1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <assert.h> 11 #include <openssl/core_dispatch.h> 12 #include <openssl/core_names.h> 13 #include <openssl/params.h> 14 #include <openssl/fips_names.h> 15 #include <openssl/fipskey.h> 16 #include <openssl/rand.h> /* RAND_get0_public() */ 17 #include <openssl/proverr.h> 18 #include <openssl/indicator.h> 19 #include "internal/cryptlib.h" 20 #include "internal/provider.h" 21 #include "prov/implementations.h" 22 #include "prov/names.h" 23 #include "prov/provider_ctx.h" 24 #include "prov/providercommon.h" 25 #include "prov/provider_util.h" 26 #include "prov/seeding.h" 27 #include "internal/nelem.h" 28 #include "self_test.h" 29 #include "crypto/context.h" 30 #include "fipscommon.h" 31 #include "internal/core.h" 32 33 static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; 34 static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; 35 36 /* 37 * Forward declarations to ensure that interface functions are correctly 38 * defined. 39 */ 40 static OSSL_FUNC_provider_teardown_fn fips_teardown; 41 static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; 42 static OSSL_FUNC_provider_get_params_fn fips_get_params; 43 static OSSL_FUNC_provider_query_operation_fn fips_query; 44 static OSSL_FUNC_provider_query_operation_fn fips_query_internal; 45 static OSSL_FUNC_provider_random_bytes_fn fips_random_bytes; 46 47 #define ALGC(NAMES, FUNC, CHECK) \ 48 { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } 49 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) 50 51 extern OSSL_FUNC_core_thread_start_fn *c_thread_start; 52 53 /* 54 * Should these function pointers be stored in the provider side provctx? Could 55 * they ever be different from one init to the next? We assume not for now. 56 */ 57 58 /* Functions provided by the core */ 59 static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; 60 static OSSL_FUNC_core_get_params_fn *c_get_params; 61 OSSL_FUNC_core_thread_start_fn *c_thread_start; 62 static OSSL_FUNC_core_new_error_fn *c_new_error; 63 static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug; 64 static OSSL_FUNC_core_vset_error_fn *c_vset_error; 65 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; 66 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; 67 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; 68 static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; 69 static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; 70 static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; 71 static OSSL_FUNC_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; 72 static OSSL_FUNC_CRYPTO_realloc_fn *c_CRYPTO_realloc; 73 static OSSL_FUNC_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; 74 static OSSL_FUNC_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; 75 static OSSL_FUNC_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; 76 static OSSL_FUNC_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; 77 static OSSL_FUNC_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; 78 static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; 79 static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; 80 static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL; 81 static OSSL_FUNC_indicator_cb_fn *c_indcbfn = NULL; 82 static OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; 83 84 typedef struct { 85 const char *option; 86 unsigned char enabled; 87 } FIPS_OPTION; 88 89 typedef struct fips_global_st { 90 const OSSL_CORE_HANDLE *handle; 91 SELF_TEST_POST_PARAMS selftest_params; 92 93 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 94 FIPS_OPTION fips_##structname; 95 #include "fips_indicator_params.inc" 96 #undef OSSL_FIPS_PARAM 97 98 } FIPS_GLOBAL; 99 100 static void init_fips_option(FIPS_OPTION *opt, int enabled) 101 { 102 opt->enabled = enabled; 103 opt->option = enabled ? "1" : "0"; 104 } 105 106 void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) 107 { 108 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); 109 110 if (fgbl == NULL) 111 return NULL; 112 113 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 114 init_fips_option(&fgbl->fips_##structname, initvalue); 115 #include "fips_indicator_params.inc" 116 #undef OSSL_FIPS_PARAM 117 118 return fgbl; 119 } 120 121 void ossl_fips_prov_ossl_ctx_free(void *fgbl) 122 { 123 OPENSSL_free(fgbl); 124 } 125 126 static int fips_random_bytes(ossl_unused void *vprov, int which, 127 void *buf, size_t n, unsigned int strength) 128 { 129 OSSL_LIB_CTX *libctx; 130 PROV_CTX *prov = (PROV_CTX *)vprov; 131 132 if (prov == NULL) 133 return 0; 134 libctx = ossl_prov_ctx_get0_libctx(prov); 135 if (which == OSSL_PROV_RANDOM_PRIVATE) 136 return RAND_priv_bytes_ex(libctx, buf, n, strength); 137 return RAND_bytes_ex(libctx, buf, n, strength); 138 } 139 140 /* 141 * Parameters to retrieve from the core provider 142 * NOTE: inside core_get_params() these will be loaded from config items 143 * stored inside prov->parameters 144 */ 145 static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) 146 { 147 OSSL_PARAM core_params[32], *p = core_params; 148 149 #define OSSL_FIPS_PARAM(structname, paramname) \ 150 *p++ = OSSL_PARAM_construct_utf8_ptr( \ 151 paramname, (char **)&fgbl->selftest_params.structname, \ 152 sizeof(fgbl->selftest_params.structname)); 153 154 /* Parameters required for self testing */ 155 #include "fips_selftest_params.inc" 156 #undef OSSL_FIPS_PARAM 157 158 /* FIPS indicator options can be enabled or disabled independently */ 159 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 160 *p++ = OSSL_PARAM_construct_utf8_ptr( \ 161 OSSL_PROV_PARAM_##paramname, \ 162 (char **)&fgbl->fips_##structname.option, \ 163 sizeof(fgbl->fips_##structname.option)); 164 #include "fips_indicator_params.inc" 165 #undef OSSL_FIPS_PARAM 166 167 *p = OSSL_PARAM_construct_end(); 168 169 if (!c_get_params(fgbl->handle, core_params)) { 170 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 171 return 0; 172 } 173 174 return 1; 175 } 176 177 static const OSSL_PARAM *fips_gettable_params(void *provctx) 178 { 179 /* Parameters we provide to the core */ 180 static const OSSL_PARAM fips_param_types[] = { 181 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), 182 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), 183 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), 184 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), 185 186 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 187 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_##paramname, OSSL_PARAM_INTEGER, NULL, 0), 188 #include "fips_indicator_params.inc" 189 #undef OSSL_FIPS_PARAM 190 191 OSSL_PARAM_END 192 }; 193 return fips_param_types; 194 } 195 196 static int fips_get_params(void *provctx, OSSL_PARAM params[]) 197 { 198 OSSL_PARAM *p; 199 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), 200 OSSL_LIB_CTX_FIPS_PROV_INDEX); 201 202 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); 203 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR)) 204 return 0; 205 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); 206 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) 207 return 0; 208 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); 209 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) 210 return 0; 211 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); 212 if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) 213 return 0; 214 215 #define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ 216 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_##paramname); \ 217 if (p != NULL && !OSSL_PARAM_set_int(p, fgbl->fips_##structname.enabled)) \ 218 return 0; 219 #include "fips_indicator_params.inc" 220 #undef OSSL_FIPS_PARAM 221 222 return 1; 223 } 224 225 static void set_self_test_cb(FIPS_GLOBAL *fgbl) 226 { 227 const OSSL_CORE_HANDLE *handle = 228 FIPS_get_core_handle(fgbl->selftest_params.libctx); 229 230 if (c_stcbfn != NULL && c_get_libctx != NULL) { 231 c_stcbfn(c_get_libctx(handle), &fgbl->selftest_params.cb, 232 &fgbl->selftest_params.cb_arg); 233 } else { 234 fgbl->selftest_params.cb = NULL; 235 fgbl->selftest_params.cb_arg = NULL; 236 } 237 } 238 239 static int fips_self_test(void *provctx) 240 { 241 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), 242 OSSL_LIB_CTX_FIPS_PROV_INDEX); 243 244 set_self_test_cb(fgbl); 245 return SELF_TEST_post(&fgbl->selftest_params, 1) ? 1 : 0; 246 } 247 248 /* 249 * For the algorithm names, we use the following formula for our primary 250 * names: 251 * 252 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] 253 * 254 * VERSION is only present if there are multiple versions of 255 * an alg (MD2, MD4, MD5). It may be omitted if there is only 256 * one version (if a subsequent version is released in the future, 257 * we can always change the canonical name, and add the old name 258 * as an alias). 259 * 260 * SUBNAME may be present where we are combining multiple 261 * algorithms together, e.g. MD5-SHA1. 262 * 263 * SIZE is only present if multiple versions of an algorithm exist 264 * with different sizes (e.g. AES-128-CBC, AES-256-CBC) 265 * 266 * MODE is only present where applicable. 267 * 268 * We add diverse other names where applicable, such as the names that 269 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names 270 * we have used historically. 271 */ 272 static const OSSL_ALGORITHM fips_digests[] = { 273 /* Our primary name:NiST name[:our older names] */ 274 { PROV_NAMES_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_sha1_functions }, 275 { PROV_NAMES_SHA2_224, FIPS_DEFAULT_PROPERTIES, ossl_sha224_functions }, 276 { PROV_NAMES_SHA2_256, FIPS_DEFAULT_PROPERTIES, ossl_sha256_functions }, 277 { PROV_NAMES_SHA2_384, FIPS_DEFAULT_PROPERTIES, ossl_sha384_functions }, 278 { PROV_NAMES_SHA2_512, FIPS_DEFAULT_PROPERTIES, ossl_sha512_functions }, 279 { PROV_NAMES_SHA2_512_224, FIPS_DEFAULT_PROPERTIES, 280 ossl_sha512_224_functions }, 281 { PROV_NAMES_SHA2_512_256, FIPS_DEFAULT_PROPERTIES, 282 ossl_sha512_256_functions }, 283 284 /* We agree with NIST here, so one name only */ 285 { PROV_NAMES_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_sha3_224_functions }, 286 { PROV_NAMES_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_sha3_256_functions }, 287 { PROV_NAMES_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_sha3_384_functions }, 288 { PROV_NAMES_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_sha3_512_functions }, 289 290 { PROV_NAMES_SHAKE_128, FIPS_DEFAULT_PROPERTIES, ossl_shake_128_functions }, 291 { PROV_NAMES_SHAKE_256, FIPS_DEFAULT_PROPERTIES, ossl_shake_256_functions }, 292 293 /* 294 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for 295 * KMAC128 and KMAC256. 296 */ 297 { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, 298 ossl_keccak_kmac_128_functions }, 299 { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, 300 ossl_keccak_kmac_256_functions }, 301 { NULL, NULL, NULL } 302 }; 303 304 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { 305 /* Our primary name[:ASN.1 OID name][:our older names] */ 306 ALG(PROV_NAMES_AES_256_ECB, ossl_aes256ecb_functions), 307 ALG(PROV_NAMES_AES_192_ECB, ossl_aes192ecb_functions), 308 ALG(PROV_NAMES_AES_128_ECB, ossl_aes128ecb_functions), 309 ALG(PROV_NAMES_AES_256_CBC, ossl_aes256cbc_functions), 310 ALG(PROV_NAMES_AES_192_CBC, ossl_aes192cbc_functions), 311 ALG(PROV_NAMES_AES_128_CBC, ossl_aes128cbc_functions), 312 ALG(PROV_NAMES_AES_256_CBC_CTS, ossl_aes256cbc_cts_functions), 313 ALG(PROV_NAMES_AES_192_CBC_CTS, ossl_aes192cbc_cts_functions), 314 ALG(PROV_NAMES_AES_128_CBC_CTS, ossl_aes128cbc_cts_functions), 315 ALG(PROV_NAMES_AES_256_OFB, ossl_aes256ofb_functions), 316 ALG(PROV_NAMES_AES_192_OFB, ossl_aes192ofb_functions), 317 ALG(PROV_NAMES_AES_128_OFB, ossl_aes128ofb_functions), 318 ALG(PROV_NAMES_AES_256_CFB, ossl_aes256cfb_functions), 319 ALG(PROV_NAMES_AES_192_CFB, ossl_aes192cfb_functions), 320 ALG(PROV_NAMES_AES_128_CFB, ossl_aes128cfb_functions), 321 ALG(PROV_NAMES_AES_256_CFB1, ossl_aes256cfb1_functions), 322 ALG(PROV_NAMES_AES_192_CFB1, ossl_aes192cfb1_functions), 323 ALG(PROV_NAMES_AES_128_CFB1, ossl_aes128cfb1_functions), 324 ALG(PROV_NAMES_AES_256_CFB8, ossl_aes256cfb8_functions), 325 ALG(PROV_NAMES_AES_192_CFB8, ossl_aes192cfb8_functions), 326 ALG(PROV_NAMES_AES_128_CFB8, ossl_aes128cfb8_functions), 327 ALG(PROV_NAMES_AES_256_CTR, ossl_aes256ctr_functions), 328 ALG(PROV_NAMES_AES_192_CTR, ossl_aes192ctr_functions), 329 ALG(PROV_NAMES_AES_128_CTR, ossl_aes128ctr_functions), 330 ALG(PROV_NAMES_AES_256_XTS, ossl_aes256xts_functions), 331 ALG(PROV_NAMES_AES_128_XTS, ossl_aes128xts_functions), 332 ALG(PROV_NAMES_AES_256_GCM, ossl_aes256gcm_functions), 333 ALG(PROV_NAMES_AES_192_GCM, ossl_aes192gcm_functions), 334 ALG(PROV_NAMES_AES_128_GCM, ossl_aes128gcm_functions), 335 ALG(PROV_NAMES_AES_256_CCM, ossl_aes256ccm_functions), 336 ALG(PROV_NAMES_AES_192_CCM, ossl_aes192ccm_functions), 337 ALG(PROV_NAMES_AES_128_CCM, ossl_aes128ccm_functions), 338 ALG(PROV_NAMES_AES_256_WRAP, ossl_aes256wrap_functions), 339 ALG(PROV_NAMES_AES_192_WRAP, ossl_aes192wrap_functions), 340 ALG(PROV_NAMES_AES_128_WRAP, ossl_aes128wrap_functions), 341 ALG(PROV_NAMES_AES_256_WRAP_PAD, ossl_aes256wrappad_functions), 342 ALG(PROV_NAMES_AES_192_WRAP_PAD, ossl_aes192wrappad_functions), 343 ALG(PROV_NAMES_AES_128_WRAP_PAD, ossl_aes128wrappad_functions), 344 ALG(PROV_NAMES_AES_256_WRAP_INV, ossl_aes256wrapinv_functions), 345 ALG(PROV_NAMES_AES_192_WRAP_INV, ossl_aes192wrapinv_functions), 346 ALG(PROV_NAMES_AES_128_WRAP_INV, ossl_aes128wrapinv_functions), 347 ALG(PROV_NAMES_AES_256_WRAP_PAD_INV, ossl_aes256wrappadinv_functions), 348 ALG(PROV_NAMES_AES_192_WRAP_PAD_INV, ossl_aes192wrappadinv_functions), 349 ALG(PROV_NAMES_AES_128_WRAP_PAD_INV, ossl_aes128wrappadinv_functions), 350 ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1, ossl_aes128cbc_hmac_sha1_functions, 351 ossl_cipher_capable_aes_cbc_hmac_sha1), 352 ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1, ossl_aes256cbc_hmac_sha1_functions, 353 ossl_cipher_capable_aes_cbc_hmac_sha1), 354 ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA256, ossl_aes128cbc_hmac_sha256_functions, 355 ossl_cipher_capable_aes_cbc_hmac_sha256), 356 ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, 357 ossl_cipher_capable_aes_cbc_hmac_sha256), 358 #ifndef OPENSSL_NO_DES 359 ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), 360 ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), 361 #endif /* OPENSSL_NO_DES */ 362 { { NULL, NULL, NULL }, NULL } 363 }; 364 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; 365 366 static const OSSL_ALGORITHM fips_macs[] = { 367 #ifndef OPENSSL_NO_CMAC 368 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, 369 #endif 370 { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, 371 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, 372 { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, 373 { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, 374 { NULL, NULL, NULL } 375 }; 376 377 static const OSSL_ALGORITHM fips_macs_internal[] = { 378 #ifndef OPENSSL_NO_CMAC 379 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, 380 #endif 381 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_internal_functions }, 382 { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_internal_functions }, 383 { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_internal_functions }, 384 { NULL, NULL, NULL } 385 }; 386 387 static const OSSL_ALGORITHM fips_kdfs[] = { 388 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, 389 { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, 390 ossl_kdf_tls1_3_kdf_functions }, 391 { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, 392 { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, 393 { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, 394 { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, 395 ossl_kdf_x963_kdf_functions }, 396 { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, 397 ossl_kdf_x942_kdf_functions }, 398 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, 399 ossl_kdf_tls1_prf_functions }, 400 { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, 401 { NULL, NULL, NULL } 402 }; 403 404 static const OSSL_ALGORITHM fips_rands[] = { 405 { PROV_NAMES_CRNG_TEST, FIPS_UNAPPROVED_PROPERTIES, ossl_crng_test_functions }, 406 { PROV_NAMES_CTR_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_ctr_functions }, 407 { PROV_NAMES_HASH_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_hash_functions }, 408 { PROV_NAMES_HMAC_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_ossl_hmac_functions }, 409 #ifndef OPENSSL_NO_FIPS_JITTER 410 { PROV_NAMES_JITTER, FIPS_DEFAULT_PROPERTIES, ossl_jitter_functions }, 411 #endif 412 { PROV_NAMES_TEST_RAND, FIPS_UNAPPROVED_PROPERTIES, ossl_test_rng_functions }, 413 { NULL, NULL, NULL } 414 }; 415 416 static const OSSL_ALGORITHM fips_keyexch[] = { 417 #ifndef OPENSSL_NO_DH 418 { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keyexch_functions }, 419 #endif 420 #ifndef OPENSSL_NO_EC 421 { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, 422 # ifndef OPENSSL_NO_ECX 423 { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions }, 424 { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions }, 425 # endif 426 #endif 427 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, 428 ossl_kdf_tls1_prf_keyexch_functions }, 429 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_keyexch_functions }, 430 { NULL, NULL, NULL } 431 }; 432 433 static const OSSL_ALGORITHM fips_signature[] = { 434 #ifndef OPENSSL_NO_DSA 435 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, 436 { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions }, 437 { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions }, 438 { PROV_NAMES_DSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha256_signature_functions }, 439 { PROV_NAMES_DSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha384_signature_functions }, 440 { PROV_NAMES_DSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha512_signature_functions }, 441 { PROV_NAMES_DSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_224_signature_functions }, 442 { PROV_NAMES_DSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_256_signature_functions }, 443 { PROV_NAMES_DSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_384_signature_functions }, 444 { PROV_NAMES_DSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_512_signature_functions }, 445 #endif 446 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, 447 { PROV_NAMES_RSA_SHA1, FIPS_DEFAULT_PROPERTIES, 448 ossl_rsa_sha1_signature_functions }, 449 { PROV_NAMES_RSA_SHA224, FIPS_DEFAULT_PROPERTIES, 450 ossl_rsa_sha224_signature_functions }, 451 { PROV_NAMES_RSA_SHA256, FIPS_DEFAULT_PROPERTIES, 452 ossl_rsa_sha256_signature_functions }, 453 { PROV_NAMES_RSA_SHA384, FIPS_DEFAULT_PROPERTIES, 454 ossl_rsa_sha384_signature_functions }, 455 { PROV_NAMES_RSA_SHA512, FIPS_DEFAULT_PROPERTIES, 456 ossl_rsa_sha512_signature_functions }, 457 { PROV_NAMES_RSA_SHA512_224, FIPS_DEFAULT_PROPERTIES, 458 ossl_rsa_sha512_224_signature_functions }, 459 { PROV_NAMES_RSA_SHA512_256, FIPS_DEFAULT_PROPERTIES, 460 ossl_rsa_sha512_256_signature_functions }, 461 { PROV_NAMES_RSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, 462 ossl_rsa_sha3_224_signature_functions }, 463 { PROV_NAMES_RSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, 464 ossl_rsa_sha3_256_signature_functions }, 465 { PROV_NAMES_RSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, 466 ossl_rsa_sha3_384_signature_functions }, 467 { PROV_NAMES_RSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, 468 ossl_rsa_sha3_512_signature_functions }, 469 #ifndef OPENSSL_NO_EC 470 # ifndef OPENSSL_NO_ECX 471 { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, 472 ossl_ed25519_signature_functions }, 473 { PROV_NAMES_ED25519ph, FIPS_DEFAULT_PROPERTIES, 474 ossl_ed25519ph_signature_functions }, 475 { PROV_NAMES_ED25519ctx, FIPS_DEFAULT_PROPERTIES, 476 ossl_ed25519ctx_signature_functions }, 477 { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, 478 ossl_ed448_signature_functions }, 479 { PROV_NAMES_ED448ph, FIPS_DEFAULT_PROPERTIES, 480 ossl_ed448ph_signature_functions }, 481 # endif 482 { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, 483 { PROV_NAMES_ECDSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha1_signature_functions }, 484 { PROV_NAMES_ECDSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha224_signature_functions }, 485 { PROV_NAMES_ECDSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha256_signature_functions }, 486 { PROV_NAMES_ECDSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha384_signature_functions }, 487 { PROV_NAMES_ECDSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha512_signature_functions }, 488 { PROV_NAMES_ECDSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_224_signature_functions }, 489 { PROV_NAMES_ECDSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_256_signature_functions }, 490 { PROV_NAMES_ECDSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_384_signature_functions }, 491 { PROV_NAMES_ECDSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_512_signature_functions }, 492 #endif 493 #ifndef OPENSSL_NO_ML_DSA 494 { PROV_NAMES_ML_DSA_44, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_44_signature_functions }, 495 { PROV_NAMES_ML_DSA_65, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_65_signature_functions }, 496 { PROV_NAMES_ML_DSA_87, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_87_signature_functions }, 497 #endif 498 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, 499 ossl_mac_legacy_hmac_signature_functions }, 500 #ifndef OPENSSL_NO_CMAC 501 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, 502 ossl_mac_legacy_cmac_signature_functions }, 503 #endif 504 #ifndef OPENSSL_NO_SLH_DSA 505 { PROV_NAMES_SLH_DSA_SHA2_128S, FIPS_DEFAULT_PROPERTIES, 506 ossl_slh_dsa_sha2_128s_signature_functions, PROV_DESCS_SLH_DSA_SHA2_128S }, 507 { PROV_NAMES_SLH_DSA_SHA2_128F, FIPS_DEFAULT_PROPERTIES, 508 ossl_slh_dsa_sha2_128f_signature_functions, PROV_DESCS_SLH_DSA_SHA2_128F }, 509 { PROV_NAMES_SLH_DSA_SHA2_192S, FIPS_DEFAULT_PROPERTIES, 510 ossl_slh_dsa_sha2_192s_signature_functions, PROV_DESCS_SLH_DSA_SHA2_192S }, 511 { PROV_NAMES_SLH_DSA_SHA2_192F, FIPS_DEFAULT_PROPERTIES, 512 ossl_slh_dsa_sha2_192f_signature_functions, PROV_DESCS_SLH_DSA_SHA2_192F }, 513 { PROV_NAMES_SLH_DSA_SHA2_256S, FIPS_DEFAULT_PROPERTIES, 514 ossl_slh_dsa_sha2_256s_signature_functions, PROV_DESCS_SLH_DSA_SHA2_256S }, 515 { PROV_NAMES_SLH_DSA_SHA2_256F, FIPS_DEFAULT_PROPERTIES, 516 ossl_slh_dsa_sha2_256f_signature_functions, PROV_DESCS_SLH_DSA_SHA2_256F }, 517 { PROV_NAMES_SLH_DSA_SHAKE_128S, FIPS_DEFAULT_PROPERTIES, 518 ossl_slh_dsa_shake_128s_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_128S }, 519 { PROV_NAMES_SLH_DSA_SHAKE_128F, FIPS_DEFAULT_PROPERTIES, 520 ossl_slh_dsa_shake_128f_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_128F }, 521 { PROV_NAMES_SLH_DSA_SHAKE_192S, FIPS_DEFAULT_PROPERTIES, 522 ossl_slh_dsa_shake_192s_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_192S }, 523 { PROV_NAMES_SLH_DSA_SHAKE_192F, FIPS_DEFAULT_PROPERTIES, 524 ossl_slh_dsa_shake_192f_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_192F }, 525 { PROV_NAMES_SLH_DSA_SHAKE_256S, FIPS_DEFAULT_PROPERTIES, 526 ossl_slh_dsa_shake_256s_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_256S }, 527 { PROV_NAMES_SLH_DSA_SHAKE_256F, FIPS_DEFAULT_PROPERTIES, 528 ossl_slh_dsa_shake_256f_signature_functions, PROV_DESCS_SLH_DSA_SHAKE_256F }, 529 #endif /* OPENSSL_NO_SLH_DSA */ 530 { NULL, NULL, NULL } 531 }; 532 533 static const OSSL_ALGORITHM fips_asym_cipher[] = { 534 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, 535 { NULL, NULL, NULL } 536 }; 537 538 static const OSSL_ALGORITHM fips_asym_kem[] = { 539 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_kem_functions }, 540 #ifndef OPENSSL_NO_ML_KEM 541 { PROV_NAMES_ML_KEM_512, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions }, 542 { PROV_NAMES_ML_KEM_768, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions }, 543 { PROV_NAMES_ML_KEM_1024, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_asym_kem_functions }, 544 # if !defined(OPENSSL_NO_ECX) 545 { "X25519MLKEM768", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 546 { "X448MLKEM1024", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 547 # endif 548 # if !defined(OPENSSL_NO_EC) 549 { "SecP256r1MLKEM768", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 550 { "SecP384r1MLKEM1024", FIPS_DEFAULT_PROPERTIES, ossl_mlx_kem_asym_kem_functions }, 551 # endif 552 #endif 553 { NULL, NULL, NULL } 554 }; 555 556 static const OSSL_ALGORITHM fips_keymgmt[] = { 557 #ifndef OPENSSL_NO_DH 558 { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions, 559 PROV_DESCS_DH }, 560 { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions, 561 PROV_DESCS_DHX }, 562 #endif 563 #ifndef OPENSSL_NO_DSA 564 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, 565 PROV_DESCS_DSA }, 566 #endif 567 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, 568 PROV_DESCS_RSA }, 569 { PROV_NAMES_RSA_PSS, FIPS_DEFAULT_PROPERTIES, 570 ossl_rsapss_keymgmt_functions, PROV_DESCS_RSA_PSS }, 571 #ifndef OPENSSL_NO_EC 572 { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, 573 PROV_DESCS_EC }, 574 # ifndef OPENSSL_NO_ECX 575 { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions, 576 PROV_DESCS_X25519 }, 577 { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions, 578 PROV_DESCS_X448 }, 579 { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, 580 PROV_DESCS_ED25519 }, 581 { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, 582 PROV_DESCS_ED448 }, 583 # endif 584 #endif 585 #ifndef OPENSSL_NO_ML_DSA 586 { PROV_NAMES_ML_DSA_44, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_44_keymgmt_functions, 587 PROV_DESCS_ML_DSA_44 }, 588 { PROV_NAMES_ML_DSA_65, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_65_keymgmt_functions, 589 PROV_DESCS_ML_DSA_65 }, 590 { PROV_NAMES_ML_DSA_87, FIPS_DEFAULT_PROPERTIES, ossl_ml_dsa_87_keymgmt_functions, 591 PROV_DESCS_ML_DSA_87 }, 592 #endif /* OPENSSL_NO_ML_DSA */ 593 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, 594 PROV_DESCS_TLS1_PRF_SIGN }, 595 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, 596 PROV_DESCS_HKDF_SIGN }, 597 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_mac_legacy_keymgmt_functions, 598 PROV_DESCS_HMAC_SIGN }, 599 #ifndef OPENSSL_NO_CMAC 600 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, 601 ossl_cmac_legacy_keymgmt_functions, PROV_DESCS_CMAC_SIGN }, 602 #endif 603 #ifndef OPENSSL_NO_ML_KEM 604 { PROV_NAMES_ML_KEM_512, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_512_keymgmt_functions, 605 PROV_DESCS_ML_KEM_512 }, 606 { PROV_NAMES_ML_KEM_768, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_768_keymgmt_functions, 607 PROV_DESCS_ML_KEM_768 }, 608 { PROV_NAMES_ML_KEM_1024, FIPS_DEFAULT_PROPERTIES, ossl_ml_kem_1024_keymgmt_functions, 609 PROV_DESCS_ML_KEM_1024 }, 610 # if !defined(OPENSSL_NO_ECX) 611 { PROV_NAMES_X25519MLKEM768, FIPS_DEFAULT_PROPERTIES, ossl_mlx_x25519_kem_kmgmt_functions, 612 PROV_DESCS_X25519MLKEM768 }, 613 { PROV_NAMES_X448MLKEM1024, FIPS_DEFAULT_PROPERTIES, ossl_mlx_x448_kem_kmgmt_functions, 614 PROV_DESCS_X448MLKEM1024 }, 615 # endif 616 # if !defined(OPENSSL_NO_EC) 617 { PROV_NAMES_SecP256r1MLKEM768, FIPS_DEFAULT_PROPERTIES, ossl_mlx_p256_kem_kmgmt_functions, 618 PROV_DESCS_SecP256r1MLKEM768 }, 619 { PROV_NAMES_SecP384r1MLKEM1024, FIPS_DEFAULT_PROPERTIES, ossl_mlx_p384_kem_kmgmt_functions, 620 PROV_DESCS_SecP384r1MLKEM1024 }, 621 # endif 622 #endif 623 #ifndef OPENSSL_NO_SLH_DSA 624 { PROV_NAMES_SLH_DSA_SHA2_128S, FIPS_DEFAULT_PROPERTIES, 625 ossl_slh_dsa_sha2_128s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_128S }, 626 { PROV_NAMES_SLH_DSA_SHA2_128F, FIPS_DEFAULT_PROPERTIES, 627 ossl_slh_dsa_sha2_128f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_128F }, 628 { PROV_NAMES_SLH_DSA_SHA2_192S, FIPS_DEFAULT_PROPERTIES, 629 ossl_slh_dsa_sha2_192s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_192S }, 630 { PROV_NAMES_SLH_DSA_SHA2_192F, FIPS_DEFAULT_PROPERTIES, 631 ossl_slh_dsa_sha2_192f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_192F }, 632 { PROV_NAMES_SLH_DSA_SHA2_256S, FIPS_DEFAULT_PROPERTIES, 633 ossl_slh_dsa_sha2_256s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_256S }, 634 { PROV_NAMES_SLH_DSA_SHA2_256F, FIPS_DEFAULT_PROPERTIES, 635 ossl_slh_dsa_sha2_256f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHA2_256F }, 636 { PROV_NAMES_SLH_DSA_SHAKE_128S, FIPS_DEFAULT_PROPERTIES, 637 ossl_slh_dsa_shake_128s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_128S }, 638 { PROV_NAMES_SLH_DSA_SHAKE_128F, FIPS_DEFAULT_PROPERTIES, 639 ossl_slh_dsa_shake_128f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_128F }, 640 { PROV_NAMES_SLH_DSA_SHAKE_192S, FIPS_DEFAULT_PROPERTIES, 641 ossl_slh_dsa_shake_192s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_192S }, 642 { PROV_NAMES_SLH_DSA_SHAKE_192F, FIPS_DEFAULT_PROPERTIES, 643 ossl_slh_dsa_shake_192f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_192F }, 644 { PROV_NAMES_SLH_DSA_SHAKE_256S, FIPS_DEFAULT_PROPERTIES, 645 ossl_slh_dsa_shake_256s_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_256S }, 646 { PROV_NAMES_SLH_DSA_SHAKE_256F, FIPS_DEFAULT_PROPERTIES, 647 ossl_slh_dsa_shake_256f_keymgmt_functions, PROV_DESCS_SLH_DSA_SHAKE_256F }, 648 #endif /* OPENSSL_NO_SLH_DSA */ 649 { NULL, NULL, NULL } 650 }; 651 652 static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, 653 int *no_cache) 654 { 655 *no_cache = 0; 656 657 if (!ossl_prov_is_running()) 658 return NULL; 659 660 switch (operation_id) { 661 case OSSL_OP_DIGEST: 662 return fips_digests; 663 case OSSL_OP_CIPHER: 664 return exported_fips_ciphers; 665 case OSSL_OP_MAC: 666 return fips_macs; 667 case OSSL_OP_KDF: 668 return fips_kdfs; 669 case OSSL_OP_RAND: 670 return fips_rands; 671 case OSSL_OP_KEYMGMT: 672 return fips_keymgmt; 673 case OSSL_OP_KEYEXCH: 674 return fips_keyexch; 675 case OSSL_OP_SIGNATURE: 676 return fips_signature; 677 case OSSL_OP_ASYM_CIPHER: 678 return fips_asym_cipher; 679 case OSSL_OP_KEM: 680 return fips_asym_kem; 681 } 682 return NULL; 683 } 684 685 static const OSSL_ALGORITHM *fips_query_internal(void *provctx, int operation_id, 686 int *no_cache) 687 { 688 if (operation_id == OSSL_OP_MAC) { 689 *no_cache = 0; 690 if (!ossl_prov_is_running()) 691 return NULL; 692 return fips_macs_internal; 693 } 694 return fips_query(provctx, operation_id, no_cache); 695 } 696 697 static void fips_teardown(void *provctx) 698 { 699 OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); 700 ossl_prov_ctx_free(provctx); 701 } 702 703 static void fips_intern_teardown(void *provctx) 704 { 705 /* 706 * We know that the library context is the same as for the outer provider, 707 * so no need to destroy it here. 708 */ 709 ossl_prov_ctx_free(provctx); 710 } 711 712 /* Functions we provide to the core */ 713 static const OSSL_DISPATCH fips_dispatch_table[] = { 714 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown }, 715 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, 716 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, 717 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, 718 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, 719 (void (*)(void))ossl_prov_get_capabilities }, 720 { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, 721 { OSSL_FUNC_PROVIDER_RANDOM_BYTES, (void (*)(void))fips_random_bytes }, 722 OSSL_DISPATCH_END 723 }; 724 725 /* Functions we provide to ourself */ 726 static const OSSL_DISPATCH intern_dispatch_table[] = { 727 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, 728 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query_internal }, 729 OSSL_DISPATCH_END 730 }; 731 732 /* 733 * On VMS, the provider init function name is expected to be uppercase, 734 * see the pragmas in <openssl/core.h>. Let's do the same with this 735 * internal name. This is how symbol names are treated by default 736 * by the compiler if nothing else is said, but since this is part 737 * of libfips, and we build our libraries with mixed case symbol names, 738 * we must switch back to this default explicitly here. 739 */ 740 #ifdef __VMS 741 # pragma names save 742 # pragma names uppercase,truncated 743 #endif 744 OSSL_provider_init_fn OSSL_provider_init_int; 745 #ifdef __VMS 746 # pragma names restore 747 #endif 748 int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, 749 const OSSL_DISPATCH *in, 750 const OSSL_DISPATCH **out, 751 void **provctx) 752 { 753 FIPS_GLOBAL *fgbl; 754 OSSL_LIB_CTX *libctx = NULL; 755 SELF_TEST_POST_PARAMS selftest_params; 756 757 memset(&selftest_params, 0, sizeof(selftest_params)); 758 759 if (!ossl_prov_seeding_from_dispatch(in)) 760 goto err; 761 for (; in->function_id != 0; in++) { 762 /* 763 * We do not support the scenario of an application linked against 764 * multiple versions of libcrypto (e.g. one static and one dynamic), but 765 * sharing a single fips.so. We do a simple sanity check here. 766 */ 767 #define set_func(c, f) if (c == NULL) c = f; else if (c != f) return 0; 768 switch (in->function_id) { 769 case OSSL_FUNC_CORE_GET_LIBCTX: 770 set_func(c_get_libctx, OSSL_FUNC_core_get_libctx(in)); 771 break; 772 case OSSL_FUNC_CORE_GETTABLE_PARAMS: 773 set_func(c_gettable_params, OSSL_FUNC_core_gettable_params(in)); 774 break; 775 case OSSL_FUNC_CORE_GET_PARAMS: 776 set_func(c_get_params, OSSL_FUNC_core_get_params(in)); 777 break; 778 case OSSL_FUNC_CORE_THREAD_START: 779 set_func(c_thread_start, OSSL_FUNC_core_thread_start(in)); 780 break; 781 case OSSL_FUNC_CORE_NEW_ERROR: 782 set_func(c_new_error, OSSL_FUNC_core_new_error(in)); 783 break; 784 case OSSL_FUNC_CORE_SET_ERROR_DEBUG: 785 set_func(c_set_error_debug, OSSL_FUNC_core_set_error_debug(in)); 786 break; 787 case OSSL_FUNC_CORE_VSET_ERROR: 788 set_func(c_vset_error, OSSL_FUNC_core_vset_error(in)); 789 break; 790 case OSSL_FUNC_CORE_SET_ERROR_MARK: 791 set_func(c_set_error_mark, OSSL_FUNC_core_set_error_mark(in)); 792 break; 793 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: 794 set_func(c_clear_last_error_mark, 795 OSSL_FUNC_core_clear_last_error_mark(in)); 796 break; 797 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: 798 set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); 799 break; 800 case OSSL_FUNC_CRYPTO_MALLOC: 801 set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in)); 802 break; 803 case OSSL_FUNC_CRYPTO_ZALLOC: 804 set_func(c_CRYPTO_zalloc, OSSL_FUNC_CRYPTO_zalloc(in)); 805 break; 806 case OSSL_FUNC_CRYPTO_FREE: 807 set_func(c_CRYPTO_free, OSSL_FUNC_CRYPTO_free(in)); 808 break; 809 case OSSL_FUNC_CRYPTO_CLEAR_FREE: 810 set_func(c_CRYPTO_clear_free, OSSL_FUNC_CRYPTO_clear_free(in)); 811 break; 812 case OSSL_FUNC_CRYPTO_REALLOC: 813 set_func(c_CRYPTO_realloc, OSSL_FUNC_CRYPTO_realloc(in)); 814 break; 815 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: 816 set_func(c_CRYPTO_clear_realloc, 817 OSSL_FUNC_CRYPTO_clear_realloc(in)); 818 break; 819 case OSSL_FUNC_CRYPTO_SECURE_MALLOC: 820 set_func(c_CRYPTO_secure_malloc, 821 OSSL_FUNC_CRYPTO_secure_malloc(in)); 822 break; 823 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: 824 set_func(c_CRYPTO_secure_zalloc, 825 OSSL_FUNC_CRYPTO_secure_zalloc(in)); 826 break; 827 case OSSL_FUNC_CRYPTO_SECURE_FREE: 828 set_func(c_CRYPTO_secure_free, 829 OSSL_FUNC_CRYPTO_secure_free(in)); 830 break; 831 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: 832 set_func(c_CRYPTO_secure_clear_free, 833 OSSL_FUNC_CRYPTO_secure_clear_free(in)); 834 break; 835 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: 836 set_func(c_CRYPTO_secure_allocated, 837 OSSL_FUNC_CRYPTO_secure_allocated(in)); 838 break; 839 case OSSL_FUNC_BIO_NEW_FILE: 840 set_func(selftest_params.bio_new_file_cb, 841 OSSL_FUNC_BIO_new_file(in)); 842 break; 843 case OSSL_FUNC_BIO_NEW_MEMBUF: 844 set_func(selftest_params.bio_new_buffer_cb, 845 OSSL_FUNC_BIO_new_membuf(in)); 846 break; 847 case OSSL_FUNC_BIO_READ_EX: 848 set_func(selftest_params.bio_read_ex_cb, 849 OSSL_FUNC_BIO_read_ex(in)); 850 break; 851 case OSSL_FUNC_BIO_FREE: 852 set_func(selftest_params.bio_free_cb, OSSL_FUNC_BIO_free(in)); 853 break; 854 case OSSL_FUNC_BIO_VSNPRINTF: 855 set_func(c_BIO_vsnprintf, OSSL_FUNC_BIO_vsnprintf(in)); 856 break; 857 case OSSL_FUNC_SELF_TEST_CB: 858 set_func(c_stcbfn, OSSL_FUNC_self_test_cb(in)); 859 break; 860 case OSSL_FUNC_INDICATOR_CB: 861 set_func(c_indcbfn, OSSL_FUNC_indicator_cb(in)); 862 break; 863 default: 864 /* Just ignore anything we don't understand */ 865 break; 866 } 867 } 868 869 OPENSSL_cpuid_setup(); 870 871 /* Create a context. */ 872 if ((*provctx = ossl_prov_ctx_new()) == NULL 873 || (libctx = OSSL_LIB_CTX_new()) == NULL) 874 goto err; 875 876 if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX)) == NULL) 877 goto err; 878 879 fgbl->handle = handle; 880 881 /* 882 * We need to register this thread to receive thread lifecycle callbacks. 883 * This wouldn't matter if the current thread is also the same thread that 884 * closes the FIPS provider down. But if that happens on a different thread 885 * then memory leaks could otherwise occur. 886 */ 887 if (!ossl_thread_register_fips(libctx)) 888 goto err; 889 890 /* 891 * Ensure our internal provider is loaded. We use this whenever the FIPS 892 * provider internally uses the EVP API. We proactively load this now 893 * rather than waiting for lazy loading to ensure it is always present when 894 * we need it. 895 */ 896 if (!ossl_provider_activate_fallbacks(libctx)) 897 goto err; 898 899 /* 900 * We did initial set up of selftest_params in a local copy, because we 901 * could not create fgbl until c_CRYPTO_zalloc was defined in the loop 902 * above. 903 */ 904 fgbl->selftest_params = selftest_params; 905 906 fgbl->selftest_params.libctx = libctx; 907 908 set_self_test_cb(fgbl); 909 910 if (!fips_get_params_from_core(fgbl)) { 911 /* Error already raised */ 912 goto err; 913 } 914 /* 915 * Disable the conditional error check if it's disabled in the fips config 916 * file. 917 */ 918 if (fgbl->selftest_params.conditional_error_check != NULL 919 && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0) 920 SELF_TEST_disable_conditional_error_state(); 921 922 /* Enable or disable FIPS provider options */ 923 #define OSSL_FIPS_PARAM(structname, paramname, unused) \ 924 if (fgbl->fips_##structname.option != NULL) { \ 925 if (strcmp(fgbl->fips_##structname.option, "1") == 0) \ 926 fgbl->fips_##structname.enabled = 1; \ 927 else if (strcmp(fgbl->fips_##structname.option, "0") == 0) \ 928 fgbl->fips_##structname.enabled = 0; \ 929 else \ 930 goto err; \ 931 } 932 #include "fips_indicator_params.inc" 933 #undef OSSL_FIPS_PARAM 934 935 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); 936 937 if (!SELF_TEST_post(&fgbl->selftest_params, 0)) { 938 ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE); 939 goto err; 940 } 941 942 ossl_prov_ctx_set0_libctx(*provctx, libctx); 943 ossl_prov_ctx_set0_core_get_params(*provctx, c_get_params); 944 ossl_prov_ctx_set0_handle(*provctx, handle); 945 946 *out = fips_dispatch_table; 947 return 1; 948 err: 949 fips_teardown(*provctx); 950 OSSL_LIB_CTX_free(libctx); 951 *provctx = NULL; 952 return 0; 953 } 954 955 /* 956 * The internal init function used when the FIPS module uses EVP to call 957 * another algorithm also in the FIPS module. This is a recursive call that has 958 * been made from within the FIPS module itself. To make this work, we populate 959 * the provider context of this inner instance with the same library context 960 * that was used in the EVP call that initiated this recursive call. 961 */ 962 OSSL_provider_init_fn ossl_fips_intern_provider_init; 963 int ossl_fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, 964 const OSSL_DISPATCH *in, 965 const OSSL_DISPATCH **out, 966 void **provctx) 967 { 968 OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL; 969 970 for (; in->function_id != 0; in++) { 971 switch (in->function_id) { 972 case OSSL_FUNC_CORE_GET_LIBCTX: 973 c_internal_get_libctx = OSSL_FUNC_core_get_libctx(in); 974 break; 975 default: 976 break; 977 } 978 } 979 980 if (c_internal_get_libctx == NULL) 981 return 0; 982 983 if ((*provctx = ossl_prov_ctx_new()) == NULL) 984 return 0; 985 986 /* 987 * Using the parent library context only works because we are a built-in 988 * internal provider. This is not something that most providers would be 989 * able to do. 990 */ 991 ossl_prov_ctx_set0_libctx(*provctx, 992 (OSSL_LIB_CTX *)c_internal_get_libctx(handle)); 993 ossl_prov_ctx_set0_handle(*provctx, handle); 994 995 *out = intern_dispatch_table; 996 return 1; 997 } 998 999 void ERR_new(void) 1000 { 1001 c_new_error(NULL); 1002 } 1003 1004 void ERR_set_debug(const char *file, int line, const char *func) 1005 { 1006 c_set_error_debug(NULL, file, line, func); 1007 } 1008 1009 void ERR_set_error(int lib, int reason, const char *fmt, ...) 1010 { 1011 va_list args; 1012 1013 va_start(args, fmt); 1014 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); 1015 va_end(args); 1016 } 1017 1018 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) 1019 { 1020 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); 1021 } 1022 1023 int ERR_set_mark(void) 1024 { 1025 return c_set_error_mark(NULL); 1026 } 1027 1028 int ERR_clear_last_mark(void) 1029 { 1030 return c_clear_last_error_mark(NULL); 1031 } 1032 1033 int ERR_pop_to_mark(void) 1034 { 1035 return c_pop_error_to_mark(NULL); 1036 } 1037 1038 /* 1039 * This must take a library context, since it's called from the depths 1040 * of crypto/initthread.c code, where it's (correctly) assumed that the 1041 * passed caller argument is an OSSL_LIB_CTX pointer (since the same routine 1042 * is also called from other parts of libcrypto, which all pass around a 1043 * OSSL_LIB_CTX pointer) 1044 */ 1045 const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) 1046 { 1047 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, 1048 OSSL_LIB_CTX_FIPS_PROV_INDEX); 1049 1050 if (fgbl == NULL) 1051 return NULL; 1052 1053 return fgbl->handle; 1054 } 1055 1056 void *CRYPTO_malloc(size_t num, const char *file, int line) 1057 { 1058 return c_CRYPTO_malloc(num, file, line); 1059 } 1060 1061 void *CRYPTO_zalloc(size_t num, const char *file, int line) 1062 { 1063 return c_CRYPTO_zalloc(num, file, line); 1064 } 1065 1066 void CRYPTO_free(void *ptr, const char *file, int line) 1067 { 1068 c_CRYPTO_free(ptr, file, line); 1069 } 1070 1071 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) 1072 { 1073 c_CRYPTO_clear_free(ptr, num, file, line); 1074 } 1075 1076 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) 1077 { 1078 return c_CRYPTO_realloc(addr, num, file, line); 1079 } 1080 1081 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, 1082 const char *file, int line) 1083 { 1084 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); 1085 } 1086 1087 void *CRYPTO_secure_malloc(size_t num, const char *file, int line) 1088 { 1089 return c_CRYPTO_secure_malloc(num, file, line); 1090 } 1091 1092 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) 1093 { 1094 return c_CRYPTO_secure_zalloc(num, file, line); 1095 } 1096 1097 void CRYPTO_secure_free(void *ptr, const char *file, int line) 1098 { 1099 c_CRYPTO_secure_free(ptr, file, line); 1100 } 1101 1102 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) 1103 { 1104 c_CRYPTO_secure_clear_free(ptr, num, file, line); 1105 } 1106 1107 int CRYPTO_secure_allocated(const void *ptr) 1108 { 1109 return c_CRYPTO_secure_allocated(ptr); 1110 } 1111 1112 void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, 1113 const char *file, int line) 1114 { 1115 return NULL; 1116 } 1117 1118 int BIO_snprintf(char *buf, size_t n, const char *format, ...) 1119 { 1120 va_list args; 1121 int ret; 1122 1123 va_start(args, format); 1124 ret = c_BIO_vsnprintf(buf, n, format, args); 1125 va_end(args); 1126 return ret; 1127 } 1128 1129 #define OSSL_FIPS_PARAM(structname, paramname, unused) \ 1130 int ossl_fips_config_##structname(OSSL_LIB_CTX *libctx) \ 1131 { \ 1132 FIPS_GLOBAL *fgbl = \ 1133 ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX); \ 1134 \ 1135 return fgbl->fips_##structname.enabled; \ 1136 } 1137 #include "fips_indicator_params.inc" 1138 #undef OSSL_FIPS_PARAM 1139 1140 void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, 1141 void **cbarg) 1142 { 1143 assert(libctx != NULL); 1144 1145 if (c_stcbfn != NULL && c_get_libctx != NULL) { 1146 /* Get the parent libctx */ 1147 c_stcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb, cbarg); 1148 } else { 1149 if (cb != NULL) 1150 *cb = NULL; 1151 if (cbarg != NULL) 1152 *cbarg = NULL; 1153 } 1154 } 1155 1156 void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx, 1157 OSSL_INDICATOR_CALLBACK **cb) 1158 { 1159 assert(libctx != NULL); 1160 1161 if (c_indcbfn != NULL && c_get_libctx != NULL) { 1162 /* Get the parent libctx */ 1163 c_indcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb); 1164 } else { 1165 if (cb != NULL) 1166 *cb = NULL; 1167 } 1168 } 1169