#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
-#include <openssl/obj_mac.h> /* NIDs used by ossl_prov_util_nid_to_name() */
#include <openssl/fips_names.h>
#include <openssl/rand.h> /* RAND_get0_public() */
#include "internal/cryptlib.h"
#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/provider_util.h"
+#include "prov/seeding.h"
#include "self_test.h"
static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
* TODO(3.0): Should these be stored in the provider side provctx? Could they
* ever be different from one init to the next? Unfortunately we can't do this
* at the moment because c_put_error/c_add_error_vdata do not provide
- * us with the OPENSSL_CTX as a parameter.
+ * us with the OSSL_LIB_CTX as a parameter.
*/
static SELF_TEST_POST_PARAMS selftest_params;
static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf;
static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL;
-static OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL;
+static OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
typedef struct fips_global_st {
const OSSL_CORE_HANDLE *handle;
} FIPS_GLOBAL;
-static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
+static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
{
FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
OPENSSL_free(fgbl);
}
-static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
+static const OSSL_LIB_CTX_METHOD fips_prov_ossl_ctx_method = {
fips_prov_ossl_ctx_new,
fips_prov_ossl_ctx_free,
};
return SELF_TEST_post(&selftest_params, 1) ? 1 : 0;
}
-/* FIPS specific version of the function of the same name in provlib.c */
-/* TODO(3.0) - Is this function needed ? */
-const char *ossl_prov_util_nid_to_name(int nid)
-{
- /* We don't have OBJ_nid2n() in FIPS_MODULE so we have an explicit list */
-
- switch (nid) {
- /* Digests */
- case NID_sha1:
- return "SHA1";
- case NID_sha224:
- return "SHA-224";
- case NID_sha256:
- return "SHA-256";
- case NID_sha384:
- return "SHA-384";
- case NID_sha512:
- return "SHA-512";
- case NID_sha512_224:
- return "SHA-512/224";
- case NID_sha512_256:
- return "SHA-512/256";
- case NID_sha3_224:
- return "SHA3-224";
- case NID_sha3_256:
- return "SHA3-256";
- case NID_sha3_384:
- return "SHA3-384";
- case NID_sha3_512:
- return "SHA3-512";
-
- /* Ciphers */
- case NID_aes_256_ecb:
- return "AES-256-ECB";
- case NID_aes_192_ecb:
- return "AES-192-ECB";
- case NID_aes_128_ecb:
- return "AES-128-ECB";
- case NID_aes_256_cbc:
- return "AES-256-CBC";
- case NID_aes_192_cbc:
- return "AES-192-CBC";
- case NID_aes_128_cbc:
- return "AES-128-CBC";
- case NID_aes_256_ctr:
- return "AES-256-CTR";
- case NID_aes_192_ctr:
- return "AES-192-CTR";
- case NID_aes_128_ctr:
- return "AES-128-CTR";
- case NID_aes_256_xts:
- return "AES-256-XTS";
- case NID_aes_128_xts:
- return "AES-128-XTS";
- case NID_aes_256_gcm:
- return "AES-256-GCM";
- case NID_aes_192_gcm:
- return "AES-192-GCM";
- case NID_aes_128_gcm:
- return "AES-128-GCM";
- case NID_aes_256_ccm:
- return "AES-256-CCM";
- case NID_aes_192_ccm:
- return "AES-192-CCM";
- case NID_aes_128_ccm:
- return "AES-128-CCM";
- case NID_id_aes256_wrap:
- return "AES-256-WRAP";
- case NID_id_aes192_wrap:
- return "AES-192-WRAP";
- case NID_id_aes128_wrap:
- return "AES-128-WRAP";
- case NID_id_aes256_wrap_pad:
- return "AES-256-WRAP-PAD";
- case NID_id_aes192_wrap_pad:
- return "AES-192-WRAP-PAD";
- case NID_id_aes128_wrap_pad:
- return "AES-128-WRAP-PAD";
- case NID_des_ede3_ecb:
- return "DES-EDE3";
- case NID_des_ede3_cbc:
- return "DES-EDE3-CBC";
- case NID_aes_256_cbc_hmac_sha256:
- return "AES-256-CBC-HMAC-SHA256";
- case NID_aes_128_cbc_hmac_sha256:
- return "AES-128-CBC-HMAC-SHA256";
- case NID_aes_256_cbc_hmac_sha1:
- return "AES-256-CBC-HMAC-SHA1";
- case NID_aes_128_cbc_hmac_sha1:
- return "AES-128-CBC-HMAC-SHA1";
- default:
- break;
- }
-
- return NULL;
-}
-
/*
* For the algorithm names, we use the following formula for our primary
* names:
ossl_aes192wrappad_functions),
ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
ossl_aes128wrappad_functions),
+ ALG("AES-256-WRAP-INV:AES256-WRAP-INV", ossl_aes256wrapinv_functions),
+ ALG("AES-192-WRAP-INV:AES192-WRAP-INV", ossl_aes192wrapinv_functions),
+ ALG("AES-128-WRAP-INV:AES128-WRAP-INV", ossl_aes128wrapinv_functions),
+ ALG("AES-256-WRAP-PAD-INV:AES256-WRAP-PAD-INV",
+ ossl_aes256wrappadinv_functions),
+ ALG("AES-192-WRAP-PAD-INV:AES192-WRAP-PAD-INV",
+ ossl_aes192wrappadinv_functions),
+ ALG("AES-128-WRAP-PAD-INV:AES128-WRAP-PAD-INV",
+ ossl_aes128wrappadinv_functions),
ALGC("AES-128-CBC-HMAC-SHA1", ossl_aes128cbc_hmac_sha1_functions,
- cipher_capable_aes_cbc_hmac_sha1),
+ ossl_cipher_capable_aes_cbc_hmac_sha1),
ALGC("AES-256-CBC-HMAC-SHA1", ossl_aes256cbc_hmac_sha1_functions,
- cipher_capable_aes_cbc_hmac_sha1),
+ ossl_cipher_capable_aes_cbc_hmac_sha1),
ALGC("AES-128-CBC-HMAC-SHA256", ossl_aes128cbc_hmac_sha256_functions,
- cipher_capable_aes_cbc_hmac_sha256),
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
ALGC("AES-256-CBC-HMAC-SHA256", ossl_aes256cbc_hmac_sha256_functions,
- cipher_capable_aes_cbc_hmac_sha256),
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
#ifndef OPENSSL_NO_DES
ALG("DES-EDE3-ECB:DES-EDE3", ossl_tdes_ede3_ecb_functions),
ALG("DES-EDE3-CBC:DES3", ossl_tdes_ede3_cbc_functions),
{ "SSKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
{ "PBKDF2", FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions },
{ "SSHKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
- { "X963KDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions },
+ { "X963KDF:X942KDF-CONCAT", FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_x963_kdf_functions },
+ { "X942KDF-ASN1:X942KDF", FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_x942_kdf_functions },
{ "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions },
{ "KBKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
{ NULL, NULL, NULL }
static void fips_teardown(void *provctx)
{
- OPENSSL_CTX_free(PROV_LIBRARY_CONTEXT_OF(provctx));
+ OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
ossl_prov_ctx_free(provctx);
}
void **provctx)
{
FIPS_GLOBAL *fgbl;
- OPENSSL_CTX *libctx = NULL;
+ OSSL_LIB_CTX *libctx = NULL;
+ if (!ossl_prov_seeding_from_dispatch(in))
+ return 0;
for (; in->function_id != 0; in++) {
switch (in->function_id) {
- case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
- c_get_libctx = OSSL_FUNC_core_get_library_context(in);
+ case OSSL_FUNC_CORE_GET_LIBCTX:
+ c_get_libctx = OSSL_FUNC_core_get_libctx(in);
break;
case OSSL_FUNC_CORE_GETTABLE_PARAMS:
c_gettable_params = OSSL_FUNC_core_gettable_params(in);
case OSSL_FUNC_BIO_VSNPRINTF:
c_BIO_vsnprintf = OSSL_FUNC_BIO_vsnprintf(in);
break;
- case OSSL_FUNC_SELF_TEST_CB: {
+ case OSSL_FUNC_SELF_TEST_CB:
c_stcbfn = OSSL_FUNC_self_test_cb(in);
break;
- }
default:
/* Just ignore anything we don't understand */
break;
/* Create a context. */
if ((*provctx = ossl_prov_ctx_new()) == NULL
- || (libctx = OPENSSL_CTX_new()) == NULL) {
+ || (libctx = OSSL_LIB_CTX_new()) == NULL) {
/*
* We free libctx separately here and only here because it hasn't
* been attached to *provctx. All other error paths below rely
* solely on fips_teardown.
*/
- OPENSSL_CTX_free(libctx);
+ OSSL_LIB_CTX_free(libctx);
goto err;
}
- ossl_prov_ctx_set0_library_context(*provctx, libctx);
+ ossl_prov_ctx_set0_libctx(*provctx, libctx);
ossl_prov_ctx_set0_handle(*provctx, handle);
- if ((fgbl = openssl_ctx_get_data(libctx, OPENSSL_CTX_FIPS_PROV_INDEX,
- &fips_prov_ossl_ctx_method)) == NULL)
+ if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX,
+ &fips_prov_ossl_ctx_method)) == NULL)
goto err;
fgbl->handle = handle;
const OSSL_DISPATCH **out,
void **provctx)
{
- OSSL_FUNC_core_get_library_context_fn *c_internal_get_libctx = NULL;
+ OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL;
for (; in->function_id != 0; in++) {
switch (in->function_id) {
- case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
- c_internal_get_libctx = OSSL_FUNC_core_get_library_context(in);
+ case OSSL_FUNC_CORE_GET_LIBCTX:
+ c_internal_get_libctx = OSSL_FUNC_core_get_libctx(in);
break;
default:
break;
* internal provider. This is not something that most providers would be
* able to do.
*/
- ossl_prov_ctx_set0_library_context(
- *provctx, (OPENSSL_CTX *)c_internal_get_libctx(handle)
- );
+ ossl_prov_ctx_set0_libctx(*provctx,
+ (OSSL_LIB_CTX *)c_internal_get_libctx(handle));
ossl_prov_ctx_set0_handle(*provctx, handle);
*out = intern_dispatch_table;
/*
* This must take a library context, since it's called from the depths
* of crypto/initthread.c code, where it's (correctly) assumed that the
- * passed caller argument is an OPENSSL_CTX pointer (since the same routine
+ * passed caller argument is an OSSL_LIB_CTX pointer (since the same routine
* is also called from other parts of libcrypto, which all pass around a
- * OPENSSL_CTX pointer)
+ * OSSL_LIB_CTX pointer)
*/
-const OSSL_CORE_HANDLE *FIPS_get_core_handle(OPENSSL_CTX *libctx)
+const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx)
{
- FIPS_GLOBAL *fgbl = openssl_ctx_get_data(libctx,
- OPENSSL_CTX_FIPS_PROV_INDEX,
- &fips_prov_ossl_ctx_method);
+ FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx,
+ OSSL_LIB_CTX_FIPS_PROV_INDEX,
+ &fips_prov_ossl_ctx_method);
if (fgbl == NULL)
return NULL;
return fips_security_checks;
}
-void OSSL_SELF_TEST_get_callback(OPENSSL_CTX *libctx, OSSL_CALLBACK **cb,
+void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb,
void **cbarg)
{
if (libctx == NULL)