#include "internal/cryptlib.h"
#include "internal/property.h"
#include "internal/nelem.h"
-#include "internal/param_build.h"
+#include "openssl/param_build.h"
#include "crypto/evp.h"
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/provider_util.h"
#include "self_test.h"
-#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
+#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
extern OSSL_core_thread_start_fn *c_thread_start;
static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
+static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
typedef struct fips_global_st {
const OSSL_PROVIDER *prov;
* The array of hex_data is used to get around compilers that dont like
* strings longer than 509 bytes,
*/
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
static int hextobn(const char *hex_data[], BIGNUM **bn)
{
int ret = 0;
OPENSSL_free(str);
return ret;
}
+#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
+#ifndef OPENSSL_NO_DH
static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
{
int ret = 0, sz;
BN_free(bn);
return ret;
}
+#endif
#ifndef OPENSSL_NO_DSA
static int dsa_key_signature_test(OPENSSL_CTX *libctx)
BIGNUM *p = NULL, *q = NULL, *g = NULL;
BIGNUM *pub = NULL, *priv = NULL;
OSSL_PARAM *params = NULL, *params_sig = NULL;
- OSSL_PARAM_BLD bld;
+ OSSL_PARAM_BLD *bld = NULL;
EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char sig[64];
|| !hextobn(dsa_priv_hex, &priv))
goto err;
- ossl_param_bld_init(&bld);
- if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
+ bld = OSSL_PARAM_BLD_new();
+ if (bld == NULL
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
goto err;
- params = ossl_param_bld_to_param(&bld);
+ params = OSSL_PARAM_BLD_to_param(bld);
/* Create a EVP_PKEY_CTX to load the DSA key into */
kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
goto err;
/* set signature parameters */
- ossl_param_bld_init(&bld);
- if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
+ if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
SN_sha256,strlen(SN_sha256) + 1))
goto err;
- params_sig = ossl_param_bld_to_param(&bld);
+ params_sig = OSSL_PARAM_BLD_to_param(bld);
if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
goto err;
goto err;
ret = 1;
err:
- ossl_param_bld_free(params);
- ossl_param_bld_free(params_sig);
+ OSSL_PARAM_BLD_free_params(params);
+ OSSL_PARAM_BLD_free_params(params_sig);
+ OSSL_PARAM_BLD_free(bld);
BN_free(p);
BN_free(q);
BN_free(g);
OSSL_PARAM *params_peer = NULL;
unsigned char secret[256];
size_t secret_len, kat_secret_len = 0;
- OSSL_PARAM_BLD bld;
+ OSSL_PARAM_BLD *bld = NULL;
/* DH KAT */
static const char *dh_p_hex[] = {
|| !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
goto err;
- ossl_param_bld_init(&bld);
- if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
+ bld = OSSL_PARAM_BLD_new();
+ if (bld == NULL
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
goto err;
- params = ossl_param_bld_to_param(&bld);
+ params = OSSL_PARAM_BLD_to_param(bld);
- ossl_param_bld_init(&bld);
- if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
+ if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+ || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
goto err;
- params_peer = ossl_param_bld_to_param(&bld);
+ params_peer = OSSL_PARAM_BLD_to_param(bld);
if (params == NULL || params_peer == NULL)
goto err;
goto err;
ret = 1;
err:
- ossl_param_bld_free(params_peer);
- ossl_param_bld_free(params);
+ OSSL_PARAM_BLD_free(bld);
+ OSSL_PARAM_BLD_free_params(params_peer);
+ OSSL_PARAM_BLD_free_params(params);
BN_free(p);
BN_free(q);
BN_free(g);
*/
static const OSSL_ALGORITHM fips_digests[] = {
/* Our primary name:NiST name[:our older names] */
- { "SHA1:SHA-1", "fips=yes", sha1_functions },
- { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
- { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
- { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
- { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
- { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
+ { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
+ { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
+ { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
+ { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
+ { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
+ { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
sha512_224_functions },
- { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
+ { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
sha512_256_functions },
/* We agree with NIST here, so one name only */
- { "SHA3-224", "fips=yes", sha3_224_functions },
- { "SHA3-256", "fips=yes", sha3_256_functions },
- { "SHA3-384", "fips=yes", sha3_384_functions },
- { "SHA3-512", "fips=yes", sha3_512_functions },
+ { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
+ { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
+ { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
+ { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
/*
* KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
* KMAC128 and KMAC256.
*/
- { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
- { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
+ { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions },
+ { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions },
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_macs[] = {
#ifndef OPENSSL_NO_CMAC
- { "CMAC", "fips=yes", cmac_functions },
+ { "CMAC", "provider=fips,fips=yes", cmac_functions },
#endif
- { "GMAC", "fips=yes", gmac_functions },
- { "HMAC", "fips=yes", hmac_functions },
- { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
- { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
+ { "GMAC", "provider=fips,fips=yes", gmac_functions },
+ { "HMAC", "provider=fips,fips=yes", hmac_functions },
+ { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
+ { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_kdfs[] = {
- { "HKDF", "fips=yes", kdf_hkdf_functions },
- { "SSKDF", "fips=yes", kdf_sskdf_functions },
- { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
- { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
- { "KBKDF", "fips=yes", kdf_kbkdf_functions },
+ { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
+ { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
+ { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
+ { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
+ { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_keyexch[] = {
#ifndef OPENSSL_NO_DH
- { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions },
+ { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
+#endif
+#ifndef OPENSSL_NO_EC
+ { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
#endif
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_signature[] = {
#ifndef OPENSSL_NO_DSA
- { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions },
+ { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
+#endif
+ { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
+#ifndef OPENSSL_NO_EC
+ { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
#endif
{ NULL, NULL, NULL }
};
+static const OSSL_ALGORITHM fips_asym_cipher[] = {
+ { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
+ { NULL, NULL, NULL }
+};
+
static const OSSL_ALGORITHM fips_keymgmt[] = {
#ifndef OPENSSL_NO_DH
- { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions },
+ { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
#endif
#ifndef OPENSSL_NO_DSA
- { "DSA", "fips=yes", dsa_keymgmt_functions },
+ { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
+#endif
+ { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
+#ifndef OPENSSL_NO_EC
+ { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
#endif
{ NULL, NULL, NULL }
};
return fips_keyexch;
case OSSL_OP_SIGNATURE:
return fips_signature;
+ case OSSL_OP_ASYM_CIPHER:
+ return fips_asym_cipher;
}
return NULL;
}
case OSSL_FUNC_BIO_FREE:
selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
break;
+ case OSSL_FUNC_BIO_VSNPRINTF:
+ c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
+ break;
case OSSL_FUNC_SELF_TEST_CB: {
stcbfn = OSSL_get_self_test_cb(in);
break;
}
if (stcbfn != NULL && c_get_libctx != NULL) {
- stcbfn(c_get_libctx(provider), &selftest_params.event_cb,
- &selftest_params.event_cb_arg);
+ stcbfn(c_get_libctx(provider), &selftest_params.cb,
+ &selftest_params.cb_arg);
}
else {
- selftest_params.event_cb = NULL;
- selftest_params.event_cb_arg = NULL;
+ selftest_params.cb = NULL;
+ selftest_params.cb_arg = NULL;
}
if (!c_get_params(provider, core_params))
{
return c_CRYPTO_secure_allocated(ptr);
}
+
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+ ret = c_BIO_vsnprintf(buf, n, format, args);
+ va_end(args);
+ return ret;
+}