Param builder: make the OSSL_PARAM_BLD APIs public.
[openssl.git] / providers / fips / fipsprov.c
1 /*
2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <string.h>
11 #include <stdio.h>
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
19
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
25
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/nelem.h"
29 #include "openssl/param_build.h"
30 #include "crypto/evp.h"
31 #include "prov/implementations.h"
32 #include "prov/provider_ctx.h"
33 #include "prov/providercommon.h"
34 #include "prov/provider_util.h"
35 #include "self_test.h"
36
37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
39
40 extern OSSL_core_thread_start_fn *c_thread_start;
41
42 /*
43  * TODO(3.0): Should these be stored in the provider side provctx? Could they
44  * ever be different from one init to the next? Unfortunately we can't do this
45  * at the moment because c_put_error/c_add_error_vdata do not provide
46  * us with the OPENSSL_CTX as a parameter.
47  */
48
49 static SELF_TEST_POST_PARAMS selftest_params;
50
51 /* Functions provided by the core */
52 static OSSL_core_gettable_params_fn *c_gettable_params;
53 static OSSL_core_get_params_fn *c_get_params;
54 OSSL_core_thread_start_fn *c_thread_start;
55 static OSSL_core_new_error_fn *c_new_error;
56 static OSSL_core_set_error_debug_fn *c_set_error_debug;
57 static OSSL_core_vset_error_fn *c_vset_error;
58 static OSSL_core_set_error_mark_fn *c_set_error_mark;
59 static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
60 static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
61 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
62 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
63 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
64 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
65 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
66 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
67 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
68 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
69 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
70 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
71 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
72 static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
73
74 typedef struct fips_global_st {
75     const OSSL_PROVIDER *prov;
76 } FIPS_GLOBAL;
77
78 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
79 {
80     FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
81
82     return fgbl;
83 }
84
85 static void fips_prov_ossl_ctx_free(void *fgbl)
86 {
87     OPENSSL_free(fgbl);
88 }
89
90 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
91     fips_prov_ossl_ctx_new,
92     fips_prov_ossl_ctx_free,
93 };
94
95
96 /* Parameters we provide to the core */
97 static const OSSL_PARAM fips_param_types[] = {
98     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
99     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
100     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
101     OSSL_PARAM_END
102 };
103
104 /*
105  * Parameters to retrieve from the core provider - required for self testing.
106  * NOTE: inside core_get_params() these will be loaded from config items
107  * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
108  */
109 static OSSL_PARAM core_params[] =
110 {
111     OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
112                         selftest_params.module_filename,
113                         sizeof(selftest_params.module_filename)),
114     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
115                         selftest_params.module_checksum_data,
116                         sizeof(selftest_params.module_checksum_data)),
117     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
118                         selftest_params.indicator_checksum_data,
119                         sizeof(selftest_params.indicator_checksum_data)),
120     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
121                         selftest_params.indicator_data,
122                         sizeof(selftest_params.indicator_data)),
123     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
124                         selftest_params.indicator_version,
125                         sizeof(selftest_params.indicator_version)),
126     OSSL_PARAM_END
127 };
128
129 /*
130  * Convert a string into a bignumber.
131  * The array of hex_data is used to get around compilers that dont like
132  * strings longer than 509 bytes,
133  */
134 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
135 static int hextobn(const char *hex_data[], BIGNUM **bn)
136 {
137     int ret = 0;
138     int i, slen;
139     char *str = NULL;
140
141     /* Get the total length of the strings */
142     for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
143         slen += strlen(hex_data[i]);
144
145     /* Add 1 for the string terminator */
146     str = OPENSSL_zalloc(slen + 1);
147     if (str == NULL)
148         return 0;
149
150     /* join the strings together into 1 buffer */
151     for (i = 0; hex_data[i] != NULL; ++i)
152         strcat(str, hex_data[i]);
153
154     if (BN_hex2bn(bn, str) <= 0)
155         goto err;
156     ret = 1;
157 err:
158     OPENSSL_free(str);
159     return ret;
160 }
161 #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
162
163 #ifndef OPENSSL_NO_DH
164 static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
165 {
166     int ret = 0, sz;
167     BIGNUM *bn = NULL;
168     unsigned char *buf = NULL;
169
170     if (!hextobn(hex_data, &bn))
171         return 0;
172     sz = BN_num_bytes(bn);
173     buf = OPENSSL_zalloc(sz);
174     if (buf == NULL)
175         goto err;
176     if (BN_bn2binpad(bn, buf, sz) <= 0)
177         goto err;
178
179     *out = buf;
180     *len = sz;
181     buf = NULL; /* Set to NULL so it is not freed */
182     ret = 1;
183 err:
184     OPENSSL_free(buf);
185     BN_free(bn);
186     return ret;
187 }
188 #endif
189
190 #ifndef OPENSSL_NO_DSA
191 static int dsa_key_signature_test(OPENSSL_CTX *libctx)
192 {
193     int ret = 0;
194     BIGNUM *p = NULL, *q = NULL, *g = NULL;
195     BIGNUM *pub = NULL, *priv = NULL;
196     OSSL_PARAM *params = NULL, *params_sig = NULL;
197     OSSL_PARAM_BLD bld;
198     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
199     EVP_PKEY *pkey = NULL;
200     unsigned char sig[64];
201     size_t siglen;
202
203     static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
204         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
205         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
206         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
207     };
208     /* dsa 2048 */
209     static const char *dsa_p_hex[] = {
210         "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
211         "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
212         "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
213         "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
214         "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
215         "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
216         "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
217         "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
218          NULL
219     };
220     static const char *dsa_q_hex[] = {
221         "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
222         NULL
223     };
224     static const char *dsa_g_hex[] = {
225         "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
226         "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
227         "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
228         "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
229         "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
230         "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
231         "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
232         "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
233         NULL
234     };
235     static const char *dsa_pub_hex[] = {
236         "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
237         "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
238         "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
239         "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
240         "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
241         "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
242         "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
243         "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
244         NULL
245     };
246     static const char *dsa_priv_hex[] = {
247         "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
248         NULL
249     };
250
251     if (!hextobn(dsa_p_hex, &p)
252         || !hextobn(dsa_q_hex, &q)
253         || !hextobn(dsa_g_hex, &g)
254         || !hextobn(dsa_pub_hex, &pub)
255         || !hextobn(dsa_priv_hex, &priv))
256         goto err;
257
258     OSSL_PARAM_BLD_init(&bld);
259     if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
260         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
261         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
262         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
263         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
264         goto err;
265     params = OSSL_PARAM_BLD_to_param(&bld);
266
267     /* Create a EVP_PKEY_CTX to load the DSA key into */
268     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
269     if (kctx == NULL || params == NULL)
270         goto err;
271     if (EVP_PKEY_key_fromdata_init(kctx) <= 0
272         || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
273         goto err;
274
275     /* Create a EVP_PKEY_CTX to use for the signing operation */
276     sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
277     if (sctx == NULL
278         || EVP_PKEY_sign_init(sctx) <= 0)
279         goto err;
280
281     /* set signature parameters */
282     OSSL_PARAM_BLD_init(&bld);
283     if (!OSSL_PARAM_BLD_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
284                                          SN_sha256,strlen(SN_sha256) + 1))
285         goto err;
286     params_sig = OSSL_PARAM_BLD_to_param(&bld);
287     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
288         goto err;
289
290     if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
291         || EVP_PKEY_verify_init(sctx) <= 0
292         || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
293         goto err;
294     ret = 1;
295 err:
296     OSSL_PARAM_BLD_free(params);
297     OSSL_PARAM_BLD_free(params_sig);
298     BN_free(p);
299     BN_free(q);
300     BN_free(g);
301     BN_free(pub);
302     BN_free(priv);
303     EVP_PKEY_free(pkey);
304     EVP_PKEY_CTX_free(kctx);
305     EVP_PKEY_CTX_free(sctx);
306     return ret;
307 }
308 #endif /* OPENSSL_NO_DSA */
309
310 #ifndef OPENSSL_NO_DH
311 static int dh_key_exchange_test(OPENSSL_CTX *libctx)
312 {
313     int ret = 0;
314     BIGNUM *p = NULL, *q = NULL, *g = NULL;
315     BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
316     unsigned char *kat_secret = NULL;
317     EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
318     EVP_PKEY *pkey = NULL, *peerkey = NULL;
319     OSSL_PARAM *params = NULL;
320     OSSL_PARAM *params_peer = NULL;
321     unsigned char secret[256];
322     size_t secret_len, kat_secret_len = 0;
323     OSSL_PARAM_BLD bld;
324
325     /* DH KAT */
326     static const char *dh_p_hex[] = {
327         "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
328         "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
329         "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
330         "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
331         "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
332         "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
333         "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
334         "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
335         NULL
336     };
337     static const char *dh_q_hex[] = {
338         "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
339         NULL
340     };
341     static const char *dh_g_hex[] = {
342         "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
343         "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
344         "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
345         "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
346         "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
347         "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
348         "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
349         "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
350         "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
351         "ea115c32",
352         NULL
353     };
354     static const char *dh_priv_hex[] = {
355         "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
356         NULL
357     };
358     static const char *dh_pub_hex[] = {
359         "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
360         "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
361         "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
362         "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
363         "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
364         "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
365         "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
366         "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
367         "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
368         "959c91d3",
369         NULL
370     };
371     static const char *dh_peer_pub_hex[] = {
372         "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
373         "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
374         "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
375         "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
376         "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
377         "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
378         "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
379         "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
380         "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
381         "f17ff48b",
382         NULL
383     };
384     static const char *dh_secret_exptd_hex[] = {
385         "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
386         "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
387         "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
388         "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
389         "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
390         "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
391         "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
392         "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
393         "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
394         "7d98eaf6",
395         NULL
396     };
397
398     if (!hextobn(dh_p_hex, &p)
399         || !hextobn(dh_q_hex, &q)
400         || !hextobn(dh_g_hex, &g)
401         || !hextobn(dh_pub_hex, &pub)
402         || !hextobn(dh_priv_hex, &priv)
403         || !hextobn(dh_peer_pub_hex, &pub_peer)
404         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
405         goto err;
406
407     OSSL_PARAM_BLD_init(&bld);
408     if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
409         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
410         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
411         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
412         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
413         goto err;
414     params = OSSL_PARAM_BLD_to_param(&bld);
415
416     OSSL_PARAM_BLD_init(&bld);
417     if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
418         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
419         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
420         || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
421         goto err;
422
423     params_peer = OSSL_PARAM_BLD_to_param(&bld);
424     if (params == NULL || params_peer == NULL)
425         goto err;
426
427     /* Create a EVP_PKEY_CTX to load the DH keys into */
428     kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
429     if (kactx == NULL)
430         goto err;
431     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
432         || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
433         goto err;
434     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
435         || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
436         goto err;
437
438     /* Create a EVP_PKEY_CTX to perform key derivation */
439     dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
440     if (dctx == NULL)
441         goto err;
442
443     if (EVP_PKEY_derive_init(dctx) <= 0
444         || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
445         || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
446         goto err;
447
448     if (secret_len != kat_secret_len
449         || memcmp(secret, kat_secret, secret_len) != 0)
450         goto err;
451     ret = 1;
452 err:
453     OSSL_PARAM_BLD_free(params_peer);
454     OSSL_PARAM_BLD_free(params);
455     BN_free(p);
456     BN_free(q);
457     BN_free(g);
458     BN_free(pub);
459     BN_free(priv);
460     BN_free(pub_peer);
461     OPENSSL_free(kat_secret);
462     EVP_PKEY_free(pkey);
463     EVP_PKEY_free(peerkey);
464     EVP_PKEY_CTX_free(kactx);
465     EVP_PKEY_CTX_free(dctx);
466     return ret;
467 }
468 #endif /* OPENSSL_NO_DH */
469
470 /* TODO(3.0): To be removed */
471 static int dummy_evp_call(void *provctx)
472 {
473     OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
474     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
475     EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
476     EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
477     unsigned char dgst[SHA256_DIGEST_LENGTH];
478     unsigned int dgstlen;
479     int ret = 0;
480     BN_CTX *bnctx = NULL;
481     BIGNUM *a = NULL, *b = NULL;
482     unsigned char randbuf[128];
483     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
484 #ifndef OPENSSL_NO_EC
485     EC_KEY *key = NULL;
486 #endif
487
488     static const char msg[] = "Hello World!";
489     static const unsigned char exptd[] = {
490         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
491         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
492         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
493     };
494
495     if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
496         goto err;
497
498     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
499         goto err;
500     if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
501         goto err;
502     if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
503         goto err;
504     if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
505         goto err;
506
507     bnctx = BN_CTX_new_ex(libctx);
508     if (bnctx == NULL)
509         goto err;
510     BN_CTX_start(bnctx);
511     a = BN_CTX_get(bnctx);
512     b = BN_CTX_get(bnctx);
513     if (b == NULL)
514         goto err;
515     BN_zero(a);
516     if (!BN_one(b)
517         || !BN_add(a, a, b)
518         || BN_cmp(a, b) != 0)
519         goto err;
520
521     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
522         goto err;
523
524     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
525         goto err;
526
527 #ifndef OPENSSL_NO_EC
528     /* Do some dummy EC calls */
529     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
530     if (key == NULL)
531         goto err;
532
533     if (!EC_KEY_generate_key(key))
534         goto err;
535 #endif
536
537 #ifndef OPENSSL_NO_DSA
538     if (!dsa_key_signature_test(libctx))
539         goto err;
540 #endif
541
542 #ifndef OPENSSL_NO_DH
543     if (!dh_key_exchange_test(libctx))
544         goto err;
545 #endif /* OPENSSL_NO_DH */
546
547     ret = 1;
548  err:
549     BN_CTX_end(bnctx);
550     BN_CTX_free(bnctx);
551
552     EVP_KDF_free(kdf);
553     EVP_MD_CTX_free(ctx);
554     EVP_MD_free(sha256);
555
556 #ifndef OPENSSL_NO_EC
557     EC_KEY_free(key);
558 #endif
559     return ret;
560 }
561
562 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
563 {
564     return fips_param_types;
565 }
566
567 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
568 {
569     OSSL_PARAM *p;
570
571     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
572     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
573         return 0;
574     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
575     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
576         return 0;
577     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
578     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
579         return 0;
580
581     return 1;
582 }
583
584 /* FIPS specific version of the function of the same name in provlib.c */
585 const char *ossl_prov_util_nid_to_name(int nid)
586 {
587     /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
588
589     switch (nid) {
590     /* Digests */
591     case NID_sha1:
592         return "SHA1";
593     case NID_sha224:
594         return "SHA-224";
595     case NID_sha256:
596         return "SHA-256";
597     case NID_sha384:
598         return "SHA-384";
599     case NID_sha512:
600         return "SHA-512";
601     case NID_sha512_224:
602         return "SHA-512/224";
603     case NID_sha512_256:
604         return "SHA-512/256";
605     case NID_sha3_224:
606         return "SHA3-224";
607     case NID_sha3_256:
608         return "SHA3-256";
609     case NID_sha3_384:
610         return "SHA3-384";
611     case NID_sha3_512:
612         return "SHA3-512";
613
614     /* Ciphers */
615     case NID_aes_256_ecb:
616         return "AES-256-ECB";
617     case NID_aes_192_ecb:
618         return "AES-192-ECB";
619     case NID_aes_128_ecb:
620         return "AES-128-ECB";
621     case NID_aes_256_cbc:
622         return "AES-256-CBC";
623     case NID_aes_192_cbc:
624         return "AES-192-CBC";
625     case NID_aes_128_cbc:
626         return "AES-128-CBC";
627     case NID_aes_256_ctr:
628         return "AES-256-CTR";
629     case NID_aes_192_ctr:
630         return "AES-192-CTR";
631     case NID_aes_128_ctr:
632         return "AES-128-CTR";
633     case NID_aes_256_xts:
634         return "AES-256-XTS";
635     case NID_aes_128_xts:
636         return "AES-128-XTS";
637     case NID_aes_256_gcm:
638         return "AES-256-GCM";
639     case NID_aes_192_gcm:
640         return "AES-192-GCM";
641     case NID_aes_128_gcm:
642         return "AES-128-GCM";
643     case NID_aes_256_ccm:
644         return "AES-256-CCM";
645     case NID_aes_192_ccm:
646         return "AES-192-CCM";
647     case NID_aes_128_ccm:
648         return "AES-128-CCM";
649     case NID_id_aes256_wrap:
650         return "AES-256-WRAP";
651     case NID_id_aes192_wrap:
652         return "AES-192-WRAP";
653     case NID_id_aes128_wrap:
654         return "AES-128-WRAP";
655     case NID_id_aes256_wrap_pad:
656         return "AES-256-WRAP-PAD";
657     case NID_id_aes192_wrap_pad:
658         return "AES-192-WRAP-PAD";
659     case NID_id_aes128_wrap_pad:
660         return "AES-128-WRAP-PAD";
661     case NID_des_ede3_ecb:
662         return "DES-EDE3";
663     case NID_des_ede3_cbc:
664         return "DES-EDE3-CBC";
665     case NID_aes_256_cbc_hmac_sha256:
666         return "AES-256-CBC-HMAC-SHA256";
667     case NID_aes_128_cbc_hmac_sha256:
668         return "AES-128-CBC-HMAC-SHA256";
669     case NID_aes_256_cbc_hmac_sha1:
670         return "AES-256-CBC-HMAC-SHA1";
671     case NID_aes_128_cbc_hmac_sha1:
672         return "AES-128-CBC-HMAC-SHA1";
673     default:
674         break;
675     }
676
677     return NULL;
678 }
679
680 /*
681  * For the algorithm names, we use the following formula for our primary
682  * names:
683  *
684  *     ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
685  *
686  *     VERSION is only present if there are multiple versions of
687  *     an alg (MD2, MD4, MD5).  It may be omitted if there is only
688  *     one version (if a subsequent version is released in the future,
689  *     we can always change the canonical name, and add the old name
690  *     as an alias).
691  *
692  *     SUBNAME may be present where we are combining multiple
693  *     algorithms together, e.g. MD5-SHA1.
694  *
695  *     SIZE is only present if multiple versions of an algorithm exist
696  *     with different sizes (e.g. AES-128-CBC, AES-256-CBC)
697  *
698  *     MODE is only present where applicable.
699  *
700  * We add diverse other names where applicable, such as the names that
701  * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
702  * we have used historically.
703  */
704 static const OSSL_ALGORITHM fips_digests[] = {
705     /* Our primary name:NiST name[:our older names] */
706     { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
707     { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
708     { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
709     { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
710     { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
711     { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
712       sha512_224_functions },
713     { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
714       sha512_256_functions },
715
716     /* We agree with NIST here, so one name only */
717     { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
718     { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
719     { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
720     { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
721     /*
722      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
723      * KMAC128 and KMAC256.
724      */
725     { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions },
726     { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions },
727
728     { NULL, NULL, NULL }
729 };
730
731 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
732     /* Our primary name[:ASN.1 OID name][:our older names] */
733     ALG("AES-256-ECB", aes256ecb_functions),
734     ALG("AES-192-ECB", aes192ecb_functions),
735     ALG("AES-128-ECB", aes128ecb_functions),
736     ALG("AES-256-CBC", aes256cbc_functions),
737     ALG("AES-192-CBC", aes192cbc_functions),
738     ALG("AES-128-CBC", aes128cbc_functions),
739     ALG("AES-256-CTR", aes256ctr_functions),
740     ALG("AES-192-CTR", aes192ctr_functions),
741     ALG("AES-128-CTR", aes128ctr_functions),
742     ALG("AES-256-XTS", aes256xts_functions),
743     ALG("AES-128-XTS", aes128xts_functions),
744     ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
745     ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
746     ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
747     ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
748     ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
749     ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
750     ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
751     ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
752     ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
753     ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
754         aes256wrappad_functions),
755     ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
756         aes192wrappad_functions),
757     ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
758         aes128wrappad_functions),
759     ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
760          cipher_capable_aes_cbc_hmac_sha1),
761     ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
762          cipher_capable_aes_cbc_hmac_sha1),
763     ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
764          cipher_capable_aes_cbc_hmac_sha256),
765     ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
766          cipher_capable_aes_cbc_hmac_sha256),
767 #ifndef OPENSSL_NO_DES
768     ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
769     ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
770 #endif  /* OPENSSL_NO_DES */
771     { { NULL, NULL, NULL }, NULL }
772 };
773 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
774
775 static const OSSL_ALGORITHM fips_macs[] = {
776 #ifndef OPENSSL_NO_CMAC
777     { "CMAC", "provider=fips,fips=yes", cmac_functions },
778 #endif
779     { "GMAC", "provider=fips,fips=yes", gmac_functions },
780     { "HMAC", "provider=fips,fips=yes", hmac_functions },
781     { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
782     { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
783     { NULL, NULL, NULL }
784 };
785
786 static const OSSL_ALGORITHM fips_kdfs[] = {
787     { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
788     { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
789     { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
790     { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
791     { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
792     { NULL, NULL, NULL }
793 };
794
795 static const OSSL_ALGORITHM fips_keyexch[] = {
796 #ifndef OPENSSL_NO_DH
797     { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
798 #endif
799 #ifndef OPENSSL_NO_EC
800     { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
801 #endif
802     { NULL, NULL, NULL }
803 };
804
805 static const OSSL_ALGORITHM fips_signature[] = {
806 #ifndef OPENSSL_NO_DSA
807     { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
808 #endif
809     { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
810 #ifndef OPENSSL_NO_EC
811     { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
812 #endif
813     { NULL, NULL, NULL }
814 };
815
816 static const OSSL_ALGORITHM fips_asym_cipher[] = {
817     { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
818     { NULL, NULL, NULL }
819 };
820
821 static const OSSL_ALGORITHM fips_keymgmt[] = {
822 #ifndef OPENSSL_NO_DH
823     { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
824 #endif
825 #ifndef OPENSSL_NO_DSA
826     { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
827 #endif
828     { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
829 #ifndef OPENSSL_NO_EC
830     { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
831 #endif
832     { NULL, NULL, NULL }
833 };
834
835 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
836                                          int operation_id,
837                                          int *no_cache)
838 {
839     *no_cache = 0;
840     switch (operation_id) {
841     case OSSL_OP_DIGEST:
842         return fips_digests;
843     case OSSL_OP_CIPHER:
844         ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
845         return exported_fips_ciphers;
846     case OSSL_OP_MAC:
847         return fips_macs;
848     case OSSL_OP_KDF:
849         return fips_kdfs;
850     case OSSL_OP_KEYMGMT:
851         return fips_keymgmt;
852     case OSSL_OP_KEYEXCH:
853         return fips_keyexch;
854     case OSSL_OP_SIGNATURE:
855         return fips_signature;
856     case OSSL_OP_ASYM_CIPHER:
857         return fips_asym_cipher;
858     }
859     return NULL;
860 }
861
862 /* Functions we provide to the core */
863 static const OSSL_DISPATCH fips_dispatch_table[] = {
864     /*
865      * To release our resources we just need to free the OPENSSL_CTX so we just
866      * use OPENSSL_CTX_free directly as our teardown function
867      */
868     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
869     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
870     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
871     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
872     { 0, NULL }
873 };
874
875 /* Functions we provide to ourself */
876 static const OSSL_DISPATCH intern_dispatch_table[] = {
877     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
878     { 0, NULL }
879 };
880
881
882 int OSSL_provider_init(const OSSL_PROVIDER *provider,
883                        const OSSL_DISPATCH *in,
884                        const OSSL_DISPATCH **out,
885                        void **provctx)
886 {
887     FIPS_GLOBAL *fgbl;
888     OPENSSL_CTX *ctx;
889     OSSL_self_test_cb_fn *stcbfn = NULL;
890     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
891
892     for (; in->function_id != 0; in++) {
893         switch (in->function_id) {
894         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
895             c_get_libctx = OSSL_get_core_get_library_context(in);
896             break;
897         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
898             c_gettable_params = OSSL_get_core_gettable_params(in);
899             break;
900         case OSSL_FUNC_CORE_GET_PARAMS:
901             c_get_params = OSSL_get_core_get_params(in);
902             break;
903         case OSSL_FUNC_CORE_THREAD_START:
904             c_thread_start = OSSL_get_core_thread_start(in);
905             break;
906         case OSSL_FUNC_CORE_NEW_ERROR:
907             c_new_error = OSSL_get_core_new_error(in);
908             break;
909         case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
910             c_set_error_debug = OSSL_get_core_set_error_debug(in);
911             break;
912         case OSSL_FUNC_CORE_VSET_ERROR:
913             c_vset_error = OSSL_get_core_vset_error(in);
914             break;
915         case OSSL_FUNC_CORE_SET_ERROR_MARK:
916             c_set_error_mark = OSSL_get_core_set_error_mark(in);
917             break;
918         case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
919             c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
920             break;
921         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
922             c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
923             break;
924         case OSSL_FUNC_CRYPTO_MALLOC:
925             c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
926             break;
927         case OSSL_FUNC_CRYPTO_ZALLOC:
928             c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
929             break;
930         case OSSL_FUNC_CRYPTO_FREE:
931             c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
932             break;
933         case OSSL_FUNC_CRYPTO_CLEAR_FREE:
934             c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
935             break;
936         case OSSL_FUNC_CRYPTO_REALLOC:
937             c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
938             break;
939         case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
940             c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
941             break;
942         case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
943             c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
944             break;
945         case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
946             c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
947             break;
948         case OSSL_FUNC_CRYPTO_SECURE_FREE:
949             c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
950             break;
951         case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
952             c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
953             break;
954         case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
955             c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
956             break;
957         case OSSL_FUNC_BIO_NEW_FILE:
958             selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
959             break;
960         case OSSL_FUNC_BIO_NEW_MEMBUF:
961             selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
962             break;
963         case OSSL_FUNC_BIO_READ_EX:
964             selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
965             break;
966         case OSSL_FUNC_BIO_FREE:
967             selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
968             break;
969         case OSSL_FUNC_BIO_VSNPRINTF:
970             c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
971             break;
972         case OSSL_FUNC_SELF_TEST_CB: {
973             stcbfn = OSSL_get_self_test_cb(in);
974             break;
975         }
976         default:
977             /* Just ignore anything we don't understand */
978             break;
979         }
980     }
981
982     if (stcbfn != NULL && c_get_libctx != NULL) {
983         stcbfn(c_get_libctx(provider), &selftest_params.cb,
984                &selftest_params.cb_arg);
985     }
986     else {
987         selftest_params.cb = NULL;
988         selftest_params.cb_arg = NULL;
989     }
990
991     if (!c_get_params(provider, core_params))
992         return 0;
993
994     /*  Create a context. */
995     if ((ctx = OPENSSL_CTX_new()) == NULL)
996         return 0;
997     if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
998                                      &fips_prov_ossl_ctx_method)) == NULL) {
999         OPENSSL_CTX_free(ctx);
1000         return 0;
1001     }
1002
1003     fgbl->prov = provider;
1004
1005     selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
1006     if (!SELF_TEST_post(&selftest_params, 0)) {
1007         OPENSSL_CTX_free(ctx);
1008         return 0;
1009     }
1010
1011     /*
1012      * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
1013      * EVP calls from within the FIPS module.
1014      */
1015     if (!dummy_evp_call(ctx)) {
1016         OPENSSL_CTX_free(ctx);
1017         return 0;
1018     }
1019
1020     *out = fips_dispatch_table;
1021     *provctx = ctx;
1022
1023     return 1;
1024 }
1025
1026 /*
1027  * The internal init function used when the FIPS module uses EVP to call
1028  * another algorithm also in the FIPS module. This is a recursive call that has
1029  * been made from within the FIPS module itself. To make this work, we populate
1030  * the provider context of this inner instance with the same library context
1031  * that was used in the EVP call that initiated this recursive call.
1032  */
1033 OSSL_provider_init_fn fips_intern_provider_init;
1034 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
1035                               const OSSL_DISPATCH *in,
1036                               const OSSL_DISPATCH **out,
1037                               void **provctx)
1038 {
1039     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
1040
1041     for (; in->function_id != 0; in++) {
1042         switch (in->function_id) {
1043         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
1044             c_get_libctx = OSSL_get_core_get_library_context(in);
1045             break;
1046         default:
1047             break;
1048         }
1049     }
1050
1051     if (c_get_libctx == NULL)
1052         return 0;
1053
1054     *provctx = c_get_libctx(provider);
1055
1056     /*
1057      * Safety measure...  we should get the library context that was
1058      * created up in OSSL_provider_init().
1059      */
1060     if (*provctx == NULL)
1061         return 0;
1062
1063     *out = intern_dispatch_table;
1064     return 1;
1065 }
1066
1067 void ERR_new(void)
1068 {
1069     c_new_error(NULL);
1070 }
1071
1072 void ERR_set_debug(const char *file, int line, const char *func)
1073 {
1074     c_set_error_debug(NULL, file, line, func);
1075 }
1076
1077 void ERR_set_error(int lib, int reason, const char *fmt, ...)
1078 {
1079     va_list args;
1080
1081     va_start(args, fmt);
1082     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1083     va_end(args);
1084 }
1085
1086 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
1087 {
1088     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1089 }
1090
1091 int ERR_set_mark(void)
1092 {
1093     return c_set_error_mark(NULL);
1094 }
1095
1096 int ERR_clear_last_mark(void)
1097 {
1098     return c_clear_last_error_mark(NULL);
1099 }
1100
1101 int ERR_pop_to_mark(void)
1102 {
1103     return c_pop_error_to_mark(NULL);
1104 }
1105
1106 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
1107 {
1108     FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
1109                                              &fips_prov_ossl_ctx_method);
1110
1111     if (fgbl == NULL)
1112         return NULL;
1113
1114     return fgbl->prov;
1115 }
1116
1117 void *CRYPTO_malloc(size_t num, const char *file, int line)
1118 {
1119     return c_CRYPTO_malloc(num, file, line);
1120 }
1121
1122 void *CRYPTO_zalloc(size_t num, const char *file, int line)
1123 {
1124     return c_CRYPTO_zalloc(num, file, line);
1125 }
1126
1127 void CRYPTO_free(void *ptr, const char *file, int line)
1128 {
1129     c_CRYPTO_free(ptr, file, line);
1130 }
1131
1132 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
1133 {
1134     c_CRYPTO_clear_free(ptr, num, file, line);
1135 }
1136
1137 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
1138 {
1139     return c_CRYPTO_realloc(addr, num, file, line);
1140 }
1141
1142 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
1143                            const char *file, int line)
1144 {
1145     return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
1146 }
1147
1148 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
1149 {
1150     return c_CRYPTO_secure_malloc(num, file, line);
1151 }
1152
1153 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
1154 {
1155     return c_CRYPTO_secure_zalloc(num, file, line);
1156 }
1157
1158 void CRYPTO_secure_free(void *ptr, const char *file, int line)
1159 {
1160     c_CRYPTO_secure_free(ptr, file, line);
1161 }
1162
1163 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
1164 {
1165     c_CRYPTO_secure_clear_free(ptr, num, file, line);
1166 }
1167
1168 int CRYPTO_secure_allocated(const void *ptr)
1169 {
1170     return c_CRYPTO_secure_allocated(ptr);
1171 }
1172
1173 int BIO_snprintf(char *buf, size_t n, const char *format, ...)
1174 {
1175     va_list args;
1176     int ret;
1177
1178     va_start(args, format);
1179     ret = c_BIO_vsnprintf(buf, n, format, args);
1180     va_end(args);
1181     return ret;
1182 }