providers/fips/fipsprov.c

   1 /*
   2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <stdio.h>
  12 #include <openssl/core.h>
  13 #include <openssl/core_numbers.h>
  14 #include <openssl/core_names.h>
  15 #include <openssl/params.h>
  16 #include <openssl/err.h>
  17 #include <openssl/evp.h>
  18 #include <openssl/kdf.h>
  19
  20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
  21 #include <openssl/sha.h>
  22 #include <openssl/rand_drbg.h>
  23 #include <openssl/ec.h>
  24 #include <openssl/fips_names.h>
  25
  26 #include "internal/cryptlib.h"
  27 #include "internal/property.h"
  28 #include "internal/nelem.h"
  29 #include "internal/param_build.h"
  30 #include "crypto/evp.h"
  31 #include "prov/implementations.h"
  32 #include "prov/provider_ctx.h"
  33 #include "prov/providercommon.h"
  34 #include "prov/provider_util.h"
  35 #include "self_test.h"
  36
  37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
  38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
  39
  40 extern OSSL_core_thread_start_fn *c_thread_start;
  41
  42 /*
  43  * TODO(3.0): Should these be stored in the provider side provctx? Could they
  44  * ever be different from one init to the next? Unfortunately we can't do this
  45  * at the moment because c_put_error/c_add_error_vdata do not provide
  46  * us with the OPENSSL_CTX as a parameter.
  47  */
  48
  49 static SELF_TEST_POST_PARAMS selftest_params;
  50
  51 /* Functions provided by the core */
  52 static OSSL_core_gettable_params_fn *c_gettable_params;
  53 static OSSL_core_get_params_fn *c_get_params;
  54 OSSL_core_thread_start_fn *c_thread_start;
  55 static OSSL_core_new_error_fn *c_new_error;
  56 static OSSL_core_set_error_debug_fn *c_set_error_debug;
  57 static OSSL_core_vset_error_fn *c_vset_error;
  58 static OSSL_core_set_error_mark_fn *c_set_error_mark;
  59 static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
  60 static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
  61 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
  62 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
  63 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
  64 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
  65 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
  66 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
  67 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
  68 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
  69 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
  70 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
  71 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
  72
  73 typedef struct fips_global_st {
  74     const OSSL_PROVIDER *prov;
  75 } FIPS_GLOBAL;
  76
  77 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
  78 {
  79     FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
  80
  81     return fgbl;
  82 }
  83
  84 static void fips_prov_ossl_ctx_free(void *fgbl)
  85 {
  86     OPENSSL_free(fgbl);
  87 }
  88
  89 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
  90     fips_prov_ossl_ctx_new,
  91     fips_prov_ossl_ctx_free,
  92 };
  93
  94
  95 /* Parameters we provide to the core */
  96 static const OSSL_PARAM fips_param_types[] = {
  97     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
  98     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
  99     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
 100     OSSL_PARAM_END
 101 };
 102
 103 /*
 104  * Parameters to retrieve from the core provider - required for self testing.
 105  * NOTE: inside core_get_params() these will be loaded from config items
 106  * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
 107  */
 108 static OSSL_PARAM core_params[] =
 109 {
 110     OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
 111                         selftest_params.module_filename,
 112                         sizeof(selftest_params.module_filename)),
 113     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
 114                         selftest_params.module_checksum_data,
 115                         sizeof(selftest_params.module_checksum_data)),
 116     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
 117                         selftest_params.indicator_checksum_data,
 118                         sizeof(selftest_params.indicator_checksum_data)),
 119     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
 120                         selftest_params.indicator_data,
 121                         sizeof(selftest_params.indicator_data)),
 122     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
 123                         selftest_params.indicator_version,
 124                         sizeof(selftest_params.indicator_version)),
 125     OSSL_PARAM_END
 126 };
 127
 128 /*
 129  * Convert a string into a bignumber.
 130  * The array of hex_data is used to get around compilers that dont like
 131  * strings longer than 509 bytes,
 132  */
 133 static int hextobn(const char *hex_data[], BIGNUM **bn)
 134 {
 135     int ret = 0;
 136     int i, slen;
 137     char *str = NULL;
 138
 139     /* Get the total length of the strings */
 140     for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
 141         slen += strlen(hex_data[i]);
 142
 143     /* Add 1 for the string terminator */
 144     str = OPENSSL_zalloc(slen + 1);
 145     if (str == NULL)
 146         return 0;
 147
 148     /* join the strings together into 1 buffer */
 149     for (i = 0; hex_data[i] != NULL; ++i)
 150         strcat(str, hex_data[i]);
 151
 152     if (BN_hex2bn(bn, str) <= 0)
 153         goto err;
 154     ret = 1;
 155 err:
 156     OPENSSL_free(str);
 157     return ret;
 158 }
 159
 160 static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
 161 {
 162     int ret = 0, sz;
 163     BIGNUM *bn = NULL;
 164     unsigned char *buf = NULL;
 165
 166     if (!hextobn(hex_data, &bn))
 167         return 0;
 168     sz = BN_num_bytes(bn);
 169     buf = OPENSSL_zalloc(sz);
 170     if (buf == NULL)
 171         goto err;
 172     if (BN_bn2binpad(bn, buf, sz) <= 0)
 173         goto err;
 174
 175     *out = buf;
 176     *len = sz;
 177     buf = NULL; /* Set to NULL so it is not freed */
 178     ret = 1;
 179 err:
 180     OPENSSL_free(buf);
 181     BN_free(bn);
 182     return ret;
 183 }
 184
 185 #ifndef OPENSSL_NO_DSA
 186 static int dsa_key_signature_test(OPENSSL_CTX *libctx)
 187 {
 188     int ret = 0;
 189     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 190     BIGNUM *pub = NULL, *priv = NULL;
 191     OSSL_PARAM *params = NULL, *params_sig = NULL;
 192     OSSL_PARAM_BLD bld;
 193     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
 194     EVP_PKEY *pkey = NULL;
 195     unsigned char sig[64];
 196     size_t siglen;
 197
 198     static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
 199         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
 200         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
 201         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
 202     };
 203     /* dsa 2048 */
 204     static const char *dsa_p_hex[] = {
 205         "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
 206         "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
 207         "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
 208         "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
 209         "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
 210         "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
 211         "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
 212         "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
 213          NULL
 214     };
 215     static const char *dsa_q_hex[] = {
 216         "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
 217         NULL
 218     };
 219     static const char *dsa_g_hex[] = {
 220         "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
 221         "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
 222         "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
 223         "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
 224         "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
 225         "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
 226         "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
 227         "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
 228         NULL
 229     };
 230     static const char *dsa_pub_hex[] = {
 231         "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
 232         "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
 233         "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
 234         "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
 235         "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
 236         "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
 237         "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
 238         "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
 239         NULL
 240     };
 241     static const char *dsa_priv_hex[] = {
 242         "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
 243         NULL
 244     };
 245
 246     if (!hextobn(dsa_p_hex, &p)
 247         || !hextobn(dsa_q_hex, &q)
 248         || !hextobn(dsa_g_hex, &g)
 249         || !hextobn(dsa_pub_hex, &pub)
 250         || !hextobn(dsa_priv_hex, &priv))
 251         goto err;
 252
 253     ossl_param_bld_init(&bld);
 254     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
 255         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
 256         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
 257         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
 258         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
 259         goto err;
 260     params = ossl_param_bld_to_param(&bld);
 261
 262     /* Create a EVP_PKEY_CTX to load the DSA key into */
 263     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
 264     if (kctx == NULL || params == NULL)
 265         goto err;
 266     if (EVP_PKEY_key_fromdata_init(kctx) <= 0
 267         || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
 268         goto err;
 269
 270     /* Create a EVP_PKEY_CTX to use for the signing operation */
 271     sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey);
 272     if (sctx == NULL
 273         || EVP_PKEY_sign_init(sctx) <= 0)
 274         goto err;
 275
 276     /* set signature parameters */
 277     ossl_param_bld_init(&bld);
 278     if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
 279                                          SN_sha256,strlen(SN_sha256) + 1)
 280         || !ossl_param_bld_push_size_t(&bld, OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
 281                                        SHA256_DIGEST_LENGTH))
 282         goto err;
 283     params_sig = ossl_param_bld_to_param(&bld);
 284     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
 285         goto err;
 286
 287     if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
 288         || EVP_PKEY_verify_init(sctx) <= 0
 289         || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
 290         goto err;
 291     ret = 1;
 292 err:
 293     ossl_param_bld_free(params);
 294     ossl_param_bld_free(params_sig);
 295     BN_free(p);
 296     BN_free(q);
 297     BN_free(g);
 298     BN_free(pub);
 299     BN_free(priv);
 300     EVP_PKEY_free(pkey);
 301     EVP_PKEY_CTX_free(kctx);
 302     EVP_PKEY_CTX_free(sctx);
 303     return ret;
 304 }
 305 #endif /* OPENSSL_NO_DSA */
 306
 307 #ifndef OPENSSL_NO_DH
 308 static int dh_key_exchange_test(OPENSSL_CTX *libctx)
 309 {
 310     int ret = 0;
 311     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 312     BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
 313     unsigned char *kat_secret = NULL;
 314     EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
 315     EVP_PKEY *pkey = NULL, *peerkey = NULL;
 316     OSSL_PARAM *params = NULL;
 317     OSSL_PARAM *params_peer = NULL;
 318     unsigned char secret[256];
 319     size_t secret_len, kat_secret_len = 0;
 320     OSSL_PARAM_BLD bld;
 321
 322     /* DH KAT */
 323     static const char *dh_p_hex[] = {
 324         "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
 325         "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
 326         "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
 327         "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
 328         "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
 329         "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
 330         "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
 331         "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
 332         NULL
 333     };
 334     static const char *dh_q_hex[] = {
 335         "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
 336         NULL
 337     };
 338     static const char *dh_g_hex[] = {
 339         "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
 340         "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
 341         "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
 342         "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
 343         "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
 344         "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
 345         "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
 346         "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
 347         "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
 348         "ea115c32",
 349         NULL
 350     };
 351     static const char *dh_priv_hex[] = {
 352         "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
 353         NULL
 354     };
 355     static const char *dh_pub_hex[] = {
 356         "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
 357         "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
 358         "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
 359         "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
 360         "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
 361         "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
 362         "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
 363         "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
 364         "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
 365         "959c91d3",
 366         NULL
 367     };
 368     static const char *dh_peer_pub_hex[] = {
 369         "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
 370         "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
 371         "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
 372         "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
 373         "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
 374         "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
 375         "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
 376         "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
 377         "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
 378         "f17ff48b",
 379         NULL
 380     };
 381     static const char *dh_secret_exptd_hex[] = {
 382         "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
 383         "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
 384         "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
 385         "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
 386         "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
 387         "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
 388         "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
 389         "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
 390         "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
 391         "7d98eaf6",
 392         NULL
 393     };
 394
 395     if (!hextobn(dh_p_hex, &p)
 396         || !hextobn(dh_q_hex, &q)
 397         || !hextobn(dh_g_hex, &g)
 398         || !hextobn(dh_pub_hex, &pub)
 399         || !hextobn(dh_priv_hex, &priv)
 400         || !hextobn(dh_peer_pub_hex, &pub_peer)
 401         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
 402         goto err;
 403
 404     ossl_param_bld_init(&bld);
 405     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
 406         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
 407         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
 408         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
 409         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
 410         goto err;
 411     params = ossl_param_bld_to_param(&bld);
 412
 413     ossl_param_bld_init(&bld);
 414     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
 415         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
 416         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
 417         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
 418         goto err;
 419
 420     params_peer = ossl_param_bld_to_param(&bld);
 421     if (params == NULL || params_peer == NULL)
 422         goto err;
 423
 424     /* Create a EVP_PKEY_CTX to load the DH keys into */
 425     kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
 426     if (kactx == NULL)
 427         goto err;
 428     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
 429         || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
 430         goto err;
 431     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
 432         || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
 433         goto err;
 434
 435     /* Create a EVP_PKEY_CTX to perform key derivation */
 436     dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey);
 437     if (dctx == NULL)
 438         goto err;
 439
 440     if (EVP_PKEY_derive_init(dctx) <= 0
 441         || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
 442         || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
 443         goto err;
 444
 445     if (secret_len != kat_secret_len
 446         || memcmp(secret, kat_secret, secret_len) != 0)
 447         goto err;
 448     ret = 1;
 449 err:
 450     ossl_param_bld_free(params_peer);
 451     ossl_param_bld_free(params);
 452     BN_free(p);
 453     BN_free(q);
 454     BN_free(g);
 455     BN_free(pub);
 456     BN_free(priv);
 457     BN_free(pub_peer);
 458     OPENSSL_free(kat_secret);
 459     EVP_PKEY_free(pkey);
 460     EVP_PKEY_free(peerkey);
 461     EVP_PKEY_CTX_free(kactx);
 462     EVP_PKEY_CTX_free(dctx);
 463     return ret;
 464 }
 465 #endif /* OPENSSL_NO_DH */
 466
 467 /* TODO(3.0): To be removed */
 468 static int dummy_evp_call(void *provctx)
 469 {
 470     OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
 471     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
 472     EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
 473     EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
 474     unsigned char dgst[SHA256_DIGEST_LENGTH];
 475     unsigned int dgstlen;
 476     int ret = 0;
 477     BN_CTX *bnctx = NULL;
 478     BIGNUM *a = NULL, *b = NULL;
 479     unsigned char randbuf[128];
 480     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
 481 #ifndef OPENSSL_NO_EC
 482     EC_KEY *key = NULL;
 483 #endif
 484
 485     static const char msg[] = "Hello World!";
 486     static const unsigned char exptd[] = {
 487         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
 488         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
 489         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
 490     };
 491
 492     if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
 493         goto err;
 494
 495     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
 496         goto err;
 497     if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
 498         goto err;
 499     if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
 500         goto err;
 501     if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
 502         goto err;
 503
 504     bnctx = BN_CTX_new_ex(libctx);
 505     if (bnctx == NULL)
 506         goto err;
 507     BN_CTX_start(bnctx);
 508     a = BN_CTX_get(bnctx);
 509     b = BN_CTX_get(bnctx);
 510     if (b == NULL)
 511         goto err;
 512     BN_zero(a);
 513     if (!BN_one(b)
 514         || !BN_add(a, a, b)
 515         || BN_cmp(a, b) != 0)
 516         goto err;
 517
 518     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
 519         goto err;
 520
 521     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
 522         goto err;
 523
 524 #ifndef OPENSSL_NO_EC
 525     /* Do some dummy EC calls */
 526     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
 527     if (key == NULL)
 528         goto err;
 529
 530     if (!EC_KEY_generate_key(key))
 531         goto err;
 532 #endif
 533
 534 #ifndef OPENSSL_NO_DSA
 535     if (!dsa_key_signature_test(libctx))
 536         goto err;
 537 #endif
 538
 539 #ifndef OPENSSL_NO_DH
 540     if (!dh_key_exchange_test(libctx))
 541         goto err;
 542 #endif /* OPENSSL_NO_DH */
 543
 544     ret = 1;
 545  err:
 546     BN_CTX_end(bnctx);
 547     BN_CTX_free(bnctx);
 548
 549     EVP_KDF_free(kdf);
 550     EVP_MD_CTX_free(ctx);
 551     EVP_MD_free(sha256);
 552
 553 #ifndef OPENSSL_NO_EC
 554     EC_KEY_free(key);
 555 #endif
 556     return ret;
 557 }
 558
 559 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
 560 {
 561     return fips_param_types;
 562 }
 563
 564 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
 565 {
 566     OSSL_PARAM *p;
 567
 568     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
 569     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
 570         return 0;
 571     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
 572     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
 573         return 0;
 574     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
 575     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
 576         return 0;
 577
 578     return 1;
 579 }
 580
 581 /* FIPS specific version of the function of the same name in provlib.c */
 582 const char *ossl_prov_util_nid_to_name(int nid)
 583 {
 584     /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
 585
 586     switch (nid) {
 587     /* Digests */
 588     case NID_sha1:
 589         return "SHA1";
 590     case NID_sha224:
 591         return "SHA-224";
 592     case NID_sha256:
 593         return "SHA-256";
 594     case NID_sha384:
 595         return "SHA-384";
 596     case NID_sha512:
 597         return "SHA-512";
 598     case NID_sha512_224:
 599         return "SHA-512/224";
 600     case NID_sha512_256:
 601         return "SHA-512/256";
 602     case NID_sha3_224:
 603         return "SHA3-224";
 604     case NID_sha3_256:
 605         return "SHA3-256";
 606     case NID_sha3_384:
 607         return "SHA3-384";
 608     case NID_sha3_512:
 609         return "SHA3-512";
 610
 611     /* Ciphers */
 612     case NID_aes_256_ecb:
 613         return "AES-256-ECB";
 614     case NID_aes_192_ecb:
 615         return "AES-192-ECB";
 616     case NID_aes_128_ecb:
 617         return "AES-128-ECB";
 618     case NID_aes_256_cbc:
 619         return "AES-256-CBC";
 620     case NID_aes_192_cbc:
 621         return "AES-192-CBC";
 622     case NID_aes_128_cbc:
 623         return "AES-128-CBC";
 624     case NID_aes_256_ctr:
 625         return "AES-256-CTR";
 626     case NID_aes_192_ctr:
 627         return "AES-192-CTR";
 628     case NID_aes_128_ctr:
 629         return "AES-128-CTR";
 630     case NID_aes_256_xts:
 631         return "AES-256-XTS";
 632     case NID_aes_128_xts:
 633         return "AES-128-XTS";
 634     case NID_aes_256_gcm:
 635         return "AES-256-GCM";
 636     case NID_aes_192_gcm:
 637         return "AES-192-GCM";
 638     case NID_aes_128_gcm:
 639         return "AES-128-GCM";
 640     case NID_aes_256_ccm:
 641         return "AES-256-CCM";
 642     case NID_aes_192_ccm:
 643         return "AES-192-CCM";
 644     case NID_aes_128_ccm:
 645         return "AES-128-CCM";
 646     case NID_id_aes256_wrap:
 647         return "AES-256-WRAP";
 648     case NID_id_aes192_wrap:
 649         return "AES-192-WRAP";
 650     case NID_id_aes128_wrap:
 651         return "AES-128-WRAP";
 652     case NID_id_aes256_wrap_pad:
 653         return "AES-256-WRAP-PAD";
 654     case NID_id_aes192_wrap_pad:
 655         return "AES-192-WRAP-PAD";
 656     case NID_id_aes128_wrap_pad:
 657         return "AES-128-WRAP-PAD";
 658     case NID_des_ede3_ecb:
 659         return "DES-EDE3";
 660     case NID_des_ede3_cbc:
 661         return "DES-EDE3-CBC";
 662     case NID_aes_256_cbc_hmac_sha256:
 663         return "AES-256-CBC-HMAC-SHA256";
 664     case NID_aes_128_cbc_hmac_sha256:
 665         return "AES-128-CBC-HMAC-SHA256";
 666     case NID_aes_256_cbc_hmac_sha1:
 667         return "AES-256-CBC-HMAC-SHA1";
 668     case NID_aes_128_cbc_hmac_sha1:
 669         return "AES-128-CBC-HMAC-SHA1";
 670     default:
 671         break;
 672     }
 673
 674     return NULL;
 675 }
 676
 677 /*
 678  * For the algorithm names, we use the following formula for our primary
 679  * names:
 680  *
 681  *     ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
 682  *
 683  *     VERSION is only present if there are multiple versions of
 684  *     an alg (MD2, MD4, MD5).  It may be omitted if there is only
 685  *     one version (if a subsequent version is released in the future,
 686  *     we can always change the canonical name, and add the old name
 687  *     as an alias).
 688  *
 689  *     SUBNAME may be present where we are combining multiple
 690  *     algorithms together, e.g. MD5-SHA1.
 691  *
 692  *     SIZE is only present if multiple versions of an algorithm exist
 693  *     with different sizes (e.g. AES-128-CBC, AES-256-CBC)
 694  *
 695  *     MODE is only present where applicable.
 696  *
 697  * We add diverse other names where applicable, such as the names that
 698  * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
 699  * we have used historically.
 700  */
 701 static const OSSL_ALGORITHM fips_digests[] = {
 702     /* Our primary name:NiST name[:our older names] */
 703     { "SHA1:SHA-1", "fips=yes", sha1_functions },
 704     { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
 705     { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
 706     { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
 707     { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
 708     { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
 709       sha512_224_functions },
 710     { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
 711       sha512_256_functions },
 712
 713     /* We agree with NIST here, so one name only */
 714     { "SHA3-224", "fips=yes", sha3_224_functions },
 715     { "SHA3-256", "fips=yes", sha3_256_functions },
 716     { "SHA3-384", "fips=yes", sha3_384_functions },
 717     { "SHA3-512", "fips=yes", sha3_512_functions },
 718     /*
 719      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
 720      * KMAC128 and KMAC256.
 721      */
 722     { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
 723     { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
 724
 725     { NULL, NULL, NULL }
 726 };
 727
 728 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
 729     /* Our primary name[:ASN.1 OID name][:our older names] */
 730     ALG("AES-256-ECB", aes256ecb_functions),
 731     ALG("AES-192-ECB", aes192ecb_functions),
 732     ALG("AES-128-ECB", aes128ecb_functions),
 733     ALG("AES-256-CBC", aes256cbc_functions),
 734     ALG("AES-192-CBC", aes192cbc_functions),
 735     ALG("AES-128-CBC", aes128cbc_functions),
 736     ALG("AES-256-CTR", aes256ctr_functions),
 737     ALG("AES-192-CTR", aes192ctr_functions),
 738     ALG("AES-128-CTR", aes128ctr_functions),
 739     ALG("AES-256-XTS", aes256xts_functions),
 740     ALG("AES-128-XTS", aes128xts_functions),
 741     ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
 742     ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
 743     ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
 744     ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
 745     ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
 746     ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
 747     ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
 748     ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
 749     ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
 750     ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
 751         aes256wrappad_functions),
 752     ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
 753         aes192wrappad_functions),
 754     ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
 755         aes128wrappad_functions),
 756     ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
 757          cipher_capable_aes_cbc_hmac_sha1),
 758     ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
 759          cipher_capable_aes_cbc_hmac_sha1),
 760     ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
 761          cipher_capable_aes_cbc_hmac_sha256),
 762     ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
 763          cipher_capable_aes_cbc_hmac_sha256),
 764 #ifndef OPENSSL_NO_DES
 765     ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
 766     ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
 767 #endif  /* OPENSSL_NO_DES */
 768     { { NULL, NULL, NULL }, NULL }
 769 };
 770 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
 771
 772 static const OSSL_ALGORITHM fips_macs[] = {
 773 #ifndef OPENSSL_NO_CMAC
 774     { "CMAC", "fips=yes", cmac_functions },
 775 #endif
 776     { "GMAC", "fips=yes", gmac_functions },
 777     { "HMAC", "fips=yes", hmac_functions },
 778     { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
 779     { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
 780     { NULL, NULL, NULL }
 781 };
 782
 783 static const OSSL_ALGORITHM fips_kdfs[] = {
 784     { "HKDF", "fips=yes", kdf_hkdf_functions },
 785     { "SSKDF", "fips=yes", kdf_sskdf_functions },
 786     { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
 787     { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
 788     { "KBKDF", "fips=yes", kdf_kbkdf_functions },
 789     { NULL, NULL, NULL }
 790 };
 791
 792 static const OSSL_ALGORITHM fips_keyexch[] = {
 793 #ifndef OPENSSL_NO_DH
 794     { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions },
 795 #endif
 796     { NULL, NULL, NULL }
 797 };
 798
 799 static const OSSL_ALGORITHM fips_signature[] = {
 800 #ifndef OPENSSL_NO_DSA
 801     { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions },
 802 #endif
 803     { NULL, NULL, NULL }
 804 };
 805
 806 static const OSSL_ALGORITHM fips_keymgmt[] = {
 807 #ifndef OPENSSL_NO_DH
 808     { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions },
 809 #endif
 810 #ifndef OPENSSL_NO_DSA
 811     { "DSA", "fips=yes", dsa_keymgmt_functions },
 812 #endif
 813     { NULL, NULL, NULL }
 814 };
 815
 816 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
 817                                          int operation_id,
 818                                          int *no_cache)
 819 {
 820     *no_cache = 0;
 821     switch (operation_id) {
 822     case OSSL_OP_DIGEST:
 823         return fips_digests;
 824     case OSSL_OP_CIPHER:
 825         ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
 826         return exported_fips_ciphers;
 827     case OSSL_OP_MAC:
 828         return fips_macs;
 829     case OSSL_OP_KDF:
 830         return fips_kdfs;
 831     case OSSL_OP_KEYMGMT:
 832         return fips_keymgmt;
 833     case OSSL_OP_KEYEXCH:
 834         return fips_keyexch;
 835     case OSSL_OP_SIGNATURE:
 836         return fips_signature;
 837     }
 838     return NULL;
 839 }
 840
 841 /* Functions we provide to the core */
 842 static const OSSL_DISPATCH fips_dispatch_table[] = {
 843     /*
 844      * To release our resources we just need to free the OPENSSL_CTX so we just
 845      * use OPENSSL_CTX_free directly as our teardown function
 846      */
 847     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
 848     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
 849     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
 850     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
 851     { 0, NULL }
 852 };
 853
 854 /* Functions we provide to ourself */
 855 static const OSSL_DISPATCH intern_dispatch_table[] = {
 856     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
 857     { 0, NULL }
 858 };
 859
 860
 861 int OSSL_provider_init(const OSSL_PROVIDER *provider,
 862                        const OSSL_DISPATCH *in,
 863                        const OSSL_DISPATCH **out,
 864                        void **provctx)
 865 {
 866     FIPS_GLOBAL *fgbl;
 867     OPENSSL_CTX *ctx;
 868     OSSL_self_test_cb_fn *stcbfn = NULL;
 869     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
 870
 871     for (; in->function_id != 0; in++) {
 872         switch (in->function_id) {
 873         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
 874             c_get_libctx = OSSL_get_core_get_library_context(in);
 875             break;
 876         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
 877             c_gettable_params = OSSL_get_core_gettable_params(in);
 878             break;
 879         case OSSL_FUNC_CORE_GET_PARAMS:
 880             c_get_params = OSSL_get_core_get_params(in);
 881             break;
 882         case OSSL_FUNC_CORE_THREAD_START:
 883             c_thread_start = OSSL_get_core_thread_start(in);
 884             break;
 885         case OSSL_FUNC_CORE_NEW_ERROR:
 886             c_new_error = OSSL_get_core_new_error(in);
 887             break;
 888         case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
 889             c_set_error_debug = OSSL_get_core_set_error_debug(in);
 890             break;
 891         case OSSL_FUNC_CORE_VSET_ERROR:
 892             c_vset_error = OSSL_get_core_vset_error(in);
 893             break;
 894         case OSSL_FUNC_CORE_SET_ERROR_MARK:
 895             c_set_error_mark = OSSL_get_core_set_error_mark(in);
 896             break;
 897         case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
 898             c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
 899             break;
 900         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
 901             c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
 902             break;
 903         case OSSL_FUNC_CRYPTO_MALLOC:
 904             c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
 905             break;
 906         case OSSL_FUNC_CRYPTO_ZALLOC:
 907             c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
 908             break;
 909         case OSSL_FUNC_CRYPTO_FREE:
 910             c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
 911             break;
 912         case OSSL_FUNC_CRYPTO_CLEAR_FREE:
 913             c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
 914             break;
 915         case OSSL_FUNC_CRYPTO_REALLOC:
 916             c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
 917             break;
 918         case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
 919             c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
 920             break;
 921         case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
 922             c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
 923             break;
 924         case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
 925             c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
 926             break;
 927         case OSSL_FUNC_CRYPTO_SECURE_FREE:
 928             c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
 929             break;
 930         case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
 931             c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
 932             break;
 933         case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
 934             c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
 935             break;
 936         case OSSL_FUNC_BIO_NEW_FILE:
 937             selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
 938             break;
 939         case OSSL_FUNC_BIO_NEW_MEMBUF:
 940             selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
 941             break;
 942         case OSSL_FUNC_BIO_READ_EX:
 943             selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
 944             break;
 945         case OSSL_FUNC_BIO_FREE:
 946             selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
 947             break;
 948         case OSSL_FUNC_SELF_TEST_CB: {
 949             stcbfn = OSSL_get_self_test_cb(in);
 950             break;
 951         }
 952         default:
 953             /* Just ignore anything we don't understand */
 954             break;
 955         }
 956     }
 957
 958     if (stcbfn != NULL && c_get_libctx != NULL) {
 959         stcbfn(c_get_libctx(provider), &selftest_params.event_cb,
 960                &selftest_params.event_cb_arg);
 961     }
 962     else {
 963         selftest_params.event_cb = NULL;
 964         selftest_params.event_cb_arg = NULL;
 965     }
 966
 967     if (!c_get_params(provider, core_params))
 968         return 0;
 969
 970     /*  Create a context. */
 971     if ((ctx = OPENSSL_CTX_new()) == NULL)
 972         return 0;
 973     if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
 974                                      &fips_prov_ossl_ctx_method)) == NULL) {
 975         OPENSSL_CTX_free(ctx);
 976         return 0;
 977     }
 978
 979     fgbl->prov = provider;
 980
 981     selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
 982     if (!SELF_TEST_post(&selftest_params, 0)) {
 983         OPENSSL_CTX_free(ctx);
 984         return 0;
 985     }
 986
 987     /*
 988      * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
 989      * EVP calls from within the FIPS module.
 990      */
 991     if (!dummy_evp_call(ctx)) {
 992         OPENSSL_CTX_free(ctx);
 993         return 0;
 994     }
 995
 996     *out = fips_dispatch_table;
 997     *provctx = ctx;
 998
 999     return 1;
1000 }
1001
1002 /*
1003  * The internal init function used when the FIPS module uses EVP to call
1004  * another algorithm also in the FIPS module. This is a recursive call that has
1005  * been made from within the FIPS module itself. To make this work, we populate
1006  * the provider context of this inner instance with the same library context
1007  * that was used in the EVP call that initiated this recursive call.
1008  */
1009 OSSL_provider_init_fn fips_intern_provider_init;
1010 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
1011                               const OSSL_DISPATCH *in,
1012                               const OSSL_DISPATCH **out,
1013                               void **provctx)
1014 {
1015     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
1016
1017     for (; in->function_id != 0; in++) {
1018         switch (in->function_id) {
1019         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
1020             c_get_libctx = OSSL_get_core_get_library_context(in);
1021             break;
1022         default:
1023             break;
1024         }
1025     }
1026
1027     if (c_get_libctx == NULL)
1028         return 0;
1029
1030     *provctx = c_get_libctx(provider);
1031
1032     /*
1033      * Safety measure...  we should get the library context that was
1034      * created up in OSSL_provider_init().
1035      */
1036     if (*provctx == NULL)
1037         return 0;
1038
1039     *out = intern_dispatch_table;
1040     return 1;
1041 }
1042
1043 void ERR_new(void)
1044 {
1045     c_new_error(NULL);
1046 }
1047
1048 void ERR_set_debug(const char *file, int line, const char *func)
1049 {
1050     c_set_error_debug(NULL, file, line, func);
1051 }
1052
1053 void ERR_set_error(int lib, int reason, const char *fmt, ...)
1054 {
1055     va_list args;
1056
1057     va_start(args, fmt);
1058     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1059     va_end(args);
1060 }
1061
1062 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
1063 {
1064     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1065 }
1066
1067 int ERR_set_mark(void)
1068 {
1069     return c_set_error_mark(NULL);
1070 }
1071
1072 int ERR_clear_last_mark(void)
1073 {
1074     return c_clear_last_error_mark(NULL);
1075 }
1076
1077 int ERR_pop_to_mark(void)
1078 {
1079     return c_pop_error_to_mark(NULL);
1080 }
1081
1082 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
1083 {
1084     FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
1085                                              &fips_prov_ossl_ctx_method);
1086
1087     if (fgbl == NULL)
1088         return NULL;
1089
1090     return fgbl->prov;
1091 }
1092
1093 void *CRYPTO_malloc(size_t num, const char *file, int line)
1094 {
1095     return c_CRYPTO_malloc(num, file, line);
1096 }
1097
1098 void *CRYPTO_zalloc(size_t num, const char *file, int line)
1099 {
1100     return c_CRYPTO_zalloc(num, file, line);
1101 }
1102
1103 void CRYPTO_free(void *ptr, const char *file, int line)
1104 {
1105     c_CRYPTO_free(ptr, file, line);
1106 }
1107
1108 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
1109 {
1110     c_CRYPTO_clear_free(ptr, num, file, line);
1111 }
1112
1113 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
1114 {
1115     return c_CRYPTO_realloc(addr, num, file, line);
1116 }
1117
1118 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
1119                            const char *file, int line)
1120 {
1121     return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
1122 }
1123
1124 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
1125 {
1126     return c_CRYPTO_secure_malloc(num, file, line);
1127 }
1128
1129 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
1130 {
1131     return c_CRYPTO_secure_zalloc(num, file, line);
1132 }
1133
1134 void CRYPTO_secure_free(void *ptr, const char *file, int line)
1135 {
1136     c_CRYPTO_secure_free(ptr, file, line);
1137 }
1138
1139 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
1140 {
1141     c_CRYPTO_secure_clear_free(ptr, num, file, line);
1142 }
1143
1144 int CRYPTO_secure_allocated(const void *ptr)
1145 {
1146     return c_CRYPTO_secure_allocated(ptr);
1147 }