Fix builds with no-dh
[openssl.git] / providers / fips / fipsprov.c
1 /*
2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <string.h>
11 #include <stdio.h>
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
19
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
25
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "internal/nelem.h"
29 #include "internal/param_build.h"
30 #include "crypto/evp.h"
31 #include "prov/implementations.h"
32 #include "prov/provider_ctx.h"
33 #include "prov/providercommon.h"
34 #include "prov/provider_util.h"
35 #include "self_test.h"
36
37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
39
40 extern OSSL_core_thread_start_fn *c_thread_start;
41
42 /*
43  * TODO(3.0): Should these be stored in the provider side provctx? Could they
44  * ever be different from one init to the next? Unfortunately we can't do this
45  * at the moment because c_put_error/c_add_error_vdata do not provide
46  * us with the OPENSSL_CTX as a parameter.
47  */
48
49 static SELF_TEST_POST_PARAMS selftest_params;
50
51 /* Functions provided by the core */
52 static OSSL_core_gettable_params_fn *c_gettable_params;
53 static OSSL_core_get_params_fn *c_get_params;
54 OSSL_core_thread_start_fn *c_thread_start;
55 static OSSL_core_new_error_fn *c_new_error;
56 static OSSL_core_set_error_debug_fn *c_set_error_debug;
57 static OSSL_core_vset_error_fn *c_vset_error;
58 static OSSL_core_set_error_mark_fn *c_set_error_mark;
59 static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
60 static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
61 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
62 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
63 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
64 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
65 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
66 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
67 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
68 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
69 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
70 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
71 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
72
73 typedef struct fips_global_st {
74     const OSSL_PROVIDER *prov;
75 } FIPS_GLOBAL;
76
77 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
78 {
79     FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
80
81     return fgbl;
82 }
83
84 static void fips_prov_ossl_ctx_free(void *fgbl)
85 {
86     OPENSSL_free(fgbl);
87 }
88
89 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
90     fips_prov_ossl_ctx_new,
91     fips_prov_ossl_ctx_free,
92 };
93
94
95 /* Parameters we provide to the core */
96 static const OSSL_PARAM fips_param_types[] = {
97     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
98     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
99     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
100     OSSL_PARAM_END
101 };
102
103 /*
104  * Parameters to retrieve from the core provider - required for self testing.
105  * NOTE: inside core_get_params() these will be loaded from config items
106  * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
107  */
108 static OSSL_PARAM core_params[] =
109 {
110     OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
111                         selftest_params.module_filename,
112                         sizeof(selftest_params.module_filename)),
113     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
114                         selftest_params.module_checksum_data,
115                         sizeof(selftest_params.module_checksum_data)),
116     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
117                         selftest_params.indicator_checksum_data,
118                         sizeof(selftest_params.indicator_checksum_data)),
119     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
120                         selftest_params.indicator_data,
121                         sizeof(selftest_params.indicator_data)),
122     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
123                         selftest_params.indicator_version,
124                         sizeof(selftest_params.indicator_version)),
125     OSSL_PARAM_END
126 };
127
128 /*
129  * Convert a string into a bignumber.
130  * The array of hex_data is used to get around compilers that dont like
131  * strings longer than 509 bytes,
132  */
133 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
134 static int hextobn(const char *hex_data[], BIGNUM **bn)
135 {
136     int ret = 0;
137     int i, slen;
138     char *str = NULL;
139
140     /* Get the total length of the strings */
141     for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
142         slen += strlen(hex_data[i]);
143
144     /* Add 1 for the string terminator */
145     str = OPENSSL_zalloc(slen + 1);
146     if (str == NULL)
147         return 0;
148
149     /* join the strings together into 1 buffer */
150     for (i = 0; hex_data[i] != NULL; ++i)
151         strcat(str, hex_data[i]);
152
153     if (BN_hex2bn(bn, str) <= 0)
154         goto err;
155     ret = 1;
156 err:
157     OPENSSL_free(str);
158     return ret;
159 }
160 #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
161
162 #ifndef OPENSSL_NO_DH
163 static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
164 {
165     int ret = 0, sz;
166     BIGNUM *bn = NULL;
167     unsigned char *buf = NULL;
168
169     if (!hextobn(hex_data, &bn))
170         return 0;
171     sz = BN_num_bytes(bn);
172     buf = OPENSSL_zalloc(sz);
173     if (buf == NULL)
174         goto err;
175     if (BN_bn2binpad(bn, buf, sz) <= 0)
176         goto err;
177
178     *out = buf;
179     *len = sz;
180     buf = NULL; /* Set to NULL so it is not freed */
181     ret = 1;
182 err:
183     OPENSSL_free(buf);
184     BN_free(bn);
185     return ret;
186 }
187 #endif
188
189 #ifndef OPENSSL_NO_DSA
190 static int dsa_key_signature_test(OPENSSL_CTX *libctx)
191 {
192     int ret = 0;
193     BIGNUM *p = NULL, *q = NULL, *g = NULL;
194     BIGNUM *pub = NULL, *priv = NULL;
195     OSSL_PARAM *params = NULL, *params_sig = NULL;
196     OSSL_PARAM_BLD bld;
197     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
198     EVP_PKEY *pkey = NULL;
199     unsigned char sig[64];
200     size_t siglen;
201
202     static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
203         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
204         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
205         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
206     };
207     /* dsa 2048 */
208     static const char *dsa_p_hex[] = {
209         "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
210         "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
211         "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
212         "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
213         "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
214         "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
215         "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
216         "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
217          NULL
218     };
219     static const char *dsa_q_hex[] = {
220         "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
221         NULL
222     };
223     static const char *dsa_g_hex[] = {
224         "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
225         "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
226         "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
227         "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
228         "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
229         "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
230         "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
231         "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
232         NULL
233     };
234     static const char *dsa_pub_hex[] = {
235         "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
236         "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
237         "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
238         "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
239         "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
240         "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
241         "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
242         "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
243         NULL
244     };
245     static const char *dsa_priv_hex[] = {
246         "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
247         NULL
248     };
249
250     if (!hextobn(dsa_p_hex, &p)
251         || !hextobn(dsa_q_hex, &q)
252         || !hextobn(dsa_g_hex, &g)
253         || !hextobn(dsa_pub_hex, &pub)
254         || !hextobn(dsa_priv_hex, &priv))
255         goto err;
256
257     ossl_param_bld_init(&bld);
258     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
259         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
260         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
261         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
262         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
263         goto err;
264     params = ossl_param_bld_to_param(&bld);
265
266     /* Create a EVP_PKEY_CTX to load the DSA key into */
267     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
268     if (kctx == NULL || params == NULL)
269         goto err;
270     if (EVP_PKEY_key_fromdata_init(kctx) <= 0
271         || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
272         goto err;
273
274     /* Create a EVP_PKEY_CTX to use for the signing operation */
275     sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
276     if (sctx == NULL
277         || EVP_PKEY_sign_init(sctx) <= 0)
278         goto err;
279
280     /* set signature parameters */
281     ossl_param_bld_init(&bld);
282     if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
283                                          SN_sha256,strlen(SN_sha256) + 1))
284         goto err;
285     params_sig = ossl_param_bld_to_param(&bld);
286     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
287         goto err;
288
289     if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
290         || EVP_PKEY_verify_init(sctx) <= 0
291         || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
292         goto err;
293     ret = 1;
294 err:
295     ossl_param_bld_free(params);
296     ossl_param_bld_free(params_sig);
297     BN_free(p);
298     BN_free(q);
299     BN_free(g);
300     BN_free(pub);
301     BN_free(priv);
302     EVP_PKEY_free(pkey);
303     EVP_PKEY_CTX_free(kctx);
304     EVP_PKEY_CTX_free(sctx);
305     return ret;
306 }
307 #endif /* OPENSSL_NO_DSA */
308
309 #ifndef OPENSSL_NO_DH
310 static int dh_key_exchange_test(OPENSSL_CTX *libctx)
311 {
312     int ret = 0;
313     BIGNUM *p = NULL, *q = NULL, *g = NULL;
314     BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
315     unsigned char *kat_secret = NULL;
316     EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
317     EVP_PKEY *pkey = NULL, *peerkey = NULL;
318     OSSL_PARAM *params = NULL;
319     OSSL_PARAM *params_peer = NULL;
320     unsigned char secret[256];
321     size_t secret_len, kat_secret_len = 0;
322     OSSL_PARAM_BLD bld;
323
324     /* DH KAT */
325     static const char *dh_p_hex[] = {
326         "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
327         "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
328         "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
329         "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
330         "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
331         "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
332         "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
333         "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
334         NULL
335     };
336     static const char *dh_q_hex[] = {
337         "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
338         NULL
339     };
340     static const char *dh_g_hex[] = {
341         "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
342         "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
343         "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
344         "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
345         "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
346         "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
347         "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
348         "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
349         "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
350         "ea115c32",
351         NULL
352     };
353     static const char *dh_priv_hex[] = {
354         "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
355         NULL
356     };
357     static const char *dh_pub_hex[] = {
358         "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
359         "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
360         "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
361         "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
362         "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
363         "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
364         "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
365         "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
366         "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
367         "959c91d3",
368         NULL
369     };
370     static const char *dh_peer_pub_hex[] = {
371         "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
372         "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
373         "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
374         "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
375         "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
376         "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
377         "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
378         "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
379         "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
380         "f17ff48b",
381         NULL
382     };
383     static const char *dh_secret_exptd_hex[] = {
384         "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
385         "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
386         "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
387         "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
388         "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
389         "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
390         "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
391         "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
392         "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
393         "7d98eaf6",
394         NULL
395     };
396
397     if (!hextobn(dh_p_hex, &p)
398         || !hextobn(dh_q_hex, &q)
399         || !hextobn(dh_g_hex, &g)
400         || !hextobn(dh_pub_hex, &pub)
401         || !hextobn(dh_priv_hex, &priv)
402         || !hextobn(dh_peer_pub_hex, &pub_peer)
403         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
404         goto err;
405
406     ossl_param_bld_init(&bld);
407     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
408         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
409         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
410         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
411         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
412         goto err;
413     params = ossl_param_bld_to_param(&bld);
414
415     ossl_param_bld_init(&bld);
416     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
417         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
418         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
419         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
420         goto err;
421
422     params_peer = ossl_param_bld_to_param(&bld);
423     if (params == NULL || params_peer == NULL)
424         goto err;
425
426     /* Create a EVP_PKEY_CTX to load the DH keys into */
427     kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
428     if (kactx == NULL)
429         goto err;
430     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
431         || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
432         goto err;
433     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
434         || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
435         goto err;
436
437     /* Create a EVP_PKEY_CTX to perform key derivation */
438     dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
439     if (dctx == NULL)
440         goto err;
441
442     if (EVP_PKEY_derive_init(dctx) <= 0
443         || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
444         || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
445         goto err;
446
447     if (secret_len != kat_secret_len
448         || memcmp(secret, kat_secret, secret_len) != 0)
449         goto err;
450     ret = 1;
451 err:
452     ossl_param_bld_free(params_peer);
453     ossl_param_bld_free(params);
454     BN_free(p);
455     BN_free(q);
456     BN_free(g);
457     BN_free(pub);
458     BN_free(priv);
459     BN_free(pub_peer);
460     OPENSSL_free(kat_secret);
461     EVP_PKEY_free(pkey);
462     EVP_PKEY_free(peerkey);
463     EVP_PKEY_CTX_free(kactx);
464     EVP_PKEY_CTX_free(dctx);
465     return ret;
466 }
467 #endif /* OPENSSL_NO_DH */
468
469 /* TODO(3.0): To be removed */
470 static int dummy_evp_call(void *provctx)
471 {
472     OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
473     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
474     EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
475     EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
476     unsigned char dgst[SHA256_DIGEST_LENGTH];
477     unsigned int dgstlen;
478     int ret = 0;
479     BN_CTX *bnctx = NULL;
480     BIGNUM *a = NULL, *b = NULL;
481     unsigned char randbuf[128];
482     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
483 #ifndef OPENSSL_NO_EC
484     EC_KEY *key = NULL;
485 #endif
486
487     static const char msg[] = "Hello World!";
488     static const unsigned char exptd[] = {
489         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
490         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
491         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
492     };
493
494     if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
495         goto err;
496
497     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
498         goto err;
499     if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
500         goto err;
501     if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
502         goto err;
503     if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
504         goto err;
505
506     bnctx = BN_CTX_new_ex(libctx);
507     if (bnctx == NULL)
508         goto err;
509     BN_CTX_start(bnctx);
510     a = BN_CTX_get(bnctx);
511     b = BN_CTX_get(bnctx);
512     if (b == NULL)
513         goto err;
514     BN_zero(a);
515     if (!BN_one(b)
516         || !BN_add(a, a, b)
517         || BN_cmp(a, b) != 0)
518         goto err;
519
520     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
521         goto err;
522
523     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
524         goto err;
525
526 #ifndef OPENSSL_NO_EC
527     /* Do some dummy EC calls */
528     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
529     if (key == NULL)
530         goto err;
531
532     if (!EC_KEY_generate_key(key))
533         goto err;
534 #endif
535
536 #ifndef OPENSSL_NO_DSA
537     if (!dsa_key_signature_test(libctx))
538         goto err;
539 #endif
540
541 #ifndef OPENSSL_NO_DH
542     if (!dh_key_exchange_test(libctx))
543         goto err;
544 #endif /* OPENSSL_NO_DH */
545
546     ret = 1;
547  err:
548     BN_CTX_end(bnctx);
549     BN_CTX_free(bnctx);
550
551     EVP_KDF_free(kdf);
552     EVP_MD_CTX_free(ctx);
553     EVP_MD_free(sha256);
554
555 #ifndef OPENSSL_NO_EC
556     EC_KEY_free(key);
557 #endif
558     return ret;
559 }
560
561 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
562 {
563     return fips_param_types;
564 }
565
566 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
567 {
568     OSSL_PARAM *p;
569
570     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
571     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
572         return 0;
573     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
574     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
575         return 0;
576     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
577     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
578         return 0;
579
580     return 1;
581 }
582
583 /* FIPS specific version of the function of the same name in provlib.c */
584 const char *ossl_prov_util_nid_to_name(int nid)
585 {
586     /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
587
588     switch (nid) {
589     /* Digests */
590     case NID_sha1:
591         return "SHA1";
592     case NID_sha224:
593         return "SHA-224";
594     case NID_sha256:
595         return "SHA-256";
596     case NID_sha384:
597         return "SHA-384";
598     case NID_sha512:
599         return "SHA-512";
600     case NID_sha512_224:
601         return "SHA-512/224";
602     case NID_sha512_256:
603         return "SHA-512/256";
604     case NID_sha3_224:
605         return "SHA3-224";
606     case NID_sha3_256:
607         return "SHA3-256";
608     case NID_sha3_384:
609         return "SHA3-384";
610     case NID_sha3_512:
611         return "SHA3-512";
612
613     /* Ciphers */
614     case NID_aes_256_ecb:
615         return "AES-256-ECB";
616     case NID_aes_192_ecb:
617         return "AES-192-ECB";
618     case NID_aes_128_ecb:
619         return "AES-128-ECB";
620     case NID_aes_256_cbc:
621         return "AES-256-CBC";
622     case NID_aes_192_cbc:
623         return "AES-192-CBC";
624     case NID_aes_128_cbc:
625         return "AES-128-CBC";
626     case NID_aes_256_ctr:
627         return "AES-256-CTR";
628     case NID_aes_192_ctr:
629         return "AES-192-CTR";
630     case NID_aes_128_ctr:
631         return "AES-128-CTR";
632     case NID_aes_256_xts:
633         return "AES-256-XTS";
634     case NID_aes_128_xts:
635         return "AES-128-XTS";
636     case NID_aes_256_gcm:
637         return "AES-256-GCM";
638     case NID_aes_192_gcm:
639         return "AES-192-GCM";
640     case NID_aes_128_gcm:
641         return "AES-128-GCM";
642     case NID_aes_256_ccm:
643         return "AES-256-CCM";
644     case NID_aes_192_ccm:
645         return "AES-192-CCM";
646     case NID_aes_128_ccm:
647         return "AES-128-CCM";
648     case NID_id_aes256_wrap:
649         return "AES-256-WRAP";
650     case NID_id_aes192_wrap:
651         return "AES-192-WRAP";
652     case NID_id_aes128_wrap:
653         return "AES-128-WRAP";
654     case NID_id_aes256_wrap_pad:
655         return "AES-256-WRAP-PAD";
656     case NID_id_aes192_wrap_pad:
657         return "AES-192-WRAP-PAD";
658     case NID_id_aes128_wrap_pad:
659         return "AES-128-WRAP-PAD";
660     case NID_des_ede3_ecb:
661         return "DES-EDE3";
662     case NID_des_ede3_cbc:
663         return "DES-EDE3-CBC";
664     case NID_aes_256_cbc_hmac_sha256:
665         return "AES-256-CBC-HMAC-SHA256";
666     case NID_aes_128_cbc_hmac_sha256:
667         return "AES-128-CBC-HMAC-SHA256";
668     case NID_aes_256_cbc_hmac_sha1:
669         return "AES-256-CBC-HMAC-SHA1";
670     case NID_aes_128_cbc_hmac_sha1:
671         return "AES-128-CBC-HMAC-SHA1";
672     default:
673         break;
674     }
675
676     return NULL;
677 }
678
679 /*
680  * For the algorithm names, we use the following formula for our primary
681  * names:
682  *
683  *     ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
684  *
685  *     VERSION is only present if there are multiple versions of
686  *     an alg (MD2, MD4, MD5).  It may be omitted if there is only
687  *     one version (if a subsequent version is released in the future,
688  *     we can always change the canonical name, and add the old name
689  *     as an alias).
690  *
691  *     SUBNAME may be present where we are combining multiple
692  *     algorithms together, e.g. MD5-SHA1.
693  *
694  *     SIZE is only present if multiple versions of an algorithm exist
695  *     with different sizes (e.g. AES-128-CBC, AES-256-CBC)
696  *
697  *     MODE is only present where applicable.
698  *
699  * We add diverse other names where applicable, such as the names that
700  * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
701  * we have used historically.
702  */
703 static const OSSL_ALGORITHM fips_digests[] = {
704     /* Our primary name:NiST name[:our older names] */
705     { "SHA1:SHA-1", "fips=yes", sha1_functions },
706     { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
707     { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
708     { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
709     { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
710     { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
711       sha512_224_functions },
712     { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
713       sha512_256_functions },
714
715     /* We agree with NIST here, so one name only */
716     { "SHA3-224", "fips=yes", sha3_224_functions },
717     { "SHA3-256", "fips=yes", sha3_256_functions },
718     { "SHA3-384", "fips=yes", sha3_384_functions },
719     { "SHA3-512", "fips=yes", sha3_512_functions },
720     /*
721      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
722      * KMAC128 and KMAC256.
723      */
724     { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
725     { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
726
727     { NULL, NULL, NULL }
728 };
729
730 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
731     /* Our primary name[:ASN.1 OID name][:our older names] */
732     ALG("AES-256-ECB", aes256ecb_functions),
733     ALG("AES-192-ECB", aes192ecb_functions),
734     ALG("AES-128-ECB", aes128ecb_functions),
735     ALG("AES-256-CBC", aes256cbc_functions),
736     ALG("AES-192-CBC", aes192cbc_functions),
737     ALG("AES-128-CBC", aes128cbc_functions),
738     ALG("AES-256-CTR", aes256ctr_functions),
739     ALG("AES-192-CTR", aes192ctr_functions),
740     ALG("AES-128-CTR", aes128ctr_functions),
741     ALG("AES-256-XTS", aes256xts_functions),
742     ALG("AES-128-XTS", aes128xts_functions),
743     ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
744     ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
745     ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
746     ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
747     ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
748     ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
749     ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
750     ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
751     ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
752     ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
753         aes256wrappad_functions),
754     ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
755         aes192wrappad_functions),
756     ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
757         aes128wrappad_functions),
758     ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
759          cipher_capable_aes_cbc_hmac_sha1),
760     ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
761          cipher_capable_aes_cbc_hmac_sha1),
762     ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
763          cipher_capable_aes_cbc_hmac_sha256),
764     ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
765          cipher_capable_aes_cbc_hmac_sha256),
766 #ifndef OPENSSL_NO_DES
767     ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
768     ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
769 #endif  /* OPENSSL_NO_DES */
770     { { NULL, NULL, NULL }, NULL }
771 };
772 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
773
774 static const OSSL_ALGORITHM fips_macs[] = {
775 #ifndef OPENSSL_NO_CMAC
776     { "CMAC", "fips=yes", cmac_functions },
777 #endif
778     { "GMAC", "fips=yes", gmac_functions },
779     { "HMAC", "fips=yes", hmac_functions },
780     { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
781     { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
782     { NULL, NULL, NULL }
783 };
784
785 static const OSSL_ALGORITHM fips_kdfs[] = {
786     { "HKDF", "fips=yes", kdf_hkdf_functions },
787     { "SSKDF", "fips=yes", kdf_sskdf_functions },
788     { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
789     { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
790     { "KBKDF", "fips=yes", kdf_kbkdf_functions },
791     { NULL, NULL, NULL }
792 };
793
794 static const OSSL_ALGORITHM fips_keyexch[] = {
795 #ifndef OPENSSL_NO_DH
796     { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions },
797 #endif
798     { NULL, NULL, NULL }
799 };
800
801 static const OSSL_ALGORITHM fips_signature[] = {
802 #ifndef OPENSSL_NO_DSA
803     { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions },
804 #endif
805     { NULL, NULL, NULL }
806 };
807
808 static const OSSL_ALGORITHM fips_keymgmt[] = {
809 #ifndef OPENSSL_NO_DH
810     { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions },
811 #endif
812 #ifndef OPENSSL_NO_DSA
813     { "DSA", "fips=yes", dsa_keymgmt_functions },
814 #endif
815     { NULL, NULL, NULL }
816 };
817
818 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
819                                          int operation_id,
820                                          int *no_cache)
821 {
822     *no_cache = 0;
823     switch (operation_id) {
824     case OSSL_OP_DIGEST:
825         return fips_digests;
826     case OSSL_OP_CIPHER:
827         ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
828         return exported_fips_ciphers;
829     case OSSL_OP_MAC:
830         return fips_macs;
831     case OSSL_OP_KDF:
832         return fips_kdfs;
833     case OSSL_OP_KEYMGMT:
834         return fips_keymgmt;
835     case OSSL_OP_KEYEXCH:
836         return fips_keyexch;
837     case OSSL_OP_SIGNATURE:
838         return fips_signature;
839     }
840     return NULL;
841 }
842
843 /* Functions we provide to the core */
844 static const OSSL_DISPATCH fips_dispatch_table[] = {
845     /*
846      * To release our resources we just need to free the OPENSSL_CTX so we just
847      * use OPENSSL_CTX_free directly as our teardown function
848      */
849     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
850     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
851     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
852     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
853     { 0, NULL }
854 };
855
856 /* Functions we provide to ourself */
857 static const OSSL_DISPATCH intern_dispatch_table[] = {
858     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
859     { 0, NULL }
860 };
861
862
863 int OSSL_provider_init(const OSSL_PROVIDER *provider,
864                        const OSSL_DISPATCH *in,
865                        const OSSL_DISPATCH **out,
866                        void **provctx)
867 {
868     FIPS_GLOBAL *fgbl;
869     OPENSSL_CTX *ctx;
870     OSSL_self_test_cb_fn *stcbfn = NULL;
871     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
872
873     for (; in->function_id != 0; in++) {
874         switch (in->function_id) {
875         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
876             c_get_libctx = OSSL_get_core_get_library_context(in);
877             break;
878         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
879             c_gettable_params = OSSL_get_core_gettable_params(in);
880             break;
881         case OSSL_FUNC_CORE_GET_PARAMS:
882             c_get_params = OSSL_get_core_get_params(in);
883             break;
884         case OSSL_FUNC_CORE_THREAD_START:
885             c_thread_start = OSSL_get_core_thread_start(in);
886             break;
887         case OSSL_FUNC_CORE_NEW_ERROR:
888             c_new_error = OSSL_get_core_new_error(in);
889             break;
890         case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
891             c_set_error_debug = OSSL_get_core_set_error_debug(in);
892             break;
893         case OSSL_FUNC_CORE_VSET_ERROR:
894             c_vset_error = OSSL_get_core_vset_error(in);
895             break;
896         case OSSL_FUNC_CORE_SET_ERROR_MARK:
897             c_set_error_mark = OSSL_get_core_set_error_mark(in);
898             break;
899         case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
900             c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
901             break;
902         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
903             c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
904             break;
905         case OSSL_FUNC_CRYPTO_MALLOC:
906             c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
907             break;
908         case OSSL_FUNC_CRYPTO_ZALLOC:
909             c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
910             break;
911         case OSSL_FUNC_CRYPTO_FREE:
912             c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
913             break;
914         case OSSL_FUNC_CRYPTO_CLEAR_FREE:
915             c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
916             break;
917         case OSSL_FUNC_CRYPTO_REALLOC:
918             c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
919             break;
920         case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
921             c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
922             break;
923         case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
924             c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
925             break;
926         case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
927             c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
928             break;
929         case OSSL_FUNC_CRYPTO_SECURE_FREE:
930             c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
931             break;
932         case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
933             c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
934             break;
935         case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
936             c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
937             break;
938         case OSSL_FUNC_BIO_NEW_FILE:
939             selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
940             break;
941         case OSSL_FUNC_BIO_NEW_MEMBUF:
942             selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
943             break;
944         case OSSL_FUNC_BIO_READ_EX:
945             selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
946             break;
947         case OSSL_FUNC_BIO_FREE:
948             selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
949             break;
950         case OSSL_FUNC_SELF_TEST_CB: {
951             stcbfn = OSSL_get_self_test_cb(in);
952             break;
953         }
954         default:
955             /* Just ignore anything we don't understand */
956             break;
957         }
958     }
959
960     if (stcbfn != NULL && c_get_libctx != NULL) {
961         stcbfn(c_get_libctx(provider), &selftest_params.event_cb,
962                &selftest_params.event_cb_arg);
963     }
964     else {
965         selftest_params.event_cb = NULL;
966         selftest_params.event_cb_arg = NULL;
967     }
968
969     if (!c_get_params(provider, core_params))
970         return 0;
971
972     /*  Create a context. */
973     if ((ctx = OPENSSL_CTX_new()) == NULL)
974         return 0;
975     if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
976                                      &fips_prov_ossl_ctx_method)) == NULL) {
977         OPENSSL_CTX_free(ctx);
978         return 0;
979     }
980
981     fgbl->prov = provider;
982
983     selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
984     if (!SELF_TEST_post(&selftest_params, 0)) {
985         OPENSSL_CTX_free(ctx);
986         return 0;
987     }
988
989     /*
990      * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
991      * EVP calls from within the FIPS module.
992      */
993     if (!dummy_evp_call(ctx)) {
994         OPENSSL_CTX_free(ctx);
995         return 0;
996     }
997
998     *out = fips_dispatch_table;
999     *provctx = ctx;
1000
1001     return 1;
1002 }
1003
1004 /*
1005  * The internal init function used when the FIPS module uses EVP to call
1006  * another algorithm also in the FIPS module. This is a recursive call that has
1007  * been made from within the FIPS module itself. To make this work, we populate
1008  * the provider context of this inner instance with the same library context
1009  * that was used in the EVP call that initiated this recursive call.
1010  */
1011 OSSL_provider_init_fn fips_intern_provider_init;
1012 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
1013                               const OSSL_DISPATCH *in,
1014                               const OSSL_DISPATCH **out,
1015                               void **provctx)
1016 {
1017     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
1018
1019     for (; in->function_id != 0; in++) {
1020         switch (in->function_id) {
1021         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
1022             c_get_libctx = OSSL_get_core_get_library_context(in);
1023             break;
1024         default:
1025             break;
1026         }
1027     }
1028
1029     if (c_get_libctx == NULL)
1030         return 0;
1031
1032     *provctx = c_get_libctx(provider);
1033
1034     /*
1035      * Safety measure...  we should get the library context that was
1036      * created up in OSSL_provider_init().
1037      */
1038     if (*provctx == NULL)
1039         return 0;
1040
1041     *out = intern_dispatch_table;
1042     return 1;
1043 }
1044
1045 void ERR_new(void)
1046 {
1047     c_new_error(NULL);
1048 }
1049
1050 void ERR_set_debug(const char *file, int line, const char *func)
1051 {
1052     c_set_error_debug(NULL, file, line, func);
1053 }
1054
1055 void ERR_set_error(int lib, int reason, const char *fmt, ...)
1056 {
1057     va_list args;
1058
1059     va_start(args, fmt);
1060     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1061     va_end(args);
1062 }
1063
1064 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
1065 {
1066     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1067 }
1068
1069 int ERR_set_mark(void)
1070 {
1071     return c_set_error_mark(NULL);
1072 }
1073
1074 int ERR_clear_last_mark(void)
1075 {
1076     return c_clear_last_error_mark(NULL);
1077 }
1078
1079 int ERR_pop_to_mark(void)
1080 {
1081     return c_pop_error_to_mark(NULL);
1082 }
1083
1084 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
1085 {
1086     FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
1087                                              &fips_prov_ossl_ctx_method);
1088
1089     if (fgbl == NULL)
1090         return NULL;
1091
1092     return fgbl->prov;
1093 }
1094
1095 void *CRYPTO_malloc(size_t num, const char *file, int line)
1096 {
1097     return c_CRYPTO_malloc(num, file, line);
1098 }
1099
1100 void *CRYPTO_zalloc(size_t num, const char *file, int line)
1101 {
1102     return c_CRYPTO_zalloc(num, file, line);
1103 }
1104
1105 void CRYPTO_free(void *ptr, const char *file, int line)
1106 {
1107     c_CRYPTO_free(ptr, file, line);
1108 }
1109
1110 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
1111 {
1112     c_CRYPTO_clear_free(ptr, num, file, line);
1113 }
1114
1115 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
1116 {
1117     return c_CRYPTO_realloc(addr, num, file, line);
1118 }
1119
1120 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
1121                            const char *file, int line)
1122 {
1123     return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
1124 }
1125
1126 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
1127 {
1128     return c_CRYPTO_secure_malloc(num, file, line);
1129 }
1130
1131 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
1132 {
1133     return c_CRYPTO_secure_zalloc(num, file, line);
1134 }
1135
1136 void CRYPTO_secure_free(void *ptr, const char *file, int line)
1137 {
1138     c_CRYPTO_secure_free(ptr, file, line);
1139 }
1140
1141 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
1142 {
1143     c_CRYPTO_secure_clear_free(ptr, num, file, line);
1144 }
1145
1146 int CRYPTO_secure_allocated(const void *ptr)
1147 {
1148     return c_CRYPTO_secure_allocated(ptr);
1149 }