projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Param build: make structures opaque.
[openssl.git] / providers / fips / fipsprov.c
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index c89fa642644fd13862c97e0bfc3f059044ea98d9..8fbb618527706ba472bf7367d60979fc7d888b02 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -26,7 +26,7 @@
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/nelem.h"
-#include "internal/param_build.h"
+#include "openssl/param_build.h"
 #include "crypto/evp.h"
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
@@ -34,7 +34,7 @@
 #include "prov/provider_util.h"
 #include "self_test.h"
 
-#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
+#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK }
 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
 
 extern OSSL_core_thread_start_fn *c_thread_start;
@@ -69,6 +69,7 @@ static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
 static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
 static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
 static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
+static OSSL_BIO_vsnprintf_fn *c_BIO_vsnprintf;
 
 typedef struct fips_global_st {
     const OSSL_PROVIDER *prov;
@@ -130,6 +131,7 @@ static OSSL_PARAM core_params[] =
  * The array of hex_data is used to get around compilers that dont like
  * strings longer than 509 bytes,
  */
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
 static int hextobn(const char *hex_data[], BIGNUM **bn)
 {
     int ret = 0;
@@ -156,7 +158,9 @@ err:
     OPENSSL_free(str);
     return ret;
 }
+#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */
 
+#ifndef OPENSSL_NO_DH
 static int hextobin(const char *hex_data[], unsigned char **out, size_t *len)
 {
     int ret = 0, sz;
@@ -181,6 +185,7 @@ err:
     BN_free(bn);
     return ret;
 }
+#endif
 
 #ifndef OPENSSL_NO_DSA
 static int dsa_key_signature_test(OPENSSL_CTX *libctx)
@@ -189,7 +194,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
     BIGNUM *p = NULL, *q = NULL, *g = NULL;
     BIGNUM *pub = NULL, *priv = NULL;
     OSSL_PARAM *params = NULL, *params_sig = NULL;
-    OSSL_PARAM_BLD bld;
+    OSSL_PARAM_BLD *bld = NULL;
     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
     EVP_PKEY *pkey = NULL;
     unsigned char sig[64];
@@ -250,14 +255,15 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         || !hextobn(dsa_priv_hex, &priv))
         goto err;
 
-    ossl_param_bld_init(&bld);
-    if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         goto err;
-    params = ossl_param_bld_to_param(&bld);
+    params = OSSL_PARAM_BLD_to_param(bld);
 
     /* Create a EVP_PKEY_CTX to load the DSA key into */
     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
@@ -274,11 +280,10 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         goto err;
 
     /* set signature parameters */
-    ossl_param_bld_init(&bld);
-    if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
+    if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
                                          SN_sha256,strlen(SN_sha256) + 1))
         goto err;
-    params_sig = ossl_param_bld_to_param(&bld);
+    params_sig = OSSL_PARAM_BLD_to_param(bld);
     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
         goto err;
 
@@ -288,8 +293,9 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         goto err;
     ret = 1;
 err:
-    ossl_param_bld_free(params);
-    ossl_param_bld_free(params_sig);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free_params(params_sig);
+    OSSL_PARAM_BLD_free(bld);
     BN_free(p);
     BN_free(q);
     BN_free(g);
@@ -315,7 +321,7 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
     OSSL_PARAM *params_peer = NULL;
     unsigned char secret[256];
     size_t secret_len, kat_secret_len = 0;
-    OSSL_PARAM_BLD bld;
+    OSSL_PARAM_BLD *bld = NULL;
 
     /* DH KAT */
     static const char *dh_p_hex[] = {
@@ -399,23 +405,23 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
         goto err;
 
-    ossl_param_bld_init(&bld);
-    if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         goto err;
-    params = ossl_param_bld_to_param(&bld);
+    params = OSSL_PARAM_BLD_to_param(bld);
 
-    ossl_param_bld_init(&bld);
-    if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
+    if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
         goto err;
 
-    params_peer = ossl_param_bld_to_param(&bld);
+    params_peer = OSSL_PARAM_BLD_to_param(bld);
     if (params == NULL || params_peer == NULL)
         goto err;
 
@@ -445,8 +451,9 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
         goto err;
     ret = 1;
 err:
-    ossl_param_bld_free(params_peer);
-    ossl_param_bld_free(params);
+    OSSL_PARAM_BLD_free(bld);
+    OSSL_PARAM_BLD_free_params(params_peer);
+    OSSL_PARAM_BLD_free_params(params);
     BN_free(p);
     BN_free(q);
     BN_free(g);
@@ -698,27 +705,27 @@ const char *ossl_prov_util_nid_to_name(int nid)
  */
 static const OSSL_ALGORITHM fips_digests[] = {
     /* Our primary name:NiST name[:our older names] */
-    { "SHA1:SHA-1", "fips=yes", sha1_functions },
-    { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
-    { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
-    { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
-    { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
-    { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
+    { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions },
+    { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions },
+    { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions },
+    { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions },
+    { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions },
+    { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes",
       sha512_224_functions },
-    { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
+    { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes",
       sha512_256_functions },
 
     /* We agree with NIST here, so one name only */
-    { "SHA3-224", "fips=yes", sha3_224_functions },
-    { "SHA3-256", "fips=yes", sha3_256_functions },
-    { "SHA3-384", "fips=yes", sha3_384_functions },
-    { "SHA3-512", "fips=yes", sha3_512_functions },
+    { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions },
+    { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions },
+    { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions },
+    { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions },
     /*
      * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
      * KMAC128 and KMAC256.
      */
-    { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
-    { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
+    { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions },
+    { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions },
 
     { NULL, NULL, NULL }
 };
@@ -769,44 +776,60 @@ static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
 
 static const OSSL_ALGORITHM fips_macs[] = {
 #ifndef OPENSSL_NO_CMAC
-    { "CMAC", "fips=yes", cmac_functions },
+    { "CMAC", "provider=fips,fips=yes", cmac_functions },
 #endif
-    { "GMAC", "fips=yes", gmac_functions },
-    { "HMAC", "fips=yes", hmac_functions },
-    { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
-    { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
+    { "GMAC", "provider=fips,fips=yes", gmac_functions },
+    { "HMAC", "provider=fips,fips=yes", hmac_functions },
+    { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions },
+    { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions },
     { NULL, NULL, NULL }
 };
 
 static const OSSL_ALGORITHM fips_kdfs[] = {
-    { "HKDF", "fips=yes", kdf_hkdf_functions },
-    { "SSKDF", "fips=yes", kdf_sskdf_functions },
-    { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
-    { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
-    { "KBKDF", "fips=yes", kdf_kbkdf_functions },
+    { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions },
+    { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions },
+    { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions },
+    { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions },
+    { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions },
     { NULL, NULL, NULL }
 };
 
 static const OSSL_ALGORITHM fips_keyexch[] = {
 #ifndef OPENSSL_NO_DH
-    { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions },
+    { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
+#endif
+#ifndef OPENSSL_NO_EC
+    { "ECDH", "provider=fips,fips=yes", ecdh_keyexch_functions },
 #endif
     { NULL, NULL, NULL }
 };
 
 static const OSSL_ALGORITHM fips_signature[] = {
 #ifndef OPENSSL_NO_DSA
-    { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions },
+    { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions },
+#endif
+    { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_signature_functions },
+#ifndef OPENSSL_NO_EC
+    { "ECDSA", "provider=fips,fips=yes", ecdsa_signature_functions },
 #endif
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM fips_asym_cipher[] = {
+    { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions },
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM fips_keymgmt[] = {
 #ifndef OPENSSL_NO_DH
-    { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions },
+    { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions },
 #endif
 #ifndef OPENSSL_NO_DSA
-    { "DSA", "fips=yes", dsa_keymgmt_functions },
+    { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions },
+#endif
+    { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions },
+#ifndef OPENSSL_NO_EC
+    { "EC:id-ecPublicKey", "provider=fips,fips=yes", ec_keymgmt_functions },
 #endif
     { NULL, NULL, NULL }
 };
@@ -832,6 +855,8 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
         return fips_keyexch;
     case OSSL_OP_SIGNATURE:
         return fips_signature;
+    case OSSL_OP_ASYM_CIPHER:
+        return fips_asym_cipher;
     }
     return NULL;
 }
@@ -943,6 +968,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
         case OSSL_FUNC_BIO_FREE:
             selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
             break;
+        case OSSL_FUNC_BIO_VSNPRINTF:
+            c_BIO_vsnprintf = OSSL_get_BIO_vsnprintf(in);
+            break;
         case OSSL_FUNC_SELF_TEST_CB: {
             stcbfn = OSSL_get_self_test_cb(in);
             break;
@@ -954,12 +982,12 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
     }
 
     if (stcbfn != NULL && c_get_libctx != NULL) {
-        stcbfn(c_get_libctx(provider), &selftest_params.event_cb,
-               &selftest_params.event_cb_arg);
+        stcbfn(c_get_libctx(provider), &selftest_params.cb,
+               &selftest_params.cb_arg);
     }
     else {
-        selftest_params.event_cb = NULL;
-        selftest_params.event_cb_arg = NULL;
+        selftest_params.cb = NULL;
+        selftest_params.cb_arg = NULL;
     }
 
     if (!c_get_params(provider, core_params))
@@ -1143,3 +1171,14 @@ int CRYPTO_secure_allocated(const void *ptr)
 {
     return c_CRYPTO_secure_allocated(ptr);
 }
+
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+    ret = c_BIO_vsnprintf(buf, n, format, args);
+    va_end(args);
+    return ret;
+}
Unnamed repository; edit this file 'description' to name the repository.