providers/fips/fipsprov.c

   1 /*
   2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <stdio.h>
  12 #include <openssl/core.h>
  13 #include <openssl/core_numbers.h>
  14 #include <openssl/core_names.h>
  15 #include <openssl/params.h>
  16 #include <openssl/err.h>
  17 #include <openssl/evp.h>
  18 #include <openssl/kdf.h>
  19
  20 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
  21 #include <openssl/sha.h>
  22 #include <openssl/rand_drbg.h>
  23 #include <openssl/ec.h>
  24 #include <openssl/fips_names.h>
  25
  26 #include "internal/cryptlib.h"
  27 #include "internal/property.h"
  28 #include "internal/nelem.h"
  29 #include "internal/param_build.h"
  30 #include "crypto/evp.h"
  31 #include "prov/implementations.h"
  32 #include "prov/provider_ctx.h"
  33 #include "prov/providercommon.h"
  34 #include "prov/provider_util.h"
  35 #include "self_test.h"
  36
  37 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
  38 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
  39
  40 extern OSSL_core_thread_start_fn *c_thread_start;
  41
  42 /*
  43  * TODO(3.0): Should these be stored in the provider side provctx? Could they
  44  * ever be different from one init to the next? Unfortunately we can't do this
  45  * at the moment because c_put_error/c_add_error_vdata do not provide
  46  * us with the OPENSSL_CTX as a parameter.
  47  */
  48
  49 static SELF_TEST_POST_PARAMS selftest_params;
  50
  51 /* Functions provided by the core */
  52 static OSSL_core_gettable_params_fn *c_gettable_params;
  53 static OSSL_core_get_params_fn *c_get_params;
  54 OSSL_core_thread_start_fn *c_thread_start;
  55 static OSSL_core_new_error_fn *c_new_error;
  56 static OSSL_core_set_error_debug_fn *c_set_error_debug;
  57 static OSSL_core_vset_error_fn *c_vset_error;
  58 static OSSL_core_set_error_mark_fn *c_set_error_mark;
  59 static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark;
  60 static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark;
  61 static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
  62 static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
  63 static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
  64 static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
  65 static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
  66 static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
  67 static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
  68 static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
  69 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
  70 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
  71 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
  72
  73 typedef struct fips_global_st {
  74     const OSSL_PROVIDER *prov;
  75 } FIPS_GLOBAL;
  76
  77 static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
  78 {
  79     FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
  80
  81     return fgbl;
  82 }
  83
  84 static void fips_prov_ossl_ctx_free(void *fgbl)
  85 {
  86     OPENSSL_free(fgbl);
  87 }
  88
  89 static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
  90     fips_prov_ossl_ctx_new,
  91     fips_prov_ossl_ctx_free,
  92 };
  93
  94
  95 /* Parameters we provide to the core */
  96 static const OSSL_PARAM fips_param_types[] = {
  97     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
  98     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
  99     OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
 100     OSSL_PARAM_END
 101 };
 102
 103 /*
 104  * Parameters to retrieve from the core provider - required for self testing.
 105  * NOTE: inside core_get_params() these will be loaded from config items
 106  * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
 107  */
 108 static OSSL_PARAM core_params[] =
 109 {
 110     OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
 111                         selftest_params.module_filename,
 112                         sizeof(selftest_params.module_filename)),
 113     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
 114                         selftest_params.module_checksum_data,
 115                         sizeof(selftest_params.module_checksum_data)),
 116     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
 117                         selftest_params.indicator_checksum_data,
 118                         sizeof(selftest_params.indicator_checksum_data)),
 119     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
 120                         selftest_params.indicator_data,
 121                         sizeof(selftest_params.indicator_data)),
 122     OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
 123                         selftest_params.indicator_version,
 124                         sizeof(selftest_params.indicator_version)),
 125     OSSL_PARAM_END
 126 };
 127
 128 /*
 129  * Convert a string into a bignumber.
 130  * The array of hex_data is used to get around compilers that dont like
 131  * strings longer than 509 bytes,
 132  */
 133 static int hextobn(const char *hex_data[], BIGNUM **bn)
 134 {
 135     int ret = 0;
 136     int i, slen;
 137     char *str = NULL;
 138
 139     /* Get the total length of the strings */
 140     for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
 141         slen += strlen(hex_data[i]);
 142
 143     /* Add 1 for the string terminator */
 144     str = OPENSSL_zalloc(slen + 1);
 145     if (str == NULL)
 146         return 0;
 147
 148     /* join the strings together into 1 buffer */
 149     for (i = 0; hex_data[i] != NULL; ++i)
 150         strcat(str, hex_data[i]);
 151
 152     if (BN_hex2bn(bn, str) <= 0)
 153         goto err;
 154     ret = 1;
 155 err:
 156     OPENSSL_free(str);
 157     return ret;
 158 }
 159
 160 static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
 161 {
 162     int ret = 0, sz;
 163     BIGNUM *bn = NULL;
 164     unsigned char *buf = NULL;
 165
 166     if (!hextobn(hex_data, &bn))
 167         return 0;
 168     sz = BN_num_bytes(bn);
 169     buf = OPENSSL_zalloc(sz);
 170     if (buf == NULL)
 171         goto err;
 172     if (BN_bn2binpad(bn, buf, sz) <= 0)
 173         goto err;
 174
 175     *out = buf;
 176     *len = sz;
 177     buf = NULL; /* Set to NULL so it is not freed */
 178     ret = 1;
 179 err:
 180     OPENSSL_free(buf);
 181     BN_free(bn);
 182     return ret;
 183 }
 184
 185 #ifndef OPENSSL_NO_DSA
 186 static int dsa_key_signature_test(OPENSSL_CTX *libctx)
 187 {
 188     int ret = 0;
 189     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 190     BIGNUM *pub = NULL, *priv = NULL;
 191     OSSL_PARAM *params = NULL, *params_sig = NULL;
 192     OSSL_PARAM_BLD bld;
 193     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
 194     EVP_PKEY *pkey = NULL;
 195     unsigned char sig[64];
 196     size_t siglen;
 197
 198     static const unsigned char dgst[SHA256_DIGEST_LENGTH] = {
 199         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
 200         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
 201         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
 202     };
 203     /* dsa 2048 */
 204     static const char *dsa_p_hex[] = {
 205         "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
 206         "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
 207         "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
 208         "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
 209         "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
 210         "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
 211         "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
 212         "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
 213          NULL
 214     };
 215     static const char *dsa_q_hex[] = {
 216         "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
 217         NULL
 218     };
 219     static const char *dsa_g_hex[] = {
 220         "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
 221         "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
 222         "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
 223         "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
 224         "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
 225         "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
 226         "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
 227         "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
 228         NULL
 229     };
 230     static const char *dsa_pub_hex[] = {
 231         "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
 232         "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
 233         "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
 234         "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
 235         "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
 236         "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
 237         "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
 238         "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
 239         NULL
 240     };
 241     static const char *dsa_priv_hex[] = {
 242         "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
 243         NULL
 244     };
 245
 246     if (!hextobn(dsa_p_hex, &p)
 247         || !hextobn(dsa_q_hex, &q)
 248         || !hextobn(dsa_g_hex, &g)
 249         || !hextobn(dsa_pub_hex, &pub)
 250         || !hextobn(dsa_priv_hex, &priv))
 251         goto err;
 252
 253     ossl_param_bld_init(&bld);
 254     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
 255         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
 256         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
 257         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
 258         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
 259         goto err;
 260     params = ossl_param_bld_to_param(&bld);
 261
 262     /* Create a EVP_PKEY_CTX to load the DSA key into */
 263     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
 264     if (kctx == NULL || params == NULL)
 265         goto err;
 266     if (EVP_PKEY_key_fromdata_init(kctx) <= 0
 267         || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
 268         goto err;
 269
 270     /* Create a EVP_PKEY_CTX to use for the signing operation */
 271     sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
 272     if (sctx == NULL
 273         || EVP_PKEY_sign_init(sctx) <= 0)
 274         goto err;
 275
 276     /* set signature parameters */
 277     ossl_param_bld_init(&bld);
 278     if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
 279                                          SN_sha256,strlen(SN_sha256) + 1))
 280         goto err;
 281     params_sig = ossl_param_bld_to_param(&bld);
 282     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
 283         goto err;
 284
 285     if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
 286         || EVP_PKEY_verify_init(sctx) <= 0
 287         || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
 288         goto err;
 289     ret = 1;
 290 err:
 291     ossl_param_bld_free(params);
 292     ossl_param_bld_free(params_sig);
 293     BN_free(p);
 294     BN_free(q);
 295     BN_free(g);
 296     BN_free(pub);
 297     BN_free(priv);
 298     EVP_PKEY_free(pkey);
 299     EVP_PKEY_CTX_free(kctx);
 300     EVP_PKEY_CTX_free(sctx);
 301     return ret;
 302 }
 303 #endif /* OPENSSL_NO_DSA */
 304
 305 #ifndef OPENSSL_NO_DH
 306 static int dh_key_exchange_test(OPENSSL_CTX *libctx)
 307 {
 308     int ret = 0;
 309     BIGNUM *p = NULL, *q = NULL, *g = NULL;
 310     BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL;
 311     unsigned char *kat_secret = NULL;
 312     EVP_PKEY_CTX *kactx = NULL, *dctx = NULL;
 313     EVP_PKEY *pkey = NULL, *peerkey = NULL;
 314     OSSL_PARAM *params = NULL;
 315     OSSL_PARAM *params_peer = NULL;
 316     unsigned char secret[256];
 317     size_t secret_len, kat_secret_len = 0;
 318     OSSL_PARAM_BLD bld;
 319
 320     /* DH KAT */
 321     static const char *dh_p_hex[] = {
 322         "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b"
 323         "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d"
 324         "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0"
 325         "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1",
 326         "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c"
 327         "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44"
 328         "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994"
 329         "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69",
 330         NULL
 331     };
 332     static const char *dh_q_hex[] = {
 333         "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d",
 334         NULL
 335     };
 336     static const char *dh_g_hex[] = {
 337         "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede"
 338         "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4"
 339         "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49"
 340         "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9",
 341         "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad",
 342         "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6"
 343         "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0"
 344         "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a"
 345         "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20",
 346         "ea115c32",
 347         NULL
 348     };
 349     static const char *dh_priv_hex[] = {
 350         "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6",
 351         NULL
 352     };
 353     static const char *dh_pub_hex[] = {
 354         "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048"
 355         "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506"
 356         "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52"
 357         "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7",
 358         "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7"
 359         "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf"
 360         "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86"
 361         "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e",
 362         "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4"
 363         "959c91d3",
 364         NULL
 365     };
 366     static const char *dh_peer_pub_hex[] = {
 367         "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0"
 368         "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0"
 369         "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665"
 370         "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f",
 371         "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f"
 372         "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842"
 373         "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf"
 374         "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2",
 375         "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739"
 376         "f17ff48b",
 377         NULL
 378     };
 379     static const char *dh_secret_exptd_hex[] = {
 380         "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2"
 381         "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153"
 382         "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e"
 383         "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe",
 384         "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d"
 385         "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2"
 386         "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f"
 387         "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486",
 388         "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9"
 389         "7d98eaf6",
 390         NULL
 391     };
 392
 393     if (!hextobn(dh_p_hex, &p)
 394         || !hextobn(dh_q_hex, &q)
 395         || !hextobn(dh_g_hex, &g)
 396         || !hextobn(dh_pub_hex, &pub)
 397         || !hextobn(dh_priv_hex, &priv)
 398         || !hextobn(dh_peer_pub_hex, &pub_peer)
 399         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
 400         goto err;
 401
 402     ossl_param_bld_init(&bld);
 403     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
 404         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
 405         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
 406         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
 407         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
 408         goto err;
 409     params = ossl_param_bld_to_param(&bld);
 410
 411     ossl_param_bld_init(&bld);
 412     if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
 413         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
 414         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
 415         || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
 416         goto err;
 417
 418     params_peer = ossl_param_bld_to_param(&bld);
 419     if (params == NULL || params_peer == NULL)
 420         goto err;
 421
 422     /* Create a EVP_PKEY_CTX to load the DH keys into */
 423     kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", "");
 424     if (kactx == NULL)
 425         goto err;
 426     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
 427         || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0)
 428         goto err;
 429     if (EVP_PKEY_key_fromdata_init(kactx) <= 0
 430         || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0)
 431         goto err;
 432
 433     /* Create a EVP_PKEY_CTX to perform key derivation */
 434     dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
 435     if (dctx == NULL)
 436         goto err;
 437
 438     if (EVP_PKEY_derive_init(dctx) <= 0
 439         || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0
 440         || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0)
 441         goto err;
 442
 443     if (secret_len != kat_secret_len
 444         || memcmp(secret, kat_secret, secret_len) != 0)
 445         goto err;
 446     ret = 1;
 447 err:
 448     ossl_param_bld_free(params_peer);
 449     ossl_param_bld_free(params);
 450     BN_free(p);
 451     BN_free(q);
 452     BN_free(g);
 453     BN_free(pub);
 454     BN_free(priv);
 455     BN_free(pub_peer);
 456     OPENSSL_free(kat_secret);
 457     EVP_PKEY_free(pkey);
 458     EVP_PKEY_free(peerkey);
 459     EVP_PKEY_CTX_free(kactx);
 460     EVP_PKEY_CTX_free(dctx);
 461     return ret;
 462 }
 463 #endif /* OPENSSL_NO_DH */
 464
 465 /* TODO(3.0): To be removed */
 466 static int dummy_evp_call(void *provctx)
 467 {
 468     OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
 469     EVP_MD_CTX *ctx = EVP_MD_CTX_new();
 470     EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
 471     EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
 472     unsigned char dgst[SHA256_DIGEST_LENGTH];
 473     unsigned int dgstlen;
 474     int ret = 0;
 475     BN_CTX *bnctx = NULL;
 476     BIGNUM *a = NULL, *b = NULL;
 477     unsigned char randbuf[128];
 478     RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
 479 #ifndef OPENSSL_NO_EC
 480     EC_KEY *key = NULL;
 481 #endif
 482
 483     static const char msg[] = "Hello World!";
 484     static const unsigned char exptd[] = {
 485         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
 486         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
 487         0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
 488     };
 489
 490     if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
 491         goto err;
 492
 493     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
 494         goto err;
 495     if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
 496         goto err;
 497     if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
 498         goto err;
 499     if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
 500         goto err;
 501
 502     bnctx = BN_CTX_new_ex(libctx);
 503     if (bnctx == NULL)
 504         goto err;
 505     BN_CTX_start(bnctx);
 506     a = BN_CTX_get(bnctx);
 507     b = BN_CTX_get(bnctx);
 508     if (b == NULL)
 509         goto err;
 510     BN_zero(a);
 511     if (!BN_one(b)
 512         || !BN_add(a, a, b)
 513         || BN_cmp(a, b) != 0)
 514         goto err;
 515
 516     if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
 517         goto err;
 518
 519     if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
 520         goto err;
 521
 522 #ifndef OPENSSL_NO_EC
 523     /* Do some dummy EC calls */
 524     key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
 525     if (key == NULL)
 526         goto err;
 527
 528     if (!EC_KEY_generate_key(key))
 529         goto err;
 530 #endif
 531
 532 #ifndef OPENSSL_NO_DSA
 533     if (!dsa_key_signature_test(libctx))
 534         goto err;
 535 #endif
 536
 537 #ifndef OPENSSL_NO_DH
 538     if (!dh_key_exchange_test(libctx))
 539         goto err;
 540 #endif /* OPENSSL_NO_DH */
 541
 542     ret = 1;
 543  err:
 544     BN_CTX_end(bnctx);
 545     BN_CTX_free(bnctx);
 546
 547     EVP_KDF_free(kdf);
 548     EVP_MD_CTX_free(ctx);
 549     EVP_MD_free(sha256);
 550
 551 #ifndef OPENSSL_NO_EC
 552     EC_KEY_free(key);
 553 #endif
 554     return ret;
 555 }
 556
 557 static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
 558 {
 559     return fips_param_types;
 560 }
 561
 562 static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
 563 {
 564     OSSL_PARAM *p;
 565
 566     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
 567     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
 568         return 0;
 569     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
 570     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
 571         return 0;
 572     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
 573     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
 574         return 0;
 575
 576     return 1;
 577 }
 578
 579 /* FIPS specific version of the function of the same name in provlib.c */
 580 const char *ossl_prov_util_nid_to_name(int nid)
 581 {
 582     /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
 583
 584     switch (nid) {
 585     /* Digests */
 586     case NID_sha1:
 587         return "SHA1";
 588     case NID_sha224:
 589         return "SHA-224";
 590     case NID_sha256:
 591         return "SHA-256";
 592     case NID_sha384:
 593         return "SHA-384";
 594     case NID_sha512:
 595         return "SHA-512";
 596     case NID_sha512_224:
 597         return "SHA-512/224";
 598     case NID_sha512_256:
 599         return "SHA-512/256";
 600     case NID_sha3_224:
 601         return "SHA3-224";
 602     case NID_sha3_256:
 603         return "SHA3-256";
 604     case NID_sha3_384:
 605         return "SHA3-384";
 606     case NID_sha3_512:
 607         return "SHA3-512";
 608
 609     /* Ciphers */
 610     case NID_aes_256_ecb:
 611         return "AES-256-ECB";
 612     case NID_aes_192_ecb:
 613         return "AES-192-ECB";
 614     case NID_aes_128_ecb:
 615         return "AES-128-ECB";
 616     case NID_aes_256_cbc:
 617         return "AES-256-CBC";
 618     case NID_aes_192_cbc:
 619         return "AES-192-CBC";
 620     case NID_aes_128_cbc:
 621         return "AES-128-CBC";
 622     case NID_aes_256_ctr:
 623         return "AES-256-CTR";
 624     case NID_aes_192_ctr:
 625         return "AES-192-CTR";
 626     case NID_aes_128_ctr:
 627         return "AES-128-CTR";
 628     case NID_aes_256_xts:
 629         return "AES-256-XTS";
 630     case NID_aes_128_xts:
 631         return "AES-128-XTS";
 632     case NID_aes_256_gcm:
 633         return "AES-256-GCM";
 634     case NID_aes_192_gcm:
 635         return "AES-192-GCM";
 636     case NID_aes_128_gcm:
 637         return "AES-128-GCM";
 638     case NID_aes_256_ccm:
 639         return "AES-256-CCM";
 640     case NID_aes_192_ccm:
 641         return "AES-192-CCM";
 642     case NID_aes_128_ccm:
 643         return "AES-128-CCM";
 644     case NID_id_aes256_wrap:
 645         return "AES-256-WRAP";
 646     case NID_id_aes192_wrap:
 647         return "AES-192-WRAP";
 648     case NID_id_aes128_wrap:
 649         return "AES-128-WRAP";
 650     case NID_id_aes256_wrap_pad:
 651         return "AES-256-WRAP-PAD";
 652     case NID_id_aes192_wrap_pad:
 653         return "AES-192-WRAP-PAD";
 654     case NID_id_aes128_wrap_pad:
 655         return "AES-128-WRAP-PAD";
 656     case NID_des_ede3_ecb:
 657         return "DES-EDE3";
 658     case NID_des_ede3_cbc:
 659         return "DES-EDE3-CBC";
 660     case NID_aes_256_cbc_hmac_sha256:
 661         return "AES-256-CBC-HMAC-SHA256";
 662     case NID_aes_128_cbc_hmac_sha256:
 663         return "AES-128-CBC-HMAC-SHA256";
 664     case NID_aes_256_cbc_hmac_sha1:
 665         return "AES-256-CBC-HMAC-SHA1";
 666     case NID_aes_128_cbc_hmac_sha1:
 667         return "AES-128-CBC-HMAC-SHA1";
 668     default:
 669         break;
 670     }
 671
 672     return NULL;
 673 }
 674
 675 /*
 676  * For the algorithm names, we use the following formula for our primary
 677  * names:
 678  *
 679  *     ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
 680  *
 681  *     VERSION is only present if there are multiple versions of
 682  *     an alg (MD2, MD4, MD5).  It may be omitted if there is only
 683  *     one version (if a subsequent version is released in the future,
 684  *     we can always change the canonical name, and add the old name
 685  *     as an alias).
 686  *
 687  *     SUBNAME may be present where we are combining multiple
 688  *     algorithms together, e.g. MD5-SHA1.
 689  *
 690  *     SIZE is only present if multiple versions of an algorithm exist
 691  *     with different sizes (e.g. AES-128-CBC, AES-256-CBC)
 692  *
 693  *     MODE is only present where applicable.
 694  *
 695  * We add diverse other names where applicable, such as the names that
 696  * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
 697  * we have used historically.
 698  */
 699 static const OSSL_ALGORITHM fips_digests[] = {
 700     /* Our primary name:NiST name[:our older names] */
 701     { "SHA1:SHA-1", "fips=yes", sha1_functions },
 702     { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
 703     { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
 704     { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
 705     { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
 706     { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
 707       sha512_224_functions },
 708     { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
 709       sha512_256_functions },
 710
 711     /* We agree with NIST here, so one name only */
 712     { "SHA3-224", "fips=yes", sha3_224_functions },
 713     { "SHA3-256", "fips=yes", sha3_256_functions },
 714     { "SHA3-384", "fips=yes", sha3_384_functions },
 715     { "SHA3-512", "fips=yes", sha3_512_functions },
 716     /*
 717      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
 718      * KMAC128 and KMAC256.
 719      */
 720     { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
 721     { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
 722
 723     { NULL, NULL, NULL }
 724 };
 725
 726 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
 727     /* Our primary name[:ASN.1 OID name][:our older names] */
 728     ALG("AES-256-ECB", aes256ecb_functions),
 729     ALG("AES-192-ECB", aes192ecb_functions),
 730     ALG("AES-128-ECB", aes128ecb_functions),
 731     ALG("AES-256-CBC", aes256cbc_functions),
 732     ALG("AES-192-CBC", aes192cbc_functions),
 733     ALG("AES-128-CBC", aes128cbc_functions),
 734     ALG("AES-256-CTR", aes256ctr_functions),
 735     ALG("AES-192-CTR", aes192ctr_functions),
 736     ALG("AES-128-CTR", aes128ctr_functions),
 737     ALG("AES-256-XTS", aes256xts_functions),
 738     ALG("AES-128-XTS", aes128xts_functions),
 739     ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
 740     ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
 741     ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
 742     ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
 743     ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
 744     ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
 745     ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
 746     ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
 747     ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
 748     ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
 749         aes256wrappad_functions),
 750     ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
 751         aes192wrappad_functions),
 752     ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
 753         aes128wrappad_functions),
 754     ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
 755          cipher_capable_aes_cbc_hmac_sha1),
 756     ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
 757          cipher_capable_aes_cbc_hmac_sha1),
 758     ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
 759          cipher_capable_aes_cbc_hmac_sha256),
 760     ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
 761          cipher_capable_aes_cbc_hmac_sha256),
 762 #ifndef OPENSSL_NO_DES
 763     ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
 764     ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
 765 #endif  /* OPENSSL_NO_DES */
 766     { { NULL, NULL, NULL }, NULL }
 767 };
 768 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
 769
 770 static const OSSL_ALGORITHM fips_macs[] = {
 771 #ifndef OPENSSL_NO_CMAC
 772     { "CMAC", "fips=yes", cmac_functions },
 773 #endif
 774     { "GMAC", "fips=yes", gmac_functions },
 775     { "HMAC", "fips=yes", hmac_functions },
 776     { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
 777     { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
 778     { NULL, NULL, NULL }
 779 };
 780
 781 static const OSSL_ALGORITHM fips_kdfs[] = {
 782     { "HKDF", "fips=yes", kdf_hkdf_functions },
 783     { "SSKDF", "fips=yes", kdf_sskdf_functions },
 784     { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
 785     { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
 786     { "KBKDF", "fips=yes", kdf_kbkdf_functions },
 787     { NULL, NULL, NULL }
 788 };
 789
 790 static const OSSL_ALGORITHM fips_keyexch[] = {
 791 #ifndef OPENSSL_NO_DH
 792     { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions },
 793 #endif
 794     { NULL, NULL, NULL }
 795 };
 796
 797 static const OSSL_ALGORITHM fips_signature[] = {
 798 #ifndef OPENSSL_NO_DSA
 799     { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions },
 800 #endif
 801     { NULL, NULL, NULL }
 802 };
 803
 804 static const OSSL_ALGORITHM fips_keymgmt[] = {
 805 #ifndef OPENSSL_NO_DH
 806     { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions },
 807 #endif
 808 #ifndef OPENSSL_NO_DSA
 809     { "DSA", "fips=yes", dsa_keymgmt_functions },
 810 #endif
 811     { NULL, NULL, NULL }
 812 };
 813
 814 static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
 815                                          int operation_id,
 816                                          int *no_cache)
 817 {
 818     *no_cache = 0;
 819     switch (operation_id) {
 820     case OSSL_OP_DIGEST:
 821         return fips_digests;
 822     case OSSL_OP_CIPHER:
 823         ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
 824         return exported_fips_ciphers;
 825     case OSSL_OP_MAC:
 826         return fips_macs;
 827     case OSSL_OP_KDF:
 828         return fips_kdfs;
 829     case OSSL_OP_KEYMGMT:
 830         return fips_keymgmt;
 831     case OSSL_OP_KEYEXCH:
 832         return fips_keyexch;
 833     case OSSL_OP_SIGNATURE:
 834         return fips_signature;
 835     }
 836     return NULL;
 837 }
 838
 839 /* Functions we provide to the core */
 840 static const OSSL_DISPATCH fips_dispatch_table[] = {
 841     /*
 842      * To release our resources we just need to free the OPENSSL_CTX so we just
 843      * use OPENSSL_CTX_free directly as our teardown function
 844      */
 845     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
 846     { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
 847     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
 848     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
 849     { 0, NULL }
 850 };
 851
 852 /* Functions we provide to ourself */
 853 static const OSSL_DISPATCH intern_dispatch_table[] = {
 854     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
 855     { 0, NULL }
 856 };
 857
 858
 859 int OSSL_provider_init(const OSSL_PROVIDER *provider,
 860                        const OSSL_DISPATCH *in,
 861                        const OSSL_DISPATCH **out,
 862                        void **provctx)
 863 {
 864     FIPS_GLOBAL *fgbl;
 865     OPENSSL_CTX *ctx;
 866     OSSL_self_test_cb_fn *stcbfn = NULL;
 867     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
 868
 869     for (; in->function_id != 0; in++) {
 870         switch (in->function_id) {
 871         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
 872             c_get_libctx = OSSL_get_core_get_library_context(in);
 873             break;
 874         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
 875             c_gettable_params = OSSL_get_core_gettable_params(in);
 876             break;
 877         case OSSL_FUNC_CORE_GET_PARAMS:
 878             c_get_params = OSSL_get_core_get_params(in);
 879             break;
 880         case OSSL_FUNC_CORE_THREAD_START:
 881             c_thread_start = OSSL_get_core_thread_start(in);
 882             break;
 883         case OSSL_FUNC_CORE_NEW_ERROR:
 884             c_new_error = OSSL_get_core_new_error(in);
 885             break;
 886         case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
 887             c_set_error_debug = OSSL_get_core_set_error_debug(in);
 888             break;
 889         case OSSL_FUNC_CORE_VSET_ERROR:
 890             c_vset_error = OSSL_get_core_vset_error(in);
 891             break;
 892         case OSSL_FUNC_CORE_SET_ERROR_MARK:
 893             c_set_error_mark = OSSL_get_core_set_error_mark(in);
 894             break;
 895         case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK:
 896             c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in);
 897             break;
 898         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
 899             c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in);
 900             break;
 901         case OSSL_FUNC_CRYPTO_MALLOC:
 902             c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
 903             break;
 904         case OSSL_FUNC_CRYPTO_ZALLOC:
 905             c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
 906             break;
 907         case OSSL_FUNC_CRYPTO_FREE:
 908             c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
 909             break;
 910         case OSSL_FUNC_CRYPTO_CLEAR_FREE:
 911             c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
 912             break;
 913         case OSSL_FUNC_CRYPTO_REALLOC:
 914             c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
 915             break;
 916         case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
 917             c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
 918             break;
 919         case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
 920             c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
 921             break;
 922         case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
 923             c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
 924             break;
 925         case OSSL_FUNC_CRYPTO_SECURE_FREE:
 926             c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
 927             break;
 928         case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
 929             c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
 930             break;
 931         case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
 932             c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
 933             break;
 934         case OSSL_FUNC_BIO_NEW_FILE:
 935             selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
 936             break;
 937         case OSSL_FUNC_BIO_NEW_MEMBUF:
 938             selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
 939             break;
 940         case OSSL_FUNC_BIO_READ_EX:
 941             selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
 942             break;
 943         case OSSL_FUNC_BIO_FREE:
 944             selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
 945             break;
 946         case OSSL_FUNC_SELF_TEST_CB: {
 947             stcbfn = OSSL_get_self_test_cb(in);
 948             break;
 949         }
 950         default:
 951             /* Just ignore anything we don't understand */
 952             break;
 953         }
 954     }
 955
 956     if (stcbfn != NULL && c_get_libctx != NULL) {
 957         stcbfn(c_get_libctx(provider), &selftest_params.event_cb,
 958                &selftest_params.event_cb_arg);
 959     }
 960     else {
 961         selftest_params.event_cb = NULL;
 962         selftest_params.event_cb_arg = NULL;
 963     }
 964
 965     if (!c_get_params(provider, core_params))
 966         return 0;
 967
 968     /*  Create a context. */
 969     if ((ctx = OPENSSL_CTX_new()) == NULL)
 970         return 0;
 971     if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
 972                                      &fips_prov_ossl_ctx_method)) == NULL) {
 973         OPENSSL_CTX_free(ctx);
 974         return 0;
 975     }
 976
 977     fgbl->prov = provider;
 978
 979     selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
 980     if (!SELF_TEST_post(&selftest_params, 0)) {
 981         OPENSSL_CTX_free(ctx);
 982         return 0;
 983     }
 984
 985     /*
 986      * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
 987      * EVP calls from within the FIPS module.
 988      */
 989     if (!dummy_evp_call(ctx)) {
 990         OPENSSL_CTX_free(ctx);
 991         return 0;
 992     }
 993
 994     *out = fips_dispatch_table;
 995     *provctx = ctx;
 996
 997     return 1;
 998 }
 999
1000 /*
1001  * The internal init function used when the FIPS module uses EVP to call
1002  * another algorithm also in the FIPS module. This is a recursive call that has
1003  * been made from within the FIPS module itself. To make this work, we populate
1004  * the provider context of this inner instance with the same library context
1005  * that was used in the EVP call that initiated this recursive call.
1006  */
1007 OSSL_provider_init_fn fips_intern_provider_init;
1008 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
1009                               const OSSL_DISPATCH *in,
1010                               const OSSL_DISPATCH **out,
1011                               void **provctx)
1012 {
1013     OSSL_core_get_library_context_fn *c_get_libctx = NULL;
1014
1015     for (; in->function_id != 0; in++) {
1016         switch (in->function_id) {
1017         case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
1018             c_get_libctx = OSSL_get_core_get_library_context(in);
1019             break;
1020         default:
1021             break;
1022         }
1023     }
1024
1025     if (c_get_libctx == NULL)
1026         return 0;
1027
1028     *provctx = c_get_libctx(provider);
1029
1030     /*
1031      * Safety measure...  we should get the library context that was
1032      * created up in OSSL_provider_init().
1033      */
1034     if (*provctx == NULL)
1035         return 0;
1036
1037     *out = intern_dispatch_table;
1038     return 1;
1039 }
1040
1041 void ERR_new(void)
1042 {
1043     c_new_error(NULL);
1044 }
1045
1046 void ERR_set_debug(const char *file, int line, const char *func)
1047 {
1048     c_set_error_debug(NULL, file, line, func);
1049 }
1050
1051 void ERR_set_error(int lib, int reason, const char *fmt, ...)
1052 {
1053     va_list args;
1054
1055     va_start(args, fmt);
1056     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1057     va_end(args);
1058 }
1059
1060 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
1061 {
1062     c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
1063 }
1064
1065 int ERR_set_mark(void)
1066 {
1067     return c_set_error_mark(NULL);
1068 }
1069
1070 int ERR_clear_last_mark(void)
1071 {
1072     return c_clear_last_error_mark(NULL);
1073 }
1074
1075 int ERR_pop_to_mark(void)
1076 {
1077     return c_pop_error_to_mark(NULL);
1078 }
1079
1080 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
1081 {
1082     FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
1083                                              &fips_prov_ossl_ctx_method);
1084
1085     if (fgbl == NULL)
1086         return NULL;
1087
1088     return fgbl->prov;
1089 }
1090
1091 void *CRYPTO_malloc(size_t num, const char *file, int line)
1092 {
1093     return c_CRYPTO_malloc(num, file, line);
1094 }
1095
1096 void *CRYPTO_zalloc(size_t num, const char *file, int line)
1097 {
1098     return c_CRYPTO_zalloc(num, file, line);
1099 }
1100
1101 void CRYPTO_free(void *ptr, const char *file, int line)
1102 {
1103     c_CRYPTO_free(ptr, file, line);
1104 }
1105
1106 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
1107 {
1108     c_CRYPTO_clear_free(ptr, num, file, line);
1109 }
1110
1111 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
1112 {
1113     return c_CRYPTO_realloc(addr, num, file, line);
1114 }
1115
1116 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
1117                            const char *file, int line)
1118 {
1119     return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
1120 }
1121
1122 void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
1123 {
1124     return c_CRYPTO_secure_malloc(num, file, line);
1125 }
1126
1127 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
1128 {
1129     return c_CRYPTO_secure_zalloc(num, file, line);
1130 }
1131
1132 void CRYPTO_secure_free(void *ptr, const char *file, int line)
1133 {
1134     c_CRYPTO_secure_free(ptr, file, line);
1135 }
1136
1137 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
1138 {
1139     c_CRYPTO_secure_clear_free(ptr, num, file, line);
1140 }
1141
1142 int CRYPTO_secure_allocated(const void *ptr)
1143 {
1144     return c_CRYPTO_secure_allocated(ptr);
1145 }