2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/core.h>
13 #include <openssl/core_numbers.h>
14 #include <openssl/core_names.h>
15 #include <openssl/params.h>
16 #include <openssl/err.h>
17 #include <openssl/evp.h>
18 #include <openssl/kdf.h>
20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21 #include <openssl/sha.h>
22 #include <openssl/rand_drbg.h>
23 #include <openssl/ec.h>
24 #include <openssl/fips_names.h>
26 #include "internal/cryptlib.h"
27 #include "internal/property.h"
28 #include "crypto/evp.h"
29 #include "internal/provider_algs.h"
30 #include "internal/provider_ctx.h"
31 #include "internal/providercommon.h"
34 extern OSSL_core_thread_start_fn *c_thread_start;
37 * TODO(3.0): Should these be stored in the provider side provctx? Could they
38 * ever be different from one init to the next? Unfortunately we can't do this
39 * at the moment because c_put_error/c_add_error_vdata do not provide
40 * us with the OPENSSL_CTX as a parameter.
43 static SELF_TEST_POST_PARAMS selftest_params;
45 /* Functions provided by the core */
46 static OSSL_core_gettable_params_fn *c_gettable_params;
47 static OSSL_core_get_params_fn *c_get_params;
48 OSSL_core_thread_start_fn *c_thread_start;
49 static OSSL_core_new_error_fn *c_new_error;
50 static OSSL_core_set_error_debug_fn *c_set_error_debug;
51 static OSSL_core_vset_error_fn *c_vset_error;
52 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
53 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
54 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
55 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
56 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
57 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
58 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
59 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
60 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
61 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
62 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
64 typedef struct fips_global_st {
65 const OSSL_PROVIDER *prov;
68 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
70 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
75 static void fips_prov_ossl_ctx_free(void *fgbl)
80 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
81 fips_prov_ossl_ctx_new,
82 fips_prov_ossl_ctx_free,
86 /* Parameters we provide to the core */
87 static const OSSL_PARAM fips_param_types[] = {
88 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
89 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
90 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
95 * Parameters to retrieve from the core provider - required for self testing.
96 * NOTE: inside core_get_params() these will be loaded from config items
97 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
99 static OSSL_PARAM core_params[] =
101 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
102 selftest_params.module_filename,
103 sizeof(selftest_params.module_filename)),
104 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
105 selftest_params.module_checksum_data,
106 sizeof(selftest_params.module_checksum_data)),
107 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
108 selftest_params.indicator_checksum_data,
109 sizeof(selftest_params.indicator_checksum_data)),
110 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
111 selftest_params.indicator_data,
112 sizeof(selftest_params.indicator_data)),
113 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
114 selftest_params.indicator_version,
115 sizeof(selftest_params.indicator_version)),
119 /* TODO(3.0): To be removed */
120 static int dummy_evp_call(void *provctx)
122 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
123 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
124 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
125 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
126 char msg[] = "Hello World!";
127 const unsigned char exptd[] = {
128 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
129 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
130 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
132 unsigned int dgstlen = 0;
133 unsigned char dgst[SHA256_DIGEST_LENGTH];
135 BN_CTX *bnctx = NULL;
136 BIGNUM *a = NULL, *b = NULL;
137 unsigned char randbuf[128];
138 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
139 #ifndef OPENSSL_NO_EC
143 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
146 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
148 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
150 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
152 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
155 bnctx = BN_CTX_new_ex(libctx);
159 a = BN_CTX_get(bnctx);
160 b = BN_CTX_get(bnctx);
166 || BN_cmp(a, b) != 0)
169 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
172 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
175 #ifndef OPENSSL_NO_EC
176 /* Do some dummy EC calls */
177 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
181 if (!EC_KEY_generate_key(key))
191 EVP_MD_CTX_free(ctx);
194 #ifndef OPENSSL_NO_EC
200 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
202 return fips_param_types;
205 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
209 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
210 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
212 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
213 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
215 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
216 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
222 /* FIPS specific version of the function of the same name in provlib.c */
223 const char *ossl_prov_util_nid_to_name(int nid)
225 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
253 case NID_aes_256_ecb:
254 return "AES-256-ECB";
255 case NID_aes_192_ecb:
256 return "AES-192-ECB";
257 case NID_aes_128_ecb:
258 return "AES-128-ECB";
259 case NID_aes_256_cbc:
260 return "AES-256-CBC";
261 case NID_aes_192_cbc:
262 return "AES-192-CBC";
263 case NID_aes_128_cbc:
264 return "AES-128-CBC";
265 case NID_aes_256_ctr:
266 return "AES-256-CTR";
267 case NID_aes_192_ctr:
268 return "AES-192-CTR";
269 case NID_aes_128_ctr:
270 return "AES-128-CTR";
271 case NID_aes_256_xts:
272 return "AES-256-XTS";
273 case NID_aes_128_xts:
274 return "AES-128-XTS";
275 /* TODO(3.0) Change these when we have aliases */
276 case NID_aes_256_gcm:
277 return "id-aes256-GCM";
278 case NID_aes_192_gcm:
279 return "id-aes192-GCM";
280 case NID_aes_128_gcm:
281 return "id-aes128-GCM";
282 case NID_aes_256_ccm:
283 return "id-aes256-CCM";
284 case NID_aes_192_ccm:
285 return "id-aes192-CCM";
286 case NID_aes_128_ccm:
287 return "id-aes128-CCM";
288 case NID_id_aes256_wrap:
289 return "id-aes256-wrap";
290 case NID_id_aes192_wrap:
291 return "id-aes192-wrap";
292 case NID_id_aes128_wrap:
293 return "id-aes128-wrap";
294 case NID_id_aes256_wrap_pad:
295 return "id-aes256-wrap-pad";
296 case NID_id_aes192_wrap_pad:
297 return "id-aes192-wrap-pad";
298 case NID_id_aes128_wrap_pad:
299 return "id-aes128-wrap-pad";
300 case NID_des_ede3_ecb:
302 case NID_des_ede3_cbc:
303 return "DES-EDE3-CBC";
311 static const OSSL_ALGORITHM fips_digests[] = {
312 { "SHA1", "fips=yes", sha1_functions },
313 { "SHA224", "fips=yes", sha224_functions },
314 { "SHA256", "fips=yes", sha256_functions },
315 { "SHA384", "fips=yes", sha384_functions },
316 { "SHA512", "fips=yes", sha512_functions },
317 { "SHA512-224", "fips=yes", sha512_224_functions },
318 { "SHA512-256", "fips=yes", sha512_256_functions },
319 { "SHA3-224", "fips=yes", sha3_224_functions },
320 { "SHA3-256", "fips=yes", sha3_256_functions },
321 { "SHA3-384", "fips=yes", sha3_384_functions },
322 { "SHA3-512", "fips=yes", sha3_512_functions },
324 * KECCAK_KMAC128 and KECCAK_KMAC256 as hashes are mostly useful for
325 * KMAC128 and KMAC256.
327 { "KECCAK_KMAC128", "fips=yes", keccak_kmac_128_functions },
328 { "KECCAK_KMAC256", "fips=yes", keccak_kmac_256_functions },
333 static const OSSL_ALGORITHM fips_ciphers[] = {
334 { "AES-256-ECB", "fips=yes", aes256ecb_functions },
335 { "AES-192-ECB", "fips=yes", aes192ecb_functions },
336 { "AES-128-ECB", "fips=yes", aes128ecb_functions },
337 { "AES-256-CBC", "fips=yes", aes256cbc_functions },
338 { "AES-192-CBC", "fips=yes", aes192cbc_functions },
339 { "AES-128-CBC", "fips=yes", aes128cbc_functions },
340 { "AES-256-CTR", "fips=yes", aes256ctr_functions },
341 { "AES-192-CTR", "fips=yes", aes192ctr_functions },
342 { "AES-128-CTR", "fips=yes", aes128ctr_functions },
343 { "AES-256-XTS", "fips=yes", aes256xts_functions },
344 { "AES-128-XTS", "fips=yes", aes128xts_functions },
345 /* TODO(3.0) Add aliases for these ciphers */
346 { "id-aes256-GCM", "fips=yes", aes256gcm_functions },
347 { "id-aes192-GCM", "fips=yes", aes192gcm_functions },
348 { "id-aes128-GCM", "fips=yes", aes128gcm_functions },
349 { "id-aes256-CCM", "fips=yes", aes256ccm_functions },
350 { "id-aes192-CCM", "fips=yes", aes192ccm_functions },
351 { "id-aes128-CCM", "fips=yes", aes128ccm_functions },
352 { "id-aes256-wrap", "fips=yes", aes256wrap_functions },
353 { "id-aes192-wrap", "fips=yes", aes192wrap_functions },
354 { "id-aes128-wrap", "fips=yes", aes128wrap_functions },
355 { "id-aes256-wrap-pad", "fips=yes", aes256wrappad_functions },
356 { "id-aes192-wrap-pad", "fips=yes", aes192wrappad_functions },
357 { "id-aes128-wrap-pad", "fips=yes", aes128wrappad_functions },
358 #ifndef OPENSSL_NO_DES
359 { "DES-EDE3", "fips=yes", tdes_ede3_ecb_functions },
360 { "DES-EDE3-CBC", "fips=yes", tdes_ede3_cbc_functions },
361 #endif /* OPENSSL_NO_DES */
365 static const OSSL_ALGORITHM fips_macs[] = {
366 #ifndef OPENSSL_NO_CMAC
367 { "CMAC", "fips=yes", cmac_functions },
369 { "GMAC", "fips=yes", gmac_functions },
370 { "HMAC", "fips=yes", hmac_functions },
371 { "KMAC128", "fips=yes", kmac128_functions },
372 { "KMAC256", "fips=yes", kmac256_functions },
376 static const OSSL_ALGORITHM fips_kdfs[] = {
377 { OSSL_KDF_NAME_HKDF, "fips=yes", kdf_hkdf_functions },
378 { OSSL_KDF_NAME_SSKDF, "fips=yes", kdf_sskdf_functions },
379 { OSSL_KDF_NAME_PBKDF2, "fips=yes", kdf_pbkdf2_functions },
380 { OSSL_KDF_NAME_TLS1_PRF, "fips=yes", kdf_tls1_prf_functions },
381 { OSSL_KDF_NAME_KBKDF, "fips=yes", kdf_kbkdf_functions },
385 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
390 switch (operation_id) {
403 /* Functions we provide to the core */
404 static const OSSL_DISPATCH fips_dispatch_table[] = {
406 * To release our resources we just need to free the OPENSSL_CTX so we just
407 * use OPENSSL_CTX_free directly as our teardown function
409 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
410 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
411 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
412 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
416 /* Functions we provide to ourself */
417 static const OSSL_DISPATCH intern_dispatch_table[] = {
418 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
423 int OSSL_provider_init(const OSSL_PROVIDER *provider,
424 const OSSL_DISPATCH *in,
425 const OSSL_DISPATCH **out,
431 for (; in->function_id != 0; in++) {
432 switch (in->function_id) {
433 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
434 c_gettable_params = OSSL_get_core_gettable_params(in);
436 case OSSL_FUNC_CORE_GET_PARAMS:
437 c_get_params = OSSL_get_core_get_params(in);
439 case OSSL_FUNC_CORE_THREAD_START:
440 c_thread_start = OSSL_get_core_thread_start(in);
442 case OSSL_FUNC_CORE_NEW_ERROR:
443 c_new_error = OSSL_get_core_new_error(in);
445 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
446 c_set_error_debug = OSSL_get_core_set_error_debug(in);
448 case OSSL_FUNC_CORE_VSET_ERROR:
449 c_vset_error = OSSL_get_core_vset_error(in);
451 case OSSL_FUNC_CRYPTO_MALLOC:
452 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
454 case OSSL_FUNC_CRYPTO_ZALLOC:
455 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
457 case OSSL_FUNC_CRYPTO_FREE:
458 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
460 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
461 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
463 case OSSL_FUNC_CRYPTO_REALLOC:
464 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
466 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
467 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
469 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
470 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
472 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
473 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
475 case OSSL_FUNC_CRYPTO_SECURE_FREE:
476 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
478 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
479 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
481 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
482 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
484 case OSSL_FUNC_BIO_NEW_FILE:
485 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
487 case OSSL_FUNC_BIO_NEW_MEMBUF:
488 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
490 case OSSL_FUNC_BIO_READ_EX:
491 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
493 case OSSL_FUNC_BIO_FREE:
494 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
497 /* Just ignore anything we don't understand */
502 if (!c_get_params(provider, core_params))
505 /* Create a context. */
506 if ((ctx = OPENSSL_CTX_new()) == NULL)
508 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
509 &fips_prov_ossl_ctx_method)) == NULL) {
510 OPENSSL_CTX_free(ctx);
514 fgbl->prov = provider;
516 selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
517 if (!SELF_TEST_post(&selftest_params)) {
518 OPENSSL_CTX_free(ctx);
522 *out = fips_dispatch_table;
526 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
527 * EVP calls from within the FIPS module.
529 if (!dummy_evp_call(*provctx)) {
530 OPENSSL_CTX_free(*provctx);
539 * The internal init function used when the FIPS module uses EVP to call
540 * another algorithm also in the FIPS module. This is a recursive call that has
541 * been made from within the FIPS module itself. To make this work, we populate
542 * the provider context of this inner instance with the same library context
543 * that was used in the EVP call that initiated this recursive call.
545 OSSL_provider_init_fn fips_intern_provider_init;
546 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
547 const OSSL_DISPATCH *in,
548 const OSSL_DISPATCH **out,
551 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
553 for (; in->function_id != 0; in++) {
554 switch (in->function_id) {
555 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
556 c_get_libctx = OSSL_get_core_get_library_context(in);
563 if (c_get_libctx == NULL)
566 *provctx = c_get_libctx(provider);
569 * Safety measure... we should get the library context that was
570 * created up in OSSL_provider_init().
572 if (*provctx == NULL)
575 *out = intern_dispatch_table;
584 void ERR_set_debug(const char *file, int line, const char *func)
586 c_set_error_debug(NULL, file, line, func);
589 void ERR_set_error(int lib, int reason, const char *fmt, ...)
594 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
598 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
600 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
603 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
605 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
606 &fips_prov_ossl_ctx_method);
614 void *CRYPTO_malloc(size_t num, const char *file, int line)
616 return c_CRYPTO_malloc(num, file, line);
619 void *CRYPTO_zalloc(size_t num, const char *file, int line)
621 return c_CRYPTO_zalloc(num, file, line);
624 void CRYPTO_free(void *ptr, const char *file, int line)
626 c_CRYPTO_free(ptr, file, line);
629 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
631 c_CRYPTO_clear_free(ptr, num, file, line);
634 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
636 return c_CRYPTO_realloc(addr, num, file, line);
639 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
640 const char *file, int line)
642 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
645 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
647 return c_CRYPTO_secure_malloc(num, file, line);
650 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
652 return c_CRYPTO_secure_zalloc(num, file, line);
655 void CRYPTO_secure_free(void *ptr, const char *file, int line)
657 c_CRYPTO_secure_free(ptr, file, line);
660 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
662 c_CRYPTO_secure_clear_free(ptr, num, file, line);
665 int CRYPTO_secure_allocated(const void *ptr)
667 return c_CRYPTO_secure_allocated(ptr);