Param build: make structures opaque.
[openssl.git] / providers / fips / fipsprov.c
1 /*
2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <string.h>
11 #include <stdio.h>
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
19
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
25
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/nelem.h"
29 #include "openssl/param_build.h"
30 #include "crypto/evp.h"
31 #include "prov/implementations.h"
32 #include "prov/provider_ctx.h"
33 #include "prov/providercommon.h"
34 #include "prov/provider_util.h"
35 #include "self_test.h"
36
37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
39
40 extern OSSL_core_thread_start_fn *c_thread_start;
41
42 /*
43  * TODO(3.0): Should these be stored in the provider side provctx? Could they
44  * ever be different from one init to the next? Unfortunately we can't do this
45  * at the moment because c_put_error/c_add_error_vdata do not provide
46  * us with the OPENSSL_CTX as a parameter.
47  */
48
49 static SELF_TEST_POST_PARAMS selftest_params;
50
51 /* Functions provided by the core */
52 static OSSL_core_gettable_params_fn *c_gettable_params;
53 static OSSL_core_get_params_fn *c_get_params;
54 OSSL_core_thread_start_fn *c_thread_start;
55 static OSSL_core_new_error_fn *c_new_error;
56 static OSSL_core_set_error_debug_fn *c_set_error_debug;
57 static OSSL_core_vset_error_fn *c_vset_error;
58 static OSSL_core_set_error_mark_fn *c_set_error_mark;
59 static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
60 static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
61 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
62 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
63 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
64 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
65 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
66 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
67 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
68 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
69 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
70 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
71 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
72 static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
73
74 typedef struct fips_global_st {
75     const OSSL_PROVIDER *prov;
76 } FIPS_GLOBAL;
77
78 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
79 {
80     FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
81
82     return fgbl;
83 }
84
85 static void fips_prov_ossl_ctx_free(void *fgbl)
86 {
87     OPENSSL_free(fgbl);
88 }
89
90 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
91     fips_prov_ossl_ctx_new,
92     fips_prov_ossl_ctx_free,
93 };
94
95
96 /* Parameters we provide to the core */
97 static const OSSL_PARAM fips_param_types[] = {
98     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
99     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
100     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
101     OSSL_PARAM_END
102 };
103
104 /*
105  * Parameters to retrieve from the core provider - required for self testing.
106  * NOTE: inside core_get_params() these will be loaded from config items
107  * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
108  */
109 static OSSL_PARAM core_params[] =
110 {
111     OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
112                         selftest_params.module_filename,
113                         sizeof(selftest_params.module_filename)),
114     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
115                         selftest_params.module_checksum_data,
116                         sizeof(selftest_params.module_checksum_data)),
117     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
118                         selftest_params.indicator_checksum_data,
119                         sizeof(selftest_params.indicator_checksum_data)),
120     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
121                         selftest_params.indicator_data,
122                         sizeof(selftest_params.indicator_data)),
123     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
124                         selftest_params.indicator_version,
125                         sizeof(selftest_params.indicator_version)),
126     OSSL_PARAM_END
127 };
128
129 /*
130  * Convert a string into a bignumber.
131  * The array of hex_data is used to get around compilers that dont like
132  * strings longer than 509 bytes,
133  */
134 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
135 static int hextobn(const char *hex_data[], BIGNUM **bn)
136 {
137     int ret = 0;
138     int i, slen;
139     char *str = NULL;
140
141     /* Get the total length of the strings */
142     for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
143         slen += strlen(hex_data[i]);
144
145     /* Add 1 for the string terminator */
146     str = OPENSSL_zalloc(slen + 1);
147     if (str == NULL)
148         return 0;
149
150     /* join the strings together into 1 buffer */
151     for (i = 0; hex_data[i] != NULL; ++i)
152         strcat(str, hex_data[i]);
153
154     if (BN_hex2bn(bn, str) <= 0)
155         goto err;
156     ret = 1;
157 err:
158     OPENSSL_free(str);
159     return ret;
160 }
161 #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
162
163 #ifndef OPENSSL_NO_DH
164 static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
165 {
166     int ret = 0, sz;
167     BIGNUM *bn = NULL;
168     unsigned char *buf = NULL;
169
170     if (!hextobn(hex_data, &bn))
171         return 0;
172     sz = BN_num_bytes(bn);
173     buf = OPENSSL_zalloc(sz);
174     if (buf == NULL)
175         goto err;
176     if (BN_bn2binpad(bn, buf, sz) <= 0)
177         goto err;
178
179     *out = buf;
180     *len = sz;
181     buf = NULL; /* Set to NULL so it is not freed */
182     ret = 1;
183 err:
184     OPENSSL_free(buf);
185     BN_free(bn);
186     return ret;
187 }
188 #endif
189
190 #ifndef OPENSSL_NO_DSA
191 static int dsa_key_signature_test(OPENSSL_CTX *libctx)
192 {
193     int ret = 0;
194     BIGNUM *p = NULL, *q = NULL, *g = NULL;
195     BIGNUM *pub = NULL, *priv = NULL;
196     OSSL_PARAM *params = NULL, *params_sig = NULL;
197     OSSL_PARAM_BLD *bld = NULL;
198     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
199     EVP_PKEY *pkey = NULL;
200     unsigned char sig[64];
201     size_t siglen;
202
203     static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
204         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
205         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
206         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
207     };
208     /* dsa 2048 */
209     static const char *dsa_p_hex[] = {
210         "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
211         "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
212         "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
213         "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
214         "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
215         "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
216         "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
217         "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
218          NULL
219     };
220     static const char *dsa_q_hex[] = {
221         "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
222         NULL
223     };
224     static const char *dsa_g_hex[] = {
225         "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
226         "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
227         "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
228         "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
229         "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
230         "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
231         "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
232         "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
233         NULL
234     };
235     static const char *dsa_pub_hex[] = {
236         "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
237         "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
238         "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
239         "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
240         "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
241         "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
242         "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
243         "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
244         NULL
245     };
246     static const char *dsa_priv_hex[] = {
247         "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
248         NULL
249     };
250
251     if (!hextobn(dsa_p_hex, &p)
252         || !hextobn(dsa_q_hex, &q)
253         || !hextobn(dsa_g_hex, &g)
254         || !hextobn(dsa_pub_hex, &pub)
255         || !hextobn(dsa_priv_hex, &priv))
256         goto err;
257
258     bld = OSSL_PARAM_BLD_new();
259     if (bld == NULL
260         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
261         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
262         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
263         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
264         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
265         goto err;
266     params = OSSL_PARAM_BLD_to_param(bld);
267
268     /* Create a EVP_PKEY_CTX to load the DSA key into */
269     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
270     if (kctx == NULL || params == NULL)
271         goto err;
272     if (EVP_PKEY_key_fromdata_init(kctx) <= 0
273         || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
274         goto err;
275
276     /* Create a EVP_PKEY_CTX to use for the signing operation */
277     sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
278     if (sctx == NULL
279         || EVP_PKEY_sign_init(sctx) <= 0)
280         goto err;
281
282     /* set signature parameters */
283     if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
284                                          SN_sha256,strlen(SN_sha256) + 1))
285         goto err;
286     params_sig = OSSL_PARAM_BLD_to_param(bld);
287     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
288         goto err;
289
290     if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
291         || EVP_PKEY_verify_init(sctx) <= 0
292         || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
293         goto err;
294     ret = 1;
295 err:
296     OSSL_PARAM_BLD_free_params(params);
297     OSSL_PARAM_BLD_free_params(params_sig);
298     OSSL_PARAM_BLD_free(bld);
299     BN_free(p);
300     BN_free(q);
301     BN_free(g);
302     BN_free(pub);
303     BN_free(priv);
304     EVP_PKEY_free(pkey);
305     EVP_PKEY_CTX_free(kctx);
306     EVP_PKEY_CTX_free(sctx);
307     return ret;
308 }
309 #endif /* OPENSSL_NO_DSA */
310
311 #ifndef OPENSSL_NO_DH
312 static int dh_key_exchange_test(OPENSSL_CTX *libctx)
313 {
314     int ret = 0;
315     BIGNUM *p = NULL, *q = NULL, *g = NULL;
316     BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
317     unsigned char *kat_secret = NULL;
318     EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
319     EVP_PKEY *pkey = NULL, *peerkey = NULL;
320     OSSL_PARAM *params = NULL;
321     OSSL_PARAM *params_peer = NULL;
322     unsigned char secret[256];
323     size_t secret_len, kat_secret_len = 0;
324     OSSL_PARAM_BLD *bld = NULL;
325
326     /* DH KAT */
327     static const char *dh_p_hex[] = {
328         "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
329         "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
330         "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
331         "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
332         "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
333         "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
334         "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
335         "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
336         NULL
337     };
338     static const char *dh_q_hex[] = {
339         "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
340         NULL
341     };
342     static const char *dh_g_hex[] = {
343         "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
344         "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
345         "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
346         "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
347         "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
348         "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
349         "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
350         "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
351         "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
352         "ea115c32",
353         NULL
354     };
355     static const char *dh_priv_hex[] = {
356         "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
357         NULL
358     };
359     static const char *dh_pub_hex[] = {
360         "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
361         "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
362         "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
363         "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
364         "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
365         "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
366         "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
367         "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
368         "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
369         "959c91d3",
370         NULL
371     };
372     static const char *dh_peer_pub_hex[] = {
373         "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
374         "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
375         "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
376         "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
377         "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
378         "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
379         "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
380         "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
381         "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
382         "f17ff48b",
383         NULL
384     };
385     static const char *dh_secret_exptd_hex[] = {
386         "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
387         "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
388         "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
389         "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
390         "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
391         "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
392         "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
393         "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
394         "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
395         "7d98eaf6",
396         NULL
397     };
398
399     if (!hextobn(dh_p_hex, &p)
400         || !hextobn(dh_q_hex, &q)
401         || !hextobn(dh_g_hex, &g)
402         || !hextobn(dh_pub_hex, &pub)
403         || !hextobn(dh_priv_hex, &priv)
404         || !hextobn(dh_peer_pub_hex, &pub_peer)
405         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
406         goto err;
407
408     bld = OSSL_PARAM_BLD_new();
409     if (bld == NULL
410         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
411         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
412         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
413         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
414         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
415         goto err;
416     params = OSSL_PARAM_BLD_to_param(bld);
417
418     if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
419         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
420         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
421         || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
422         goto err;
423
424     params_peer = OSSL_PARAM_BLD_to_param(bld);
425     if (params == NULL || params_peer == NULL)
426         goto err;
427
428     /* Create a EVP_PKEY_CTX to load the DH keys into */
429     kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
430     if (kactx == NULL)
431         goto err;
432     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
433         || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
434         goto err;
435     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
436         || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
437         goto err;
438
439     /* Create a EVP_PKEY_CTX to perform key derivation */
440     dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
441     if (dctx == NULL)
442         goto err;
443
444     if (EVP_PKEY_derive_init(dctx) <= 0
445         || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
446         || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
447         goto err;
448
449     if (secret_len != kat_secret_len
450         || memcmp(secret, kat_secret, secret_len) != 0)
451         goto err;
452     ret = 1;
453 err:
454     OSSL_PARAM_BLD_free(bld);
455     OSSL_PARAM_BLD_free_params(params_peer);
456     OSSL_PARAM_BLD_free_params(params);
457     BN_free(p);
458     BN_free(q);
459     BN_free(g);
460     BN_free(pub);
461     BN_free(priv);
462     BN_free(pub_peer);
463     OPENSSL_free(kat_secret);
464     EVP_PKEY_free(pkey);
465     EVP_PKEY_free(peerkey);
466     EVP_PKEY_CTX_free(kactx);
467     EVP_PKEY_CTX_free(dctx);
468     return ret;
469 }
470 #endif /* OPENSSL_NO_DH */
471
472 /* TODO(3.0): To be removed */
473 static int dummy_evp_call(void *provctx)
474 {
475     OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
476     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
477     EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
478     EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
479     unsigned char dgst[SHA256_DIGEST_LENGTH];
480     unsigned int dgstlen;
481     int ret = 0;
482     BN_CTX *bnctx = NULL;
483     BIGNUM *a = NULL, *b = NULL;
484     unsigned char randbuf[128];
485     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
486 #ifndef OPENSSL_NO_EC
487     EC_KEY *key = NULL;
488 #endif
489
490     static const char msg[] = "Hello World!";
491     static const unsigned char exptd[] = {
492         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
493         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
494         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
495     };
496
497     if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
498         goto err;
499
500     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
501         goto err;
502     if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
503         goto err;
504     if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
505         goto err;
506     if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
507         goto err;
508
509     bnctx = BN_CTX_new_ex(libctx);
510     if (bnctx == NULL)
511         goto err;
512     BN_CTX_start(bnctx);
513     a = BN_CTX_get(bnctx);
514     b = BN_CTX_get(bnctx);
515     if (b == NULL)
516         goto err;
517     BN_zero(a);
518     if (!BN_one(b)
519         || !BN_add(a, a, b)
520         || BN_cmp(a, b) != 0)
521         goto err;
522
523     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
524         goto err;
525
526     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
527         goto err;
528
529 #ifndef OPENSSL_NO_EC
530     /* Do some dummy EC calls */
531     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
532     if (key == NULL)
533         goto err;
534
535     if (!EC_KEY_generate_key(key))
536         goto err;
537 #endif
538
539 #ifndef OPENSSL_NO_DSA
540     if (!dsa_key_signature_test(libctx))
541         goto err;
542 #endif
543
544 #ifndef OPENSSL_NO_DH
545     if (!dh_key_exchange_test(libctx))
546         goto err;
547 #endif /* OPENSSL_NO_DH */
548
549     ret = 1;
550  err:
551     BN_CTX_end(bnctx);
552     BN_CTX_free(bnctx);
553
554     EVP_KDF_free(kdf);
555     EVP_MD_CTX_free(ctx);
556     EVP_MD_free(sha256);
557
558 #ifndef OPENSSL_NO_EC
559     EC_KEY_free(key);
560 #endif
561     return ret;
562 }
563
564 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
565 {
566     return fips_param_types;
567 }
568
569 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
570 {
571     OSSL_PARAM *p;
572
573     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
574     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
575         return 0;
576     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
577     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
578         return 0;
579     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
580     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
581         return 0;
582
583     return 1;
584 }
585
586 /* FIPS specific version of the function of the same name in provlib.c */
587 const char *ossl_prov_util_nid_to_name(int nid)
588 {
589     /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
590
591     switch (nid) {
592     /* Digests */
593     case NID_sha1:
594         return "SHA1";
595     case NID_sha224:
596         return "SHA-224";
597     case NID_sha256:
598         return "SHA-256";
599     case NID_sha384:
600         return "SHA-384";
601     case NID_sha512:
602         return "SHA-512";
603     case NID_sha512_224:
604         return "SHA-512/224";
605     case NID_sha512_256:
606         return "SHA-512/256";
607     case NID_sha3_224:
608         return "SHA3-224";
609     case NID_sha3_256:
610         return "SHA3-256";
611     case NID_sha3_384:
612         return "SHA3-384";
613     case NID_sha3_512:
614         return "SHA3-512";
615
616     /* Ciphers */
617     case NID_aes_256_ecb:
618         return "AES-256-ECB";
619     case NID_aes_192_ecb:
620         return "AES-192-ECB";
621     case NID_aes_128_ecb:
622         return "AES-128-ECB";
623     case NID_aes_256_cbc:
624         return "AES-256-CBC";
625     case NID_aes_192_cbc:
626         return "AES-192-CBC";
627     case NID_aes_128_cbc:
628         return "AES-128-CBC";
629     case NID_aes_256_ctr:
630         return "AES-256-CTR";
631     case NID_aes_192_ctr:
632         return "AES-192-CTR";
633     case NID_aes_128_ctr:
634         return "AES-128-CTR";
635     case NID_aes_256_xts:
636         return "AES-256-XTS";
637     case NID_aes_128_xts:
638         return "AES-128-XTS";
639     case NID_aes_256_gcm:
640         return "AES-256-GCM";
641     case NID_aes_192_gcm:
642         return "AES-192-GCM";
643     case NID_aes_128_gcm:
644         return "AES-128-GCM";
645     case NID_aes_256_ccm:
646         return "AES-256-CCM";
647     case NID_aes_192_ccm:
648         return "AES-192-CCM";
649     case NID_aes_128_ccm:
650         return "AES-128-CCM";
651     case NID_id_aes256_wrap:
652         return "AES-256-WRAP";
653     case NID_id_aes192_wrap:
654         return "AES-192-WRAP";
655     case NID_id_aes128_wrap:
656         return "AES-128-WRAP";
657     case NID_id_aes256_wrap_pad:
658         return "AES-256-WRAP-PAD";
659     case NID_id_aes192_wrap_pad:
660         return "AES-192-WRAP-PAD";
661     case NID_id_aes128_wrap_pad:
662         return "AES-128-WRAP-PAD";
663     case NID_des_ede3_ecb:
664         return "DES-EDE3";
665     case NID_des_ede3_cbc:
666         return "DES-EDE3-CBC";
667     case NID_aes_256_cbc_hmac_sha256:
668         return "AES-256-CBC-HMAC-SHA256";
669     case NID_aes_128_cbc_hmac_sha256:
670         return "AES-128-CBC-HMAC-SHA256";
671     case NID_aes_256_cbc_hmac_sha1:
672         return "AES-256-CBC-HMAC-SHA1";
673     case NID_aes_128_cbc_hmac_sha1:
674         return "AES-128-CBC-HMAC-SHA1";
675     default:
676         break;
677     }
678
679     return NULL;
680 }
681
682 /*
683  * For the algorithm names, we use the following formula for our primary
684  * names:
685  *
686  *     ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
687  *
688  *     VERSION is only present if there are multiple versions of
689  *     an alg (MD2, MD4, MD5).  It may be omitted if there is only
690  *     one version (if a subsequent version is released in the future,
691  *     we can always change the canonical name, and add the old name
692  *     as an alias).
693  *
694  *     SUBNAME may be present where we are combining multiple
695  *     algorithms together, e.g. MD5-SHA1.
696  *
697  *     SIZE is only present if multiple versions of an algorithm exist
698  *     with different sizes (e.g. AES-128-CBC, AES-256-CBC)
699  *
700  *     MODE is only present where applicable.
701  *
702  * We add diverse other names where applicable, such as the names that
703  * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
704  * we have used historically.
705  */
706 static const OSSL_ALGORITHM fips_digests[] = {
707     /* Our primary name:NiST name[:our older names] */
708     { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
709     { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
710     { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
711     { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
712     { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
713     { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
714       sha512_224_functions },
715     { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
716       sha512_256_functions },
717
718     /* We agree with NIST here, so one name only */
719     { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
720     { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
721     { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
722     { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
723     /*
724      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
725      * KMAC128 and KMAC256.
726      */
727     { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions },
728     { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions },
729
730     { NULL, NULL, NULL }
731 };
732
733 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
734     /* Our primary name[:ASN.1 OID name][:our older names] */
735     ALG("AES-256-ECB", aes256ecb_functions),
736     ALG("AES-192-ECB", aes192ecb_functions),
737     ALG("AES-128-ECB", aes128ecb_functions),
738     ALG("AES-256-CBC", aes256cbc_functions),
739     ALG("AES-192-CBC", aes192cbc_functions),
740     ALG("AES-128-CBC", aes128cbc_functions),
741     ALG("AES-256-CTR", aes256ctr_functions),
742     ALG("AES-192-CTR", aes192ctr_functions),
743     ALG("AES-128-CTR", aes128ctr_functions),
744     ALG("AES-256-XTS", aes256xts_functions),
745     ALG("AES-128-XTS", aes128xts_functions),
746     ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
747     ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
748     ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
749     ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
750     ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
751     ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
752     ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
753     ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
754     ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
755     ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
756         aes256wrappad_functions),
757     ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
758         aes192wrappad_functions),
759     ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
760         aes128wrappad_functions),
761     ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
762          cipher_capable_aes_cbc_hmac_sha1),
763     ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
764          cipher_capable_aes_cbc_hmac_sha1),
765     ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
766          cipher_capable_aes_cbc_hmac_sha256),
767     ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
768          cipher_capable_aes_cbc_hmac_sha256),
769 #ifndef OPENSSL_NO_DES
770     ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
771     ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
772 #endif  /* OPENSSL_NO_DES */
773     { { NULL, NULL, NULL }, NULL }
774 };
775 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
776
777 static const OSSL_ALGORITHM fips_macs[] = {
778 #ifndef OPENSSL_NO_CMAC
779     { "CMAC", "provider=fips,fips=yes", cmac_functions },
780 #endif
781     { "GMAC", "provider=fips,fips=yes", gmac_functions },
782     { "HMAC", "provider=fips,fips=yes", hmac_functions },
783     { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
784     { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
785     { NULL, NULL, NULL }
786 };
787
788 static const OSSL_ALGORITHM fips_kdfs[] = {
789     { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
790     { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
791     { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
792     { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
793     { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
794     { NULL, NULL, NULL }
795 };
796
797 static const OSSL_ALGORITHM fips_keyexch[] = {
798 #ifndef OPENSSL_NO_DH
799     { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
800 #endif
801 #ifndef OPENSSL_NO_EC
802     { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
803 #endif
804     { NULL, NULL, NULL }
805 };
806
807 static const OSSL_ALGORITHM fips_signature[] = {
808 #ifndef OPENSSL_NO_DSA
809     { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
810 #endif
811     { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
812 #ifndef OPENSSL_NO_EC
813     { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
814 #endif
815     { NULL, NULL, NULL }
816 };
817
818 static const OSSL_ALGORITHM fips_asym_cipher[] = {
819     { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
820     { NULL, NULL, NULL }
821 };
822
823 static const OSSL_ALGORITHM fips_keymgmt[] = {
824 #ifndef OPENSSL_NO_DH
825     { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
826 #endif
827 #ifndef OPENSSL_NO_DSA
828     { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
829 #endif
830     { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
831 #ifndef OPENSSL_NO_EC
832     { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
833 #endif
834     { NULL, NULL, NULL }
835 };
836
837 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
838                                          int operation_id,
839                                          int *no_cache)
840 {
841     *no_cache = 0;
842     switch (operation_id) {
843     case OSSL_OP_DIGEST:
844         return fips_digests;
845     case OSSL_OP_CIPHER:
846         ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
847         return exported_fips_ciphers;
848     case OSSL_OP_MAC:
849         return fips_macs;
850     case OSSL_OP_KDF:
851         return fips_kdfs;
852     case OSSL_OP_KEYMGMT:
853         return fips_keymgmt;
854     case OSSL_OP_KEYEXCH:
855         return fips_keyexch;
856     case OSSL_OP_SIGNATURE:
857         return fips_signature;
858     case OSSL_OP_ASYM_CIPHER:
859         return fips_asym_cipher;
860     }
861     return NULL;
862 }
863
864 /* Functions we provide to the core */
865 static const OSSL_DISPATCH fips_dispatch_table[] = {
866     /*
867      * To release our resources we just need to free the OPENSSL_CTX so we just
868      * use OPENSSL_CTX_free directly as our teardown function
869      */
870     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
871     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
872     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
873     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
874     { 0, NULL }
875 };
876
877 /* Functions we provide to ourself */
878 static const OSSL_DISPATCH intern_dispatch_table[] = {
879     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
880     { 0, NULL }
881 };
882
883
884 int OSSL_provider_init(const OSSL_PROVIDER *provider,
885                        const OSSL_DISPATCH *in,
886                        const OSSL_DISPATCH **out,
887                        void **provctx)
888 {
889     FIPS_GLOBAL *fgbl;
890     OPENSSL_CTX *ctx;
891     OSSL_self_test_cb_fn *stcbfn = NULL;
892     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
893
894     for (; in->function_id != 0; in++) {
895         switch (in->function_id) {
896         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
897             c_get_libctx = OSSL_get_core_get_library_context(in);
898             break;
899         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
900             c_gettable_params = OSSL_get_core_gettable_params(in);
901             break;
902         case OSSL_FUNC_CORE_GET_PARAMS:
903             c_get_params = OSSL_get_core_get_params(in);
904             break;
905         case OSSL_FUNC_CORE_THREAD_START:
906             c_thread_start = OSSL_get_core_thread_start(in);
907             break;
908         case OSSL_FUNC_CORE_NEW_ERROR:
909             c_new_error = OSSL_get_core_new_error(in);
910             break;
911         case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
912             c_set_error_debug = OSSL_get_core_set_error_debug(in);
913             break;
914         case OSSL_FUNC_CORE_VSET_ERROR:
915             c_vset_error = OSSL_get_core_vset_error(in);
916             break;
917         case OSSL_FUNC_CORE_SET_ERROR_MARK:
918             c_set_error_mark = OSSL_get_core_set_error_mark(in);
919             break;
920         case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
921             c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
922             break;
923         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
924             c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
925             break;
926         case OSSL_FUNC_CRYPTO_MALLOC:
927             c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
928             break;
929         case OSSL_FUNC_CRYPTO_ZALLOC:
930             c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
931             break;
932         case OSSL_FUNC_CRYPTO_FREE:
933             c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
934             break;
935         case OSSL_FUNC_CRYPTO_CLEAR_FREE:
936             c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
937             break;
938         case OSSL_FUNC_CRYPTO_REALLOC:
939             c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
940             break;
941         case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
942             c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
943             break;
944         case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
945             c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
946             break;
947         case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
948             c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
949             break;
950         case OSSL_FUNC_CRYPTO_SECURE_FREE:
951             c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
952             break;
953         case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
954             c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
955             break;
956         case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
957             c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
958             break;
959         case OSSL_FUNC_BIO_NEW_FILE:
960             selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
961             break;
962         case OSSL_FUNC_BIO_NEW_MEMBUF:
963             selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
964             break;
965         case OSSL_FUNC_BIO_READ_EX:
966             selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
967             break;
968         case OSSL_FUNC_BIO_FREE:
969             selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
970             break;
971         case OSSL_FUNC_BIO_VSNPRINTF:
972             c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
973             break;
974         case OSSL_FUNC_SELF_TEST_CB: {
975             stcbfn = OSSL_get_self_test_cb(in);
976             break;
977         }
978         default:
979             /* Just ignore anything we don't understand */
980             break;
981         }
982     }
983
984     if (stcbfn != NULL && c_get_libctx != NULL) {
985         stcbfn(c_get_libctx(provider), &selftest_params.cb,
986                &selftest_params.cb_arg);
987     }
988     else {
989         selftest_params.cb = NULL;
990         selftest_params.cb_arg = NULL;
991     }
992
993     if (!c_get_params(provider, core_params))
994         return 0;
995
996     /*  Create a context. */
997     if ((ctx = OPENSSL_CTX_new()) == NULL)
998         return 0;
999     if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
1000                                      &fips_prov_ossl_ctx_method)) == NULL) {
1001         OPENSSL_CTX_free(ctx);
1002         return 0;
1003     }
1004
1005     fgbl->prov = provider;
1006
1007     selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
1008     if (!SELF_TEST_post(&selftest_params, 0)) {
1009         OPENSSL_CTX_free(ctx);
1010         return 0;
1011     }
1012
1013     /*
1014      * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
1015      * EVP calls from within the FIPS module.
1016      */
1017     if (!dummy_evp_call(ctx)) {
1018         OPENSSL_CTX_free(ctx);
1019         return 0;
1020     }
1021
1022     *out = fips_dispatch_table;
1023     *provctx = ctx;
1024
1025     return 1;
1026 }
1027
1028 /*
1029  * The internal init function used when the FIPS module uses EVP to call
1030  * another algorithm also in the FIPS module. This is a recursive call that has
1031  * been made from within the FIPS module itself. To make this work, we populate
1032  * the provider context of this inner instance with the same library context
1033  * that was used in the EVP call that initiated this recursive call.
1034  */
1035 OSSL_provider_init_fn fips_intern_provider_init;
1036 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
1037                               const OSSL_DISPATCH *in,
1038                               const OSSL_DISPATCH **out,
1039                               void **provctx)
1040 {
1041     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
1042
1043     for (; in->function_id != 0; in++) {
1044         switch (in->function_id) {
1045         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
1046             c_get_libctx = OSSL_get_core_get_library_context(in);
1047             break;
1048         default:
1049             break;
1050         }
1051     }
1052
1053     if (c_get_libctx == NULL)
1054         return 0;
1055
1056     *provctx = c_get_libctx(provider);
1057
1058     /*
1059      * Safety measure...  we should get the library context that was
1060      * created up in OSSL_provider_init().
1061      */
1062     if (*provctx == NULL)
1063         return 0;
1064
1065     *out = intern_dispatch_table;
1066     return 1;
1067 }
1068
1069 void ERR_new(void)
1070 {
1071     c_new_error(NULL);
1072 }
1073
1074 void ERR_set_debug(const char *file, int line, const char *func)
1075 {
1076     c_set_error_debug(NULL, file, line, func);
1077 }
1078
1079 void ERR_set_error(int lib, int reason, const char *fmt, ...)
1080 {
1081     va_list args;
1082
1083     va_start(args, fmt);
1084     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1085     va_end(args);
1086 }
1087
1088 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
1089 {
1090     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1091 }
1092
1093 int ERR_set_mark(void)
1094 {
1095     return c_set_error_mark(NULL);
1096 }
1097
1098 int ERR_clear_last_mark(void)
1099 {
1100     return c_clear_last_error_mark(NULL);
1101 }
1102
1103 int ERR_pop_to_mark(void)
1104 {
1105     return c_pop_error_to_mark(NULL);
1106 }
1107
1108 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
1109 {
1110     FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
1111                                              &fips_prov_ossl_ctx_method);
1112
1113     if (fgbl == NULL)
1114         return NULL;
1115
1116     return fgbl->prov;
1117 }
1118
1119 void *CRYPTO_malloc(size_t num, const char *file, int line)
1120 {
1121     return c_CRYPTO_malloc(num, file, line);
1122 }
1123
1124 void *CRYPTO_zalloc(size_t num, const char *file, int line)
1125 {
1126     return c_CRYPTO_zalloc(num, file, line);
1127 }
1128
1129 void CRYPTO_free(void *ptr, const char *file, int line)
1130 {
1131     c_CRYPTO_free(ptr, file, line);
1132 }
1133
1134 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
1135 {
1136     c_CRYPTO_clear_free(ptr, num, file, line);
1137 }
1138
1139 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
1140 {
1141     return c_CRYPTO_realloc(addr, num, file, line);
1142 }
1143
1144 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
1145                            const char *file, int line)
1146 {
1147     return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
1148 }
1149
1150 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
1151 {
1152     return c_CRYPTO_secure_malloc(num, file, line);
1153 }
1154
1155 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
1156 {
1157     return c_CRYPTO_secure_zalloc(num, file, line);
1158 }
1159
1160 void CRYPTO_secure_free(void *ptr, const char *file, int line)
1161 {
1162     c_CRYPTO_secure_free(ptr, file, line);
1163 }
1164
1165 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
1166 {
1167     c_CRYPTO_secure_clear_free(ptr, num, file, line);
1168 }
1169
1170 int CRYPTO_secure_allocated(const void *ptr)
1171 {
1172     return c_CRYPTO_secure_allocated(ptr);
1173 }
1174
1175 int BIO_snprintf(char *buf, size_t n, const char *format, ...)
1176 {
1177     va_list args;
1178     int ret;
1179
1180     va_start(args, format);
1181     ret = c_BIO_vsnprintf(buf, n, format, args);
1182     va_end(args);
1183     return ret;
1184 }