define OSSL_FIPS_PARAM(structname, paramname, unused) \ 928 if (fgbl->fips_##structname.option != NULL) { \ 929 if (strcmp(fgbl->fips_##structname.option, "1") == 0) \ 930 fgbl->fips_##structname.enabled = 1; \ 931 else if (strcmp(fgbl->fips_##structname.option, "0") == 0) \ 932 fgbl->fips_##structname.enabled = 0; \ 933 else \ 934 goto err; \ 935 } 936 #include "fips_indicator_params.inc" 937 #undef OSSL_FIPS_PARAM 938 939 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); 940 941 if (!SELF_TEST_post(&fgbl->selftest_params, 0)) { 942 ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE); 943 goto err; 944 } 945 946 ossl_prov_ctx_set0_libctx(*provctx, libctx); 947 ossl_prov_ctx_set0_core_get_params(*provctx, c_get_params); 948 ossl_prov_ctx_set0_handle(*provctx, handle); 949 950 *out = fips_dispatch_table; 951 return 1; 952 err: 953 fips_teardown(*provctx); 954 OSSL_LIB_CTX_free(libctx); 955 *provctx = NULL; 956 return 0; 957 } 958 959 /* 960 * The internal init function used when the FIPS module uses EVP to call 961 * another algorithm also in the FIPS module. This is a recursive call that has 962 * been made from within the FIPS module itself. To make this work, we populate 963 * the provider context of this inner instance with the same library context 964 * that was used in the EVP call that initiated this recursive call. 965 */ 966 OSSL_provider_init_fn ossl_fips_intern_provider_init; 967 int ossl_fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, 968 const OSSL_DISPATCH *in, 969 const OSSL_DISPATCH **out, 970 void **provctx) 971 { 972 OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL; 973 974 for (; in->function_id != 0; in++) { 975 switch (in->function_id) { 976 case OSSL_FUNC_CORE_GET_LIBCTX: 977 c_internal_get_libctx = OSSL_FUNC_core_get_libctx(in); 978 break; 979 default: 980 break; 981 } 982 } 983 984 if (c_internal_get_libctx == NULL) 985 return 0; 986 987 if ((*provctx = ossl_prov_ctx_new()) == NULL) 988 return 0; 989 990 /* 991 * Using the parent library context only works because we are a built-in 992 * internal provider. This is not something that most providers would be 993 * able to do. 994 */ 995 ossl_prov_ctx_set0_libctx(*provctx, 996 (OSSL_LIB_CTX *)c_internal_get_libctx(handle)); 997 ossl_prov_ctx_set0_handle(*provctx, handle); 998 999 *out = intern_dispatch_table; 1000 return 1; 1001 } 1002 1003 void ERR_new(void) 1004 { 1005 c_new_error(NULL); 1006 } 1007 1008 void ERR_set_debug(const char *file, int line, const char *func) 1009 { 1010 c_set_error_debug(NULL, file, line, func); 1011 } 1012 1013 void ERR_set_error(int lib, int reason, const char *fmt, ...) 1014 { 1015 va_list args; 1016 1017 va_start(args, fmt); 1018 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); 1019 va_end(args); 1020 } 1021 1022 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) 1023 { 1024 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); 1025 } 1026 1027 int ERR_set_mark(void) 1028 { 1029 return c_set_error_mark(NULL); 1030 } 1031 1032 int ERR_clear_last_mark(void) 1033 { 1034 return c_clear_last_error_mark(NULL); 1035 } 1036 1037 int ERR_pop_to_mark(void) 1038 { 1039 return c_pop_error_to_mark(NULL); 1040 } 1041 1042 int ERR_count_to_mark(void) 1043 { 1044 return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0; 1045 } 1046 1047 /* 1048 * This must take a library context, since it's called from the depths 1049 * of crypto/initthread.c code, where it's (correctly) assumed that the 1050 * passed caller argument is an OSSL_LIB_CTX pointer (since the same routine 1051 * is also called from other parts of libcrypto, which all pass around a 1052 * OSSL_LIB_CTX pointer) 1053 */ 1054 const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) 1055 { 1056 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, 1057 OSSL_LIB_CTX_FIPS_PROV_INDEX); 1058 1059 if (fgbl == NULL) 1060 return NULL; 1061 1062 return fgbl->handle; 1063 } 1064 1065 void *CRYPTO_malloc(size_t num, const char *file, int line) 1066 { 1067 return c_CRYPTO_malloc(num, file, line); 1068 } 1069 1070 void *CRYPTO_zalloc(size_t num, const char *file, int line) 1071 { 1072 return c_CRYPTO_zalloc(num, file, line); 1073 } 1074 1075 void CRYPTO_free(void *ptr, const char *file, int line) 1076 { 1077 c_CRYPTO_free(ptr, file, line); 1078 } 1079 1080 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) 1081 { 1082 c_CRYPTO_clear_free(ptr, num, file, line); 1083 } 1084 1085 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) 1086 { 1087 return c_CRYPTO_realloc(addr, num, file, line); 1088 } 1089 1090 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, 1091 const char *file, int line) 1092 { 1093 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); 1094 } 1095 1096 void *CRYPTO_secure_malloc(size_t num, const char *file, int line) 1097 { 1098 return c_CRYPTO_secure_malloc(num, file, line); 1099 } 1100 1101 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) 1102 { 1103 return c_CRYPTO_secure_zalloc(num, file, line); 1104 } 1105 1106 void CRYPTO_secure_free(void *ptr, const char *file, int line) 1107 { 1108 c_CRYPTO_secure_free(ptr, file, line); 1109 } 1110 1111 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) 1112 { 1113 c_CRYPTO_secure_clear_free(ptr, num, file, line); 1114 } 1115 1116 int CRYPTO_secure_allocated(const void *ptr) 1117 { 1118 return c_CRYPTO_secure_allocated(ptr); 1119 } 1120 1121 void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, 1122 const char *file, int line) 1123 { 1124 return NULL; 1125 } 1126 1127 int BIO_snprintf(char *buf, size_t n, const char *format, ...) 1128 { 1129 va_list args; 1130 int ret; 1131 1132 va_start(args, format); 1133 ret = c_BIO_vsnprintf(buf, n, format, args); 1134 va_end(args); 1135 return ret; 1136 } 1137 1138 #define OSSL_FIPS_PARAM(structname, paramname, unused) \ 1139 int ossl_fips_config_##structname(OSSL_LIB_CTX *libctx) \ 1140 { \ 1141 FIPS_GLOBAL *fgbl = \ 1142 ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX); \ 1143 \ 1144 return fgbl->fips_##structname.enabled; \ 1145 } 1146 #include "fips_indicator_params.inc" 1147 #undef OSSL_FIPS_PARAM 1148 1149 void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, 1150 void **cbarg) 1151 { 1152 assert(libctx != NULL); 1153 1154 if (c_stcbfn != NULL && c_get_libctx != NULL) { 1155 /* Get the parent libctx */ 1156 c_stcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb, cbarg); 1157 } else { 1158 if (cb != NULL) 1159 *cb = NULL; 1160 if (cbarg != NULL) 1161 *cbarg = NULL; 1162 } 1163 } 1164 1165 void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx, 1166 OSSL_INDICATOR_CALLBACK **cb) 1167 { 1168 assert(libctx != NULL); 1169 1170 if (c_indcbfn != NULL && c_get_libctx != NULL) { 1171 /* Get the parent libctx */ 1172 c_indcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb); 1173 } else { 1174 if (cb != NULL) 1175 *cb = NULL; 1176 } 1177 } 1178