2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
19 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
20 #include <openssl/sha.h>
21 #include <openssl/rand_drbg.h>
22 #include <openssl/ec.h>
23 #include <openssl/fips_names.h>
25 #include "internal/cryptlib.h"
26 #include "internal/property.h"
27 #include "internal/evp_int.h"
28 #include "internal/provider_algs.h"
29 #include "internal/provider_ctx.h"
30 #include "internal/providercommon.h"
33 extern OSSL_core_thread_start_fn *c_thread_start;
36 * TODO(3.0): Should these be stored in the provider side provctx? Could they
37 * ever be different from one init to the next? Unfortunately we can't do this
38 * at the moment because c_put_error/c_add_error_vdata do not provide
39 * us with the OPENSSL_CTX as a parameter.
42 static SELF_TEST_POST_PARAMS selftest_params;
44 /* Functions provided by the core */
45 static OSSL_core_gettable_params_fn *c_gettable_params;
46 static OSSL_core_get_params_fn *c_get_params;
47 OSSL_core_thread_start_fn *c_thread_start;
48 static OSSL_core_new_error_fn *c_new_error;
49 static OSSL_core_set_error_debug_fn *c_set_error_debug;
50 static OSSL_core_vset_error_fn *c_vset_error;
51 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
52 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
53 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
54 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
55 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
56 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
57 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
58 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
59 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
60 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
61 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
63 typedef struct fips_global_st {
64 const OSSL_PROVIDER *prov;
67 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
69 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
74 static void fips_prov_ossl_ctx_free(void *fgbl)
79 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
80 fips_prov_ossl_ctx_new,
81 fips_prov_ossl_ctx_free,
85 /* Parameters we provide to the core */
86 static const OSSL_PARAM fips_param_types[] = {
87 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
88 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
94 * Parameters to retrieve from the core provider - required for self testing.
95 * NOTE: inside core_get_params() these will be loaded from config items
96 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
98 static OSSL_PARAM core_params[] =
100 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
101 selftest_params.module_filename,
102 sizeof(selftest_params.module_filename)),
103 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
104 selftest_params.module_checksum_data,
105 sizeof(selftest_params.module_checksum_data)),
106 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
107 selftest_params.indicator_checksum_data,
108 sizeof(selftest_params.indicator_checksum_data)),
109 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
110 selftest_params.indicator_data,
111 sizeof(selftest_params.indicator_data)),
112 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
113 selftest_params.indicator_version,
114 sizeof(selftest_params.indicator_version)),
118 /* TODO(3.0): To be removed */
119 static int dummy_evp_call(void *provctx)
121 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
122 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
123 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
124 char msg[] = "Hello World!";
125 const unsigned char exptd[] = {
126 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
127 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
128 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
130 unsigned int dgstlen = 0;
131 unsigned char dgst[SHA256_DIGEST_LENGTH];
133 BN_CTX *bnctx = NULL;
134 BIGNUM *a = NULL, *b = NULL;
135 unsigned char randbuf[128];
136 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
137 #ifndef OPENSSL_NO_EC
141 if (ctx == NULL || sha256 == NULL || drbg == NULL)
144 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
146 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
148 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
150 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
153 bnctx = BN_CTX_new_ex(libctx);
157 a = BN_CTX_get(bnctx);
158 b = BN_CTX_get(bnctx);
164 || BN_cmp(a, b) != 0)
167 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
170 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
173 #ifndef OPENSSL_NO_EC
174 /* Do some dummy EC calls */
175 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
179 if (!EC_KEY_generate_key(key))
188 EVP_MD_CTX_free(ctx);
189 EVP_MD_meth_free(sha256);
191 #ifndef OPENSSL_NO_EC
197 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
199 return fips_param_types;
202 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
206 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
207 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
213 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
219 /* FIPS specific version of the function of the same name in provlib.c */
220 const char *ossl_prov_util_nid_to_name(int nid)
222 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
250 case NID_aes_256_ecb:
251 return "AES-256-ECB";
252 case NID_aes_192_ecb:
253 return "AES-192-ECB";
254 case NID_aes_128_ecb:
255 return "AES-128-ECB";
256 case NID_aes_256_cbc:
257 return "AES-256-CBC";
258 case NID_aes_192_cbc:
259 return "AES-192-CBC";
260 case NID_aes_128_cbc:
261 return "AES-128-CBC";
262 case NID_aes_256_ctr:
263 return "AES-256-CTR";
264 case NID_aes_192_ctr:
265 return "AES-192-CTR";
266 case NID_aes_128_ctr:
267 return "AES-128-CTR";
268 /* TODO(3.0) Change these when we have aliases */
269 case NID_aes_256_gcm:
270 return "id-aes256-GCM";
271 case NID_aes_192_gcm:
272 return "id-aes192-GCM";
273 case NID_aes_128_gcm:
274 return "id-aes128-GCM";
275 case NID_aes_256_ccm:
276 return "id-aes256-CCM";
277 case NID_aes_192_ccm:
278 return "id-aes192-CCM";
279 case NID_aes_128_ccm:
280 return "id-aes128-CCM";
288 static const OSSL_ALGORITHM fips_digests[] = {
289 { "SHA1", "fips=yes", sha1_functions },
290 { "SHA224", "fips=yes", sha224_functions },
291 { "SHA256", "fips=yes", sha256_functions },
292 { "SHA384", "fips=yes", sha384_functions },
293 { "SHA512", "fips=yes", sha512_functions },
294 { "SHA512-224", "fips=yes", sha512_224_functions },
295 { "SHA512-256", "fips=yes", sha512_256_functions },
296 { "SHA3-224", "fips=yes", sha3_224_functions },
297 { "SHA3-256", "fips=yes", sha3_256_functions },
298 { "SHA3-384", "fips=yes", sha3_384_functions },
299 { "SHA3-512", "fips=yes", sha3_512_functions },
301 * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for
302 * the KMAC128 and KMAC256.
304 { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions },
305 { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions },
310 static const OSSL_ALGORITHM fips_ciphers[] = {
311 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
312 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
313 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
314 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
315 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
316 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
317 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
318 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
319 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
320 /* TODO(3.0) Add aliases for these ciphers */
321 { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
322 { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
323 { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
324 { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
325 { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
326 { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
330 static const OSSL_ALGORITHM fips_macs[] = {
331 { "CMAC", "fips=yes", cmac_functions },
332 { "GMAC", "fips=yes", gmac_functions },
333 { "HMAC", "fips=yes", hmac_functions },
334 { "KMAC128", "fips=yes", kmac128_functions },
335 { "KMAC256", "fips=yes", kmac256_functions },
339 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
344 switch (operation_id) {
355 /* Functions we provide to the core */
356 static const OSSL_DISPATCH fips_dispatch_table[] = {
358 * To release our resources we just need to free the OPENSSL_CTX so we just
359 * use OPENSSL_CTX_free directly as our teardown function
361 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
362 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
363 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
364 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
368 /* Functions we provide to ourself */
369 static const OSSL_DISPATCH intern_dispatch_table[] = {
370 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
375 int OSSL_provider_init(const OSSL_PROVIDER *provider,
376 const OSSL_DISPATCH *in,
377 const OSSL_DISPATCH **out,
383 for (; in->function_id != 0; in++) {
384 switch (in->function_id) {
385 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
386 c_gettable_params = OSSL_get_core_gettable_params(in);
388 case OSSL_FUNC_CORE_GET_PARAMS:
389 c_get_params = OSSL_get_core_get_params(in);
391 case OSSL_FUNC_CORE_THREAD_START:
392 c_thread_start = OSSL_get_core_thread_start(in);
394 case OSSL_FUNC_CORE_NEW_ERROR:
395 c_new_error = OSSL_get_core_new_error(in);
397 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
398 c_set_error_debug = OSSL_get_core_set_error_debug(in);
400 case OSSL_FUNC_CORE_VSET_ERROR:
401 c_vset_error = OSSL_get_core_vset_error(in);
403 case OSSL_FUNC_CRYPTO_MALLOC:
404 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
406 case OSSL_FUNC_CRYPTO_ZALLOC:
407 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
409 case OSSL_FUNC_CRYPTO_FREE:
410 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
412 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
413 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
415 case OSSL_FUNC_CRYPTO_REALLOC:
416 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
418 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
419 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
421 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
422 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
424 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
425 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
427 case OSSL_FUNC_CRYPTO_SECURE_FREE:
428 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
430 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
431 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
433 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
434 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
436 case OSSL_FUNC_BIO_NEW_FILE:
437 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
439 case OSSL_FUNC_BIO_NEW_MEMBUF:
440 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
442 case OSSL_FUNC_BIO_READ:
443 selftest_params.bio_read_cb = OSSL_get_BIO_read(in);
445 case OSSL_FUNC_BIO_FREE:
446 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
449 /* Just ignore anything we don't understand */
454 if (!c_get_params(provider, core_params))
457 /* Create a context. */
458 if ((ctx = OPENSSL_CTX_new()) == NULL)
460 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
461 &fips_prov_ossl_ctx_method)) == NULL) {
462 OPENSSL_CTX_free(ctx);
465 fgbl->prov = provider;
466 *out = fips_dispatch_table;
470 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
471 * EVP calls from within the FIPS module.
473 if (!dummy_evp_call(*provctx)) {
474 OPENSSL_CTX_free(*provctx);
483 * The internal init function used when the FIPS module uses EVP to call
484 * another algorithm also in the FIPS module. This is a recursive call that has
485 * been made from within the FIPS module itself. To make this work, we populate
486 * the provider context of this inner instance with the same library context
487 * that was used in the EVP call that initiated this recursive call.
489 OSSL_provider_init_fn fips_intern_provider_init;
490 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
491 const OSSL_DISPATCH *in,
492 const OSSL_DISPATCH **out,
495 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
497 for (; in->function_id != 0; in++) {
498 switch (in->function_id) {
499 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
500 c_get_libctx = OSSL_get_core_get_library_context(in);
507 if (c_get_libctx == NULL)
510 *provctx = c_get_libctx(provider);
513 * Safety measure... we should get the library context that was
514 * created up in OSSL_provider_init().
516 if (*provctx == NULL)
519 *out = intern_dispatch_table;
528 void ERR_set_debug(const char *file, int line, const char *func)
530 c_set_error_debug(NULL, file, line, func);
533 void ERR_set_error(int lib, int reason, const char *fmt, ...)
538 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
542 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
544 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
547 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
549 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
550 &fips_prov_ossl_ctx_method);
558 void *CRYPTO_malloc(size_t num, const char *file, int line)
560 return c_CRYPTO_malloc(num, file, line);
563 void *CRYPTO_zalloc(size_t num, const char *file, int line)
565 return c_CRYPTO_zalloc(num, file, line);
568 void CRYPTO_free(void *ptr, const char *file, int line)
570 c_CRYPTO_free(ptr, file, line);
573 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
575 c_CRYPTO_clear_free(ptr, num, file, line);
578 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
580 return c_CRYPTO_realloc(addr, num, file, line);
583 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
584 const char *file, int line)
586 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
589 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
591 return c_CRYPTO_secure_malloc(num, file, line);
594 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
596 return c_CRYPTO_secure_zalloc(num, file, line);
599 void CRYPTO_secure_free(void *ptr, const char *file, int line)
601 c_CRYPTO_secure_free(ptr, file, line);
604 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
606 c_CRYPTO_secure_clear_free(ptr, num, file, line);
609 int CRYPTO_secure_allocated(const void *ptr)
611 return c_CRYPTO_secure_allocated(ptr);