1 /* 2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <assert.h> 11 #include <openssl/core_dispatch.h> 12 #include <openssl/core_names.h> 13 #include <openssl/params.h> 14 #include <openssl/fips_names.h> 15 #include <openssl/rand.h> /* RAND_get0_public() */ 16 #include <openssl/proverr.h> 17 #include "internal/cryptlib.h" 18 #include "prov/implementations.h" 19 #include "prov/names.h" 20 #include "prov/provider_ctx.h" 21 #include "prov/providercommon.h" 22 #include "prov/provider_util.h" 23 #include "prov/seeding.h" 24 #include "self_test.h" 25 #include "internal/core.h" 26 27 static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; 28 static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; 29 30 /* 31 * Forward declarations to ensure that interface functions are correctly 32 * defined. 33 */ 34 static OSSL_FUNC_provider_teardown_fn fips_teardown; 35 static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; 36 static OSSL_FUNC_provider_get_params_fn fips_get_params; 37 static OSSL_FUNC_provider_query_operation_fn fips_query; 38 39 #define ALGC(NAMES, FUNC, CHECK) { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } 40 #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) 41 42 extern OSSL_FUNC_core_thread_start_fn *c_thread_start; 43 int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx); 44 45 /* 46 * Should these function pointers be stored in the provider side provctx? Could 47 * they ever be different from one init to the next? We assume not for now. 48 */ 49 50 /* Functions provided by the core */ 51 static OSSL_FUNC_core_gettable_params_fn *c_gettable_params; 52 static OSSL_FUNC_core_get_params_fn *c_get_params; 53 OSSL_FUNC_core_thread_start_fn *c_thread_start; 54 static OSSL_FUNC_core_new_error_fn *c_new_error; 55 static OSSL_FUNC_core_set_error_debug_fn *c_set_error_debug; 56 static OSSL_FUNC_core_vset_error_fn *c_vset_error; 57 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark; 58 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark; 59 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark; 60 static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc; 61 static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; 62 static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free; 63 static OSSL_FUNC_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; 64 static OSSL_FUNC_CRYPTO_realloc_fn *c_CRYPTO_realloc; 65 static OSSL_FUNC_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; 66 static OSSL_FUNC_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; 67 static OSSL_FUNC_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; 68 static OSSL_FUNC_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; 69 static OSSL_FUNC_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; 70 static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; 71 static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; 72 static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL; 73 static OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; 74 75 typedef struct fips_global_st { 76 const OSSL_CORE_HANDLE *handle; 77 SELF_TEST_POST_PARAMS selftest_params; 78 int fips_security_checks; 79 const char *fips_security_check_option; 80 } FIPS_GLOBAL; 81 82 static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) 83 { 84 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); 85 86 if (fgbl == NULL) 87 return NULL; 88 fgbl->fips_security_checks = 1; 89 fgbl->fips_security_check_option = "1"; 90 91 return fgbl; 92 } 93 94 static void fips_prov_ossl_ctx_free(void *fgbl) 95 { 96 OPENSSL_free(fgbl); 97 } 98 99 static const OSSL_LIB_CTX_METHOD fips_prov_ossl_ctx_method = { 100 OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, 101 fips_prov_ossl_ctx_new, 102 fips_prov_ossl_ctx_free, 103 }; 104 105 106 /* Parameters we provide to the core */ 107 static const OSSL_PARAM fips_param_types[] = { 108 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), 109 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), 110 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), 111 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), 112 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0), 113 OSSL_PARAM_END 114 }; 115 116 static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) 117 { 118 /* 119 * Parameters to retrieve from the core provider - required for self testing. 120 * NOTE: inside core_get_params() these will be loaded from config items 121 * stored inside prov->parameters (except for 122 * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). 123 * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS is not a self test parameter. 124 */ 125 OSSL_PARAM core_params[8], *p = core_params; 126 127 *p++ = OSSL_PARAM_construct_utf8_ptr( 128 OSSL_PROV_PARAM_CORE_MODULE_FILENAME, 129 (char **)&fgbl->selftest_params.module_filename, 130 sizeof(fgbl->selftest_params.module_filename)); 131 *p++ = OSSL_PARAM_construct_utf8_ptr( 132 OSSL_PROV_FIPS_PARAM_MODULE_MAC, 133 (char **)&fgbl->selftest_params.module_checksum_data, 134 sizeof(fgbl->selftest_params.module_checksum_data)); 135 *p++ = OSSL_PARAM_construct_utf8_ptr( 136 OSSL_PROV_FIPS_PARAM_INSTALL_MAC, 137 (char **)&fgbl->selftest_params.indicator_checksum_data, 138 sizeof(fgbl->selftest_params.indicator_checksum_data)); 139 *p++ = OSSL_PARAM_construct_utf8_ptr( 140 OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, 141 (char **)&fgbl->selftest_params.indicator_data, 142 sizeof(fgbl->selftest_params.indicator_data)); 143 *p++ = OSSL_PARAM_construct_utf8_ptr( 144 OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, 145 (char **)&fgbl->selftest_params.indicator_version, 146 sizeof(fgbl->selftest_params.indicator_version)); 147 *p++ = OSSL_PARAM_construct_utf8_ptr( 148 OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, 149 (char **)&fgbl->selftest_params.conditional_error_check, 150 sizeof(fgbl->selftest_params.conditional_error_check)); 151 *p++ = OSSL_PARAM_construct_utf8_ptr( 152 OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, 153 (char **)&fgbl->fips_security_check_option, 154 sizeof(fgbl->fips_security_check_option)); 155 *p = OSSL_PARAM_construct_end(); 156 157 if (!c_get_params(fgbl->handle, core_params)) { 158 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); 159 return 0; 160 } 161 162 return 1; 163 } 164 165 static const OSSL_PARAM *fips_gettable_params(void *provctx) 166 { 167 return fips_param_types; 168 } 169 170 static int fips_get_params(void *provctx, OSSL_PARAM params[]) 171 { 172 OSSL_PARAM *p; 173 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), 174 OSSL_LIB_CTX_FIPS_PROV_INDEX, 175 &fips_prov_ossl_ctx_method); 176 177 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); 178 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) 179 return 0; 180 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); 181 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) 182 return 0; 183 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); 184 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) 185 return 0; 186 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); 187 if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) 188 return 0; 189 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_SECURITY_CHECKS); 190 if (p != NULL && !OSSL_PARAM_set_int(p, fgbl->fips_security_checks)) 191 return 0; 192 return 1; 193 } 194 195 static void set_self_test_cb(FIPS_GLOBAL *fgbl) 196 { 197 const OSSL_CORE_HANDLE *handle = 198 FIPS_get_core_handle(fgbl->selftest_params.libctx); 199 200 if (c_stcbfn != NULL && c_get_libctx != NULL) { 201 c_stcbfn(c_get_libctx(handle), &fgbl->selftest_params.cb, 202 &fgbl->selftest_params.cb_arg); 203 } else { 204 fgbl->selftest_params.cb = NULL; 205 fgbl->selftest_params.cb_arg = NULL; 206 } 207 } 208 209 static int fips_self_test(void *provctx) 210 { 211 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), 212 OSSL_LIB_CTX_FIPS_PROV_INDEX, 213 &fips_prov_ossl_ctx_method); 214 215 set_self_test_cb(fgbl); 216 return SELF_TEST_post(&fgbl->selftest_params, 1) ? 1 : 0; 217 } 218 219 /* 220 * For the algorithm names, we use the following formula for our primary 221 * names: 222 * 223 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] 224 * 225 * VERSION is only present if there are multiple versions of 226 * an alg (MD2, MD4, MD5). It may be omitted if there is only 227 * one version (if a subsequent version is released in the future, 228 * we can always change the canonical name, and add the old name 229 * as an alias). 230 * 231 * SUBNAME may be present where we are combining multiple 232 * algorithms together, e.g. MD5-SHA1. 233 * 234 * SIZE is only present if multiple versions of an algorithm exist 235 * with different sizes (e.g. AES-128-CBC, AES-256-CBC) 236 * 237 * MODE is only present where applicable. 238 * 239 * We add diverse other names where applicable, such as the names that 240 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names 241 * we have used historically. 242 */ 243 static const OSSL_ALGORITHM fips_digests[] = { 244 /* Our primary name:NiST name[:our older names] */ 245 { PROV_NAMES_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_sha1_functions }, 246 { PROV_NAMES_SHA2_224, FIPS_DEFAULT_PROPERTIES, ossl_sha224_functions }, 247 { PROV_NAMES_SHA2_256, FIPS_DEFAULT_PROPERTIES, ossl_sha256_functions }, 248 { PROV_NAMES_SHA2_384, FIPS_DEFAULT_PROPERTIES, ossl_sha384_functions }, 249 { PROV_NAMES_SHA2_512, FIPS_DEFAULT_PROPERTIES, ossl_sha512_functions }, 250 { PROV_NAMES_SHA2_512_224, FIPS_DEFAULT_PROPERTIES, 251 ossl_sha512_224_functions }, 252 { PROV_NAMES_SHA2_512_256, FIPS_DEFAULT_PROPERTIES, 253 ossl_sha512_256_functions }, 254 255 /* We agree with NIST here, so one name only */ 256 { PROV_NAMES_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_sha3_224_functions }, 257 { PROV_NAMES_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_sha3_256_functions }, 258 { PROV_NAMES_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_sha3_384_functions }, 259 { PROV_NAMES_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_sha3_512_functions }, 260 261 { PROV_NAMES_SHAKE_128, FIPS_DEFAULT_PROPERTIES, ossl_shake_128_functions }, 262 { PROV_NAMES_SHAKE_256, FIPS_DEFAULT_PROPERTIES, ossl_shake_256_functions }, 263 264 /* 265 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for 266 * KMAC128 and KMAC256. 267 */ 268 { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES, 269 ossl_keccak_kmac_128_functions }, 270 { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES, 271 ossl_keccak_kmac_256_functions }, 272 { NULL, NULL, NULL } 273 }; 274 275 static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { 276 /* Our primary name[:ASN.1 OID name][:our older names] */ 277 ALG(PROV_NAMES_AES_256_ECB, ossl_aes256ecb_functions), 278 ALG(PROV_NAMES_AES_192_ECB, ossl_aes192ecb_functions), 279 ALG(PROV_NAMES_AES_128_ECB, ossl_aes128ecb_functions), 280 ALG(PROV_NAMES_AES_256_CBC, ossl_aes256cbc_functions), 281 ALG(PROV_NAMES_AES_192_CBC, ossl_aes192cbc_functions), 282 ALG(PROV_NAMES_AES_128_CBC, ossl_aes128cbc_functions), 283 ALG(PROV_NAMES_AES_256_CBC_CTS, ossl_aes256cbc_cts_functions), 284 ALG(PROV_NAMES_AES_192_CBC_CTS, ossl_aes192cbc_cts_functions), 285 ALG(PROV_NAMES_AES_128_CBC_CTS, ossl_aes128cbc_cts_functions), 286 ALG(PROV_NAMES_AES_256_OFB, ossl_aes256ofb_functions), 287 ALG(PROV_NAMES_AES_192_OFB, ossl_aes192ofb_functions), 288 ALG(PROV_NAMES_AES_128_OFB, ossl_aes128ofb_functions), 289 ALG(PROV_NAMES_AES_256_CFB, ossl_aes256cfb_functions), 290 ALG(PROV_NAMES_AES_192_CFB, ossl_aes192cfb_functions), 291 ALG(PROV_NAMES_AES_128_CFB, ossl_aes128cfb_functions), 292 ALG(PROV_NAMES_AES_256_CFB1, ossl_aes256cfb1_functions), 293 ALG(PROV_NAMES_AES_192_CFB1, ossl_aes192cfb1_functions), 294 ALG(PROV_NAMES_AES_128_CFB1, ossl_aes128cfb1_functions), 295 ALG(PROV_NAMES_AES_256_CFB8, ossl_aes256cfb8_functions), 296 ALG(PROV_NAMES_AES_192_CFB8, ossl_aes192cfb8_functions), 297 ALG(PROV_NAMES_AES_128_CFB8, ossl_aes128cfb8_functions), 298 ALG(PROV_NAMES_AES_256_CTR, ossl_aes256ctr_functions), 299 ALG(PROV_NAMES_AES_192_CTR, ossl_aes192ctr_functions), 300 ALG(PROV_NAMES_AES_128_CTR, ossl_aes128ctr_functions), 301 ALG(PROV_NAMES_AES_256_XTS, ossl_aes256xts_functions), 302 ALG(PROV_NAMES_AES_128_XTS, ossl_aes128xts_functions), 303 ALG(PROV_NAMES_AES_256_GCM, ossl_aes256gcm_functions), 304 ALG(PROV_NAMES_AES_192_GCM, ossl_aes192gcm_functions), 305 ALG(PROV_NAMES_AES_128_GCM, ossl_aes128gcm_functions), 306 ALG(PROV_NAMES_AES_256_CCM, ossl_aes256ccm_functions), 307 ALG(PROV_NAMES_AES_192_CCM, ossl_aes192ccm_functions), 308 ALG(PROV_NAMES_AES_128_CCM, ossl_aes128ccm_functions), 309 ALG(PROV_NAMES_AES_256_WRAP, ossl_aes256wrap_functions), 310 ALG(PROV_NAMES_AES_192_WRAP, ossl_aes192wrap_functions), 311 ALG(PROV_NAMES_AES_128_WRAP, ossl_aes128wrap_functions), 312 ALG(PROV_NAMES_AES_256_WRAP_PAD, ossl_aes256wrappad_functions), 313 ALG(PROV_NAMES_AES_192_WRAP_PAD, ossl_aes192wrappad_functions), 314 ALG(PROV_NAMES_AES_128_WRAP_PAD, ossl_aes128wrappad_functions), 315 ALG(PROV_NAMES_AES_256_WRAP_INV, ossl_aes256wrapinv_functions), 316 ALG(PROV_NAMES_AES_192_WRAP_INV, ossl_aes192wrapinv_functions), 317 ALG(PROV_NAMES_AES_128_WRAP_INV, ossl_aes128wrapinv_functions), 318 ALG(PROV_NAMES_AES_256_WRAP_PAD_INV, ossl_aes256wrappadinv_functions), 319 ALG(PROV_NAMES_AES_192_WRAP_PAD_INV, ossl_aes192wrappadinv_functions), 320 ALG(PROV_NAMES_AES_128_WRAP_PAD_INV, ossl_aes128wrappadinv_functions), 321 ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA1, ossl_aes128cbc_hmac_sha1_functions, 322 ossl_cipher_capable_aes_cbc_hmac_sha1), 323 ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA1, ossl_aes256cbc_hmac_sha1_functions, 324 ossl_cipher_capable_aes_cbc_hmac_sha1), 325 ALGC(PROV_NAMES_AES_128_CBC_HMAC_SHA256, ossl_aes128cbc_hmac_sha256_functions, 326 ossl_cipher_capable_aes_cbc_hmac_sha256), 327 ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, 328 ossl_cipher_capable_aes_cbc_hmac_sha256), 329 #ifndef OPENSSL_NO_DES 330 ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), 331 ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), 332 #endif /* OPENSSL_NO_DES */ 333 { { NULL, NULL, NULL }, NULL } 334 }; 335 static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; 336 337 static const OSSL_ALGORITHM fips_macs[] = { 338 #ifndef OPENSSL_NO_CMAC 339 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, 340 #endif 341 { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions }, 342 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions }, 343 { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions }, 344 { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, 345 { NULL, NULL, NULL } 346 }; 347 348 static const OSSL_ALGORITHM fips_kdfs[] = { 349 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, 350 { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, 351 ossl_kdf_tls1_3_kdf_functions }, 352 { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, 353 { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, 354 { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, 355 { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, 356 ossl_kdf_x963_kdf_functions }, 357 { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, 358 ossl_kdf_x942_kdf_functions }, 359 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, 360 ossl_kdf_tls1_prf_functions }, 361 { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, 362 { NULL, NULL, NULL } 363 }; 364 365 static const OSSL_ALGORITHM fips_rands[] = { 366 { PROV_NAMES_CTR_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_ctr_functions }, 367 { PROV_NAMES_HASH_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_hash_functions }, 368 { PROV_NAMES_HMAC_DRBG, FIPS_DEFAULT_PROPERTIES, ossl_drbg_ossl_hmac_functions }, 369 { PROV_NAMES_TEST_RAND, FIPS_UNAPPROVED_PROPERTIES, ossl_test_rng_functions }, 370 { NULL, NULL, NULL } 371 }; 372 373 static const OSSL_ALGORITHM fips_keyexch[] = { 374 #ifndef OPENSSL_NO_DH 375 { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keyexch_functions }, 376 #endif 377 #ifndef OPENSSL_NO_EC 378 { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions }, 379 { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions }, 380 { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions }, 381 #endif 382 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, 383 ossl_kdf_tls1_prf_keyexch_functions }, 384 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_keyexch_functions }, 385 { NULL, NULL, NULL } 386 }; 387 388 static const OSSL_ALGORITHM fips_signature[] = { 389 #ifndef OPENSSL_NO_DSA 390 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, 391 #endif 392 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, 393 #ifndef OPENSSL_NO_EC 394 { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, 395 { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_signature_functions }, 396 { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, 397 #endif 398 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, 399 ossl_mac_legacy_hmac_signature_functions }, 400 #ifndef OPENSSL_NO_CMAC 401 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, 402 ossl_mac_legacy_cmac_signature_functions }, 403 #endif 404 { NULL, NULL, NULL } 405 }; 406 407 static const OSSL_ALGORITHM fips_asym_cipher[] = { 408 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions }, 409 { NULL, NULL, NULL } 410 }; 411 412 static const OSSL_ALGORITHM fips_asym_kem[] = { 413 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_kem_functions }, 414 { NULL, NULL, NULL } 415 }; 416 417 static const OSSL_ALGORITHM fips_keymgmt[] = { 418 #ifndef OPENSSL_NO_DH 419 { PROV_NAMES_DH, FIPS_DEFAULT_PROPERTIES, ossl_dh_keymgmt_functions, 420 PROV_DESCS_DH }, 421 { PROV_NAMES_DHX, FIPS_DEFAULT_PROPERTIES, ossl_dhx_keymgmt_functions, 422 PROV_DESCS_DHX }, 423 #endif 424 #ifndef OPENSSL_NO_DSA 425 { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions, 426 PROV_DESCS_DSA }, 427 #endif 428 { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions, 429 PROV_DESCS_RSA }, 430 { PROV_NAMES_RSA_PSS, FIPS_DEFAULT_PROPERTIES, 431 ossl_rsapss_keymgmt_functions, PROV_DESCS_RSA_PSS }, 432 #ifndef OPENSSL_NO_EC 433 { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions, 434 PROV_DESCS_EC }, 435 { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions, 436 PROV_DESCS_X25519 }, 437 { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions, 438 PROV_DESCS_X448 }, 439 { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, 440 PROV_DESCS_ED25519 }, 441 { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, 442 PROV_DESCS_ED448 }, 443 #endif 444 { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, 445 PROV_DESCS_TLS1_PRF_SIGN }, 446 { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions, 447 PROV_DESCS_HKDF_SIGN }, 448 { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_mac_legacy_keymgmt_functions, 449 PROV_DESCS_HMAC_SIGN }, 450 #ifndef OPENSSL_NO_CMAC 451 { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, 452 ossl_cmac_legacy_keymgmt_functions, PROV_DESCS_CMAC_SIGN }, 453 #endif 454 { NULL, NULL, NULL } 455 }; 456 457 static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, 458 int *no_cache) 459 { 460 *no_cache = 0; 461 462 if (!ossl_prov_is_running()) 463 return NULL; 464 465 switch (operation_id) { 466 case OSSL_OP_DIGEST: 467 return fips_digests; 468 case OSSL_OP_CIPHER: 469 return exported_fips_ciphers; 470 case OSSL_OP_MAC: 471 return fips_macs; 472 case OSSL_OP_KDF: 473 return fips_kdfs; 474 case OSSL_OP_RAND: 475 return fips_rands; 476 case OSSL_OP_KEYMGMT: 477 return fips_keymgmt; 478 case OSSL_OP_KEYEXCH: 479 return fips_keyexch; 480 case OSSL_OP_SIGNATURE: 481 return fips_signature; 482 case OSSL_OP_ASYM_CIPHER: 483 return fips_asym_cipher; 484 case OSSL_OP_KEM: 485 return fips_asym_kem; 486 } 487 return NULL; 488 } 489 490 static void fips_teardown(void *provctx) 491 { 492 OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); 493 ossl_prov_ctx_free(provctx); 494 } 495 496 static void fips_intern_teardown(void *provctx) 497 { 498 /* 499 * We know that the library context is the same as for the outer provider, 500 * so no need to destroy it here. 501 */ 502 ossl_prov_ctx_free(provctx); 503 } 504 505 /* Functions we provide to the core */ 506 static const OSSL_DISPATCH fips_dispatch_table[] = { 507 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown }, 508 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, 509 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, 510 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, 511 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, 512 (void (*)(void))ossl_prov_get_capabilities }, 513 { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, 514 { 0, NULL } 515 }; 516 517 /* Functions we provide to ourself */ 518 static const OSSL_DISPATCH intern_dispatch_table[] = { 519 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, 520 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, 521 { 0, NULL } 522 }; 523 524 /* 525 * On VMS, the provider init function name is expected to be uppercase, 526 * see the pragmas in <openssl/core.h>. Let's do the same with this 527 * internal name. This is how symbol names are treated by default 528 * by the compiler if nothing else is said, but since this is part 529 * of libfips, and we build our libraries with mixed case symbol names, 530 * we must switch back to this default explicitly here. 531 */ 532 #ifdef __VMS 533 # pragma names save 534 # pragma names uppercase,truncated 535 #endif 536 OSSL_provider_init_fn OSSL_provider_init_int; 537 #ifdef __VMS 538 # pragma names restore 539 #endif 540 int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, 541 const OSSL_DISPATCH *in, 542 const OSSL_DISPATCH **out, 543 void **provctx) 544 { 545 FIPS_GLOBAL *fgbl; 546 OSSL_LIB_CTX *libctx = NULL; 547 SELF_TEST_POST_PARAMS selftest_params; 548 549 memset(&selftest_params, 0, sizeof(selftest_params)); 550 551 if (!ossl_prov_seeding_from_dispatch(in)) 552 goto err; 553 for (; in->function_id != 0; in++) { 554 /* 555 * We do not support the scenario of an application linked against 556 * multiple versions of libcrypto (e.g. one static and one dynamic), but 557 * sharing a single fips.so. We do a simple sanity check here. 558 */ 559 #define set_func(c, f) if (c == NULL) c = f; else if (c != f) return 0; 560 switch (in->function_id) { 561 case OSSL_FUNC_CORE_GET_LIBCTX: 562 set_func(c_get_libctx, OSSL_FUNC_core_get_libctx(in)); 563 break; 564 case OSSL_FUNC_CORE_GETTABLE_PARAMS: 565 set_func(c_gettable_params, OSSL_FUNC_core_gettable_params(in)); 566 break; 567 case OSSL_FUNC_CORE_GET_PARAMS: 568 set_func(c_get_params, OSSL_FUNC_core_get_params(in)); 569 break; 570 case OSSL_FUNC_CORE_THREAD_START: 571 set_func(c_thread_start, OSSL_FUNC_core_thread_start(in)); 572 break; 573 case OSSL_FUNC_CORE_NEW_ERROR: 574 set_func(c_new_error, OSSL_FUNC_core_new_error(in)); 575 break; 576 case OSSL_FUNC_CORE_SET_ERROR_DEBUG: 577 set_func(c_set_error_debug, OSSL_FUNC_core_set_error_debug(in)); 578 break; 579 case OSSL_FUNC_CORE_VSET_ERROR: 580 set_func(c_vset_error, OSSL_FUNC_core_vset_error(in)); 581 break; 582 case OSSL_FUNC_CORE_SET_ERROR_MARK: 583 set_func(c_set_error_mark, OSSL_FUNC_core_set_error_mark(in)); 584 break; 585 case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: 586 set_func(c_clear_last_error_mark, 587 OSSL_FUNC_core_clear_last_error_mark(in)); 588 break; 589 case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: 590 set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in)); 591 break; 592 case OSSL_FUNC_CRYPTO_MALLOC: 593 set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in)); 594 break; 595 case OSSL_FUNC_CRYPTO_ZALLOC: 596 set_func(c_CRYPTO_zalloc, OSSL_FUNC_CRYPTO_zalloc(in)); 597 break; 598 case OSSL_FUNC_CRYPTO_FREE: 599 set_func(c_CRYPTO_free, OSSL_FUNC_CRYPTO_free(in)); 600 break; 601 case OSSL_FUNC_CRYPTO_CLEAR_FREE: 602 set_func(c_CRYPTO_clear_free, OSSL_FUNC_CRYPTO_clear_free(in)); 603 break; 604 case OSSL_FUNC_CRYPTO_REALLOC: 605 set_func(c_CRYPTO_realloc, OSSL_FUNC_CRYPTO_realloc(in)); 606 break; 607 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: 608 set_func(c_CRYPTO_clear_realloc, 609 OSSL_FUNC_CRYPTO_clear_realloc(in)); 610 break; 611 case OSSL_FUNC_CRYPTO_SECURE_MALLOC: 612 set_func(c_CRYPTO_secure_malloc, 613 OSSL_FUNC_CRYPTO_secure_malloc(in)); 614 break; 615 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: 616 set_func(c_CRYPTO_secure_zalloc, 617 OSSL_FUNC_CRYPTO_secure_zalloc(in)); 618 break; 619 case OSSL_FUNC_CRYPTO_SECURE_FREE: 620 set_func(c_CRYPTO_secure_free, 621 OSSL_FUNC_CRYPTO_secure_free(in)); 622 break; 623 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: 624 set_func(c_CRYPTO_secure_clear_free, 625 OSSL_FUNC_CRYPTO_secure_clear_free(in)); 626 break; 627 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: 628 set_func(c_CRYPTO_secure_allocated, 629 OSSL_FUNC_CRYPTO_secure_allocated(in)); 630 break; 631 case OSSL_FUNC_BIO_NEW_FILE: 632 set_func(selftest_params.bio_new_file_cb, 633 OSSL_FUNC_BIO_new_file(in)); 634 break; 635 case OSSL_FUNC_BIO_NEW_MEMBUF: 636 set_func(selftest_params.bio_new_buffer_cb, 637 OSSL_FUNC_BIO_new_membuf(in)); 638 break; 639 case OSSL_FUNC_BIO_READ_EX: 640 set_func(selftest_params.bio_read_ex_cb, 641 OSSL_FUNC_BIO_read_ex(in)); 642 break; 643 case OSSL_FUNC_BIO_FREE: 644 set_func(selftest_params.bio_free_cb, OSSL_FUNC_BIO_free(in)); 645 break; 646 case OSSL_FUNC_BIO_VSNPRINTF: 647 set_func(c_BIO_vsnprintf, OSSL_FUNC_BIO_vsnprintf(in)); 648 break; 649 case OSSL_FUNC_SELF_TEST_CB: 650 set_func(c_stcbfn, OSSL_FUNC_self_test_cb(in)); 651 break; 652 default: 653 /* Just ignore anything we don't understand */ 654 break; 655 } 656 } 657 658 /* Create a context. */ 659 if ((*provctx = ossl_prov_ctx_new()) == NULL 660 || (libctx = OSSL_LIB_CTX_new()) == NULL) { 661 /* 662 * We free libctx separately here and only here because it hasn't 663 * been attached to *provctx. All other error paths below rely 664 * solely on fips_teardown. 665 */ 666 OSSL_LIB_CTX_free(libctx); 667 goto err; 668 } 669 670 if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX, 671 &fips_prov_ossl_ctx_method)) == NULL) 672 goto err; 673 674 fgbl->handle = handle; 675 676 /* 677 * We did initial set up of selftest_params in a local copy, because we 678 * could not create fgbl until c_CRYPTO_zalloc was defined in the loop 679 * above. 680 */ 681 fgbl->selftest_params = selftest_params; 682 683 fgbl->selftest_params.libctx = libctx; 684 685 set_self_test_cb(fgbl); 686 687 if (!fips_get_params_from_core(fgbl)) { 688 /* Error already raised */ 689 goto err; 690 } 691 /* 692 * Disable the conditional error check if it's disabled in the fips config 693 * file. 694 */ 695 if (fgbl->selftest_params.conditional_error_check != NULL 696 && strcmp(fgbl->selftest_params.conditional_error_check, "0") == 0) 697 SELF_TEST_disable_conditional_error_state(); 698 699 /* Disable the security check if it's disabled in the fips config file. */ 700 if (fgbl->fips_security_check_option != NULL 701 && strcmp(fgbl->fips_security_check_option, "0") == 0) 702 fgbl->fips_security_checks = 0; 703 704 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); 705 706 if (!SELF_TEST_post(&fgbl->selftest_params, 0)) { 707 ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_POST_FAILURE); 708 goto err; 709 } 710 711 ossl_prov_ctx_set0_libctx(*provctx, libctx); 712 ossl_prov_ctx_set0_handle(*provctx, handle); 713 714 *out = fips_dispatch_table; 715 return 1; 716 err: 717 fips_teardown(*provctx); 718 OSSL_LIB_CTX_free(libctx); 719 *provctx = NULL; 720 return 0; 721 } 722 723 /* 724 * The internal init function used when the FIPS module uses EVP to call 725 * another algorithm also in the FIPS module. This is a recursive call that has 726 * been made from within the FIPS module itself. To make this work, we populate 727 * the provider context of this inner instance with the same library context 728 * that was used in the EVP call that initiated this recursive call. 729 */ 730 OSSL_provider_init_fn ossl_fips_intern_provider_init; 731 int ossl_fips_intern_provider_init(const OSSL_CORE_HANDLE *handle, 732 const OSSL_DISPATCH *in, 733 const OSSL_DISPATCH **out, 734 void **provctx) 735 { 736 OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL; 737 738 for (; in->function_id != 0; in++) { 739 switch (in->function_id) { 740 case OSSL_FUNC_CORE_GET_LIBCTX: 741 c_internal_get_libctx = OSSL_FUNC_core_get_libctx(in); 742 break; 743 default: 744 break; 745 } 746 } 747 748 if (c_internal_get_libctx == NULL) 749 return 0; 750 751 if ((*provctx = ossl_prov_ctx_new()) == NULL) 752 return 0; 753 754 /* 755 * Using the parent library context only works because we are a built-in 756 * internal provider. This is not something that most providers would be 757 * able to do. 758 */ 759 ossl_prov_ctx_set0_libctx(*provctx, 760 (OSSL_LIB_CTX *)c_internal_get_libctx(handle)); 761 ossl_prov_ctx_set0_handle(*provctx, handle); 762 763 *out = intern_dispatch_table; 764 return 1; 765 } 766 767 void ERR_new(void) 768 { 769 c_new_error(NULL); 770 } 771 772 void ERR_set_debug(const char *file, int line, const char *func) 773 { 774 c_set_error_debug(NULL, file, line, func); 775 } 776 777 void ERR_set_error(int lib, int reason, const char *fmt, ...) 778 { 779 va_list args; 780 781 va_start(args, fmt); 782 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); 783 va_end(args); 784 } 785 786 void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) 787 { 788 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); 789 } 790 791 int ERR_set_mark(void) 792 { 793 return c_set_error_mark(NULL); 794 } 795 796 int ERR_clear_last_mark(void) 797 { 798 return c_clear_last_error_mark(NULL); 799 } 800 801 int ERR_pop_to_mark(void) 802 { 803 return c_pop_error_to_mark(NULL); 804 } 805 806 /* 807 * This must take a library context, since it's called from the depths 808 * of crypto/initthread.c code, where it's (correctly) assumed that the 809 * passed caller argument is an OSSL_LIB_CTX pointer (since the same routine 810 * is also called from other parts of libcrypto, which all pass around a 811 * OSSL_LIB_CTX pointer) 812 */ 813 const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) 814 { 815 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, 816 OSSL_LIB_CTX_FIPS_PROV_INDEX, 817 &fips_prov_ossl_ctx_method); 818 819 if (fgbl == NULL) 820 return NULL; 821 822 return fgbl->handle; 823 } 824 825 void *CRYPTO_malloc(size_t num, const char *file, int line) 826 { 827 return c_CRYPTO_malloc(num, file, line); 828 } 829 830 void *CRYPTO_zalloc(size_t num, const char *file, int line) 831 { 832 return c_CRYPTO_zalloc(num, file, line); 833 } 834 835 void CRYPTO_free(void *ptr, const char *file, int line) 836 { 837 c_CRYPTO_free(ptr, file, line); 838 } 839 840 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) 841 { 842 c_CRYPTO_clear_free(ptr, num, file, line); 843 } 844 845 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) 846 { 847 return c_CRYPTO_realloc(addr, num, file, line); 848 } 849 850 void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, 851 const char *file, int line) 852 { 853 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); 854 } 855 856 void *CRYPTO_secure_malloc(size_t num, const char *file, int line) 857 { 858 return c_CRYPTO_secure_malloc(num, file, line); 859 } 860 861 void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) 862 { 863 return c_CRYPTO_secure_zalloc(num, file, line); 864 } 865 866 void CRYPTO_secure_free(void *ptr, const char *file, int line) 867 { 868 c_CRYPTO_secure_free(ptr, file, line); 869 } 870 871 void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) 872 { 873 c_CRYPTO_secure_clear_free(ptr, num, file, line); 874 } 875 876 int CRYPTO_secure_allocated(const void *ptr) 877 { 878 return c_CRYPTO_secure_allocated(ptr); 879 } 880 881 int BIO_snprintf(char *buf, size_t n, const char *format, ...) 882 { 883 va_list args; 884 int ret; 885 886 va_start(args, format); 887 ret = c_BIO_vsnprintf(buf, n, format, args); 888 va_end(args); 889 return ret; 890 } 891 892 int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx) 893 { 894 FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, 895 OSSL_LIB_CTX_FIPS_PROV_INDEX, 896 &fips_prov_ossl_ctx_method); 897 898 return fgbl->fips_security_checks; 899 } 900 901 void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, 902 void **cbarg) 903 { 904 assert(libctx != NULL); 905 906 if (c_stcbfn != NULL && c_get_libctx != NULL) { 907 /* Get the parent libctx */ 908 c_stcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb, cbarg); 909 } else { 910 if (cb != NULL) 911 *cb = NULL; 912 if (cbarg != NULL) 913 *cbarg = NULL; 914 } 915 } 916