diff options
Diffstat (limited to 'providers/fips/fipsprov.c')
-rw-r--r-- | providers/fips/fipsprov.c | 298 |
1 files changed, 182 insertions, 116 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 0174c6b33b..c446367dea 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,8 +12,10 @@ #include <openssl/core_names.h> #include <openssl/params.h> #include <openssl/fips_names.h> +#include <openssl/fipskey.h> #include <openssl/rand.h> /* RAND_get0_public() */ #include <openssl/proverr.h> +#include <openssl/indicator.h> #include "internal/cryptlib.h" #include "prov/implementations.h" #include "prov/names.h" @@ -21,10 +23,10 @@ #include "prov/providercommon.h" #include "prov/provider_util.h" #include "prov/seeding.h" -#include "prov/fipscommon.h" #include "internal/nelem.h" #include "self_test.h" #include "crypto/context.h" +#include "fipscommon.h" #include "internal/core.h" static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; @@ -38,13 +40,11 @@ static OSSL_FUNC_provider_teardown_fn fips_teardown; static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; static OSSL_FUNC_provider_get_params_fn fips_get_params; static OSSL_FUNC_provider_query_operation_fn fips_query; +static OSSL_FUNC_provider_query_operation_fn fips_query_internal; #define ALGC(NAMES, FUNC, CHECK) \ { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } -#define UNAPPROVED_ALGC(NAMES, FUNC, CHECK) \ - { { NAMES, FIPS_UNAPPROVED_PROPERTIES, FUNC }, CHECK } #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) -#define UNAPPROVED_ALG(NAMES, FUNC) UNAPPROVED_ALGC(NAMES, FUNC, NULL) extern OSSL_FUNC_core_thread_start_fn *c_thread_start; @@ -76,6 +76,7 @@ static OSSL_FUNC_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; static OSSL_FUNC_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; static OSSL_FUNC_BIO_vsnprintf_fn *c_BIO_vsnprintf; static OSSL_FUNC_self_test_cb_fn *c_stcbfn = NULL; +static OSSL_FUNC_indicator_cb_fn *c_indcbfn = NULL; static OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; typedef struct { @@ -86,9 +87,12 @@ typedef struct { typedef struct fips_global_st { const OSSL_CORE_HANDLE *handle; SELF_TEST_POST_PARAMS selftest_params; - FIPS_OPTION fips_security_checks; - FIPS_OPTION fips_tls1_prf_ems_check; - FIPS_OPTION fips_restricted_drgb_digests; + +#define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ + FIPS_OPTION fips_##structname; +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM + } FIPS_GLOBAL; static void init_fips_option(FIPS_OPTION *opt, int enabled) @@ -103,9 +107,12 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) if (fgbl == NULL) return NULL; - init_fips_option(&fgbl->fips_security_checks, 1); - init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */ - init_fips_option(&fgbl->fips_restricted_drgb_digests, 0); + +#define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ + init_fips_option(&fgbl->fips_##structname, initvalue); +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM + return fgbl; } @@ -114,68 +121,32 @@ void ossl_fips_prov_ossl_ctx_free(void *fgbl) OPENSSL_free(fgbl); } -/* Parameters we provide to the core */ -static const OSSL_PARAM fips_param_types[] = { - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_SECURITY_CHECKS, OSSL_PARAM_INTEGER, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, OSSL_PARAM_INTEGER, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, OSSL_PARAM_INTEGER, NULL, 0), - OSSL_PARAM_END -}; - +/* + * Parameters to retrieve from the core provider + * NOTE: inside core_get_params() these will be loaded from config items + * stored inside prov->parameters + */ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) { - /* - * Parameters to retrieve from the core provider - required for self testing. - * NOTE: inside core_get_params() these will be loaded from config items - * stored inside prov->parameters (except for - * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). - * OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS and - * OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK are not self test parameters. - */ - OSSL_PARAM core_params[10], *p = core_params; - - *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_PARAM_CORE_MODULE_FILENAME, - (char **)&fgbl->selftest_params.module_filename, - sizeof(fgbl->selftest_params.module_filename)); - *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_MODULE_MAC, - (char **)&fgbl->selftest_params.module_checksum_data, - sizeof(fgbl->selftest_params.module_checksum_data)); - *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_INSTALL_MAC, - (char **)&fgbl->selftest_params.indicator_checksum_data, - sizeof(fgbl->selftest_params.indicator_checksum_data)); - *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, - (char **)&fgbl->selftest_params.indicator_data, - sizeof(fgbl->selftest_params.indicator_data)); - *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, - (char **)&fgbl->selftest_params.indicator_version, - sizeof(fgbl->selftest_params.indicator_version)); - *p++ = OSSL_PARAM_construct_utf8_ptr( - OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, - (char **)&fgbl->selftest_params.conditional_error_check, - sizeof(fgbl->selftest_params.conditional_error_check)); - -/* FIPS features can be enabled or disabled independently */ -#define FIPS_FEATURE_OPTION(fgbl, pname, field) \ - *p++ = OSSL_PARAM_construct_utf8_ptr( \ - pname, (char **)&fgbl->field.option, \ - sizeof(fgbl->field.option)) - - FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, - fips_security_checks); - FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK, - fips_tls1_prf_ems_check); - FIPS_FEATURE_OPTION(fgbl, OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST, - fips_restricted_drgb_digests); -#undef FIPS_FEATURE_OPTION + OSSL_PARAM core_params[32], *p = core_params; + +#define OSSL_FIPS_PARAM(structname, paramname) \ + *p++ = OSSL_PARAM_construct_utf8_ptr( \ + paramname, (char **)&fgbl->selftest_params.structname, \ + sizeof(fgbl->selftest_params.structname)); + +/* Parameters required for self testing */ +#include "fips_selftest_params.inc" +#undef OSSL_FIPS_PARAM + +/* FIPS indicator options can be enabled or disabled independently */ +#define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ + *p++ = OSSL_PARAM_construct_utf8_ptr( \ + OSSL_PROV_PARAM_##paramname, \ + (char **)&fgbl->fips_##structname.option, \ + sizeof(fgbl->fips_##structname.option)); +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM *p = OSSL_PARAM_construct_end(); @@ -189,6 +160,20 @@ static int fips_get_params_from_core(FIPS_GLOBAL *fgbl) static const OSSL_PARAM *fips_gettable_params(void *provctx) { + /* Parameters we provide to the core */ + static const OSSL_PARAM fips_param_types[] = { + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0), + +#define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_##paramname, OSSL_PARAM_INTEGER, NULL, 0), +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM + + OSSL_PARAM_END + }; return fips_param_types; } @@ -199,7 +184,7 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) OSSL_LIB_CTX_FIPS_PROV_INDEX); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR)) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) @@ -211,18 +196,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running())) return 0; -#define FIPS_FEATURE_GET(fgbl, pname, field) \ - p = OSSL_PARAM_locate(params, pname); \ - if (p != NULL && !OSSL_PARAM_set_int(p, fgbl->field.enabled)) \ - return 0 - - FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_SECURITY_CHECKS, - fips_security_checks); - FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_TLS1_PRF_EMS_CHECK, - fips_tls1_prf_ems_check); - FIPS_FEATURE_GET(fgbl, OSSL_PROV_PARAM_DRBG_TRUNC_DIGEST, - fips_restricted_drgb_digests); -#undef FIPS_FEATURE_GET +#define OSSL_FIPS_PARAM(structname, paramname, initvalue) \ + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_##paramname); \ + if (p != NULL && !OSSL_PARAM_set_int(p, fgbl->fips_##structname.enabled)) \ + return 0; +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM + return 1; } @@ -360,8 +340,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions, ossl_cipher_capable_aes_cbc_hmac_sha256), #ifndef OPENSSL_NO_DES - UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), - UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), + ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions), + ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), #endif /* OPENSSL_NO_DES */ { { NULL, NULL, NULL }, NULL } }; @@ -378,6 +358,16 @@ static const OSSL_ALGORITHM fips_macs[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM fips_macs_internal[] = { +#ifndef OPENSSL_NO_CMAC + { PROV_NAMES_CMAC, FIPS_DEFAULT_PROPERTIES, ossl_cmac_functions }, +#endif + { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_internal_functions }, + { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_internal_functions }, + { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_internal_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM fips_kdfs[] = { { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, @@ -423,15 +413,62 @@ static const OSSL_ALGORITHM fips_keyexch[] = { static const OSSL_ALGORITHM fips_signature[] = { #ifndef OPENSSL_NO_DSA { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions }, + { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions }, + { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions }, + { PROV_NAMES_DSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha256_signature_functions }, + { PROV_NAMES_DSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha384_signature_functions }, + { PROV_NAMES_DSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha512_signature_functions }, + { PROV_NAMES_DSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_224_signature_functions }, + { PROV_NAMES_DSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_256_signature_functions }, + { PROV_NAMES_DSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_384_signature_functions }, + { PROV_NAMES_DSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha3_512_signature_functions }, #endif { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions }, + { PROV_NAMES_RSA_SHA1, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha1_signature_functions }, + { PROV_NAMES_RSA_SHA224, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha224_signature_functions }, + { PROV_NAMES_RSA_SHA256, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha256_signature_functions }, + { PROV_NAMES_RSA_SHA384, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha384_signature_functions }, + { PROV_NAMES_RSA_SHA512, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha512_signature_functions }, + { PROV_NAMES_RSA_SHA512_224, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha512_224_signature_functions }, + { PROV_NAMES_RSA_SHA512_256, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha512_256_signature_functions }, + { PROV_NAMES_RSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha3_224_signature_functions }, + { PROV_NAMES_RSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha3_256_signature_functions }, + { PROV_NAMES_RSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha3_384_signature_functions }, + { PROV_NAMES_RSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, + ossl_rsa_sha3_512_signature_functions }, #ifndef OPENSSL_NO_EC # ifndef OPENSSL_NO_ECX - { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_signature_functions }, - { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions }, + { PROV_NAMES_ED25519ph, FIPS_DEFAULT_PROPERTIES, + ossl_ed25519ph_signature_functions }, + { PROV_NAMES_ED25519ctx, FIPS_DEFAULT_PROPERTIES, + ossl_ed25519ctx_signature_functions }, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, + ossl_ed448_signature_functions }, + { PROV_NAMES_ED448ph, FIPS_DEFAULT_PROPERTIES, + ossl_ed448ph_signature_functions }, # endif { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions }, + { PROV_NAMES_ECDSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha1_signature_functions }, + { PROV_NAMES_ECDSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha224_signature_functions }, + { PROV_NAMES_ECDSA_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha256_signature_functions }, + { PROV_NAMES_ECDSA_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha384_signature_functions }, + { PROV_NAMES_ECDSA_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha512_signature_functions }, + { PROV_NAMES_ECDSA_SHA3_224, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_224_signature_functions }, + { PROV_NAMES_ECDSA_SHA3_256, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_256_signature_functions }, + { PROV_NAMES_ECDSA_SHA3_384, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_384_signature_functions }, + { PROV_NAMES_ECDSA_SHA3_512, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_sha3_512_signature_functions }, #endif { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_mac_legacy_hmac_signature_functions }, @@ -475,9 +512,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = { PROV_DESCS_X25519 }, { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions, PROV_DESCS_X448 }, - { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions, + { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES, ossl_ed25519_keymgmt_functions, PROV_DESCS_ED25519 }, - { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions, + { PROV_NAMES_ED448, FIPS_DEFAULT_PROPERTIES, ossl_ed448_keymgmt_functions, PROV_DESCS_ED448 }, # endif #endif @@ -527,6 +564,18 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id, return NULL; } +static const OSSL_ALGORITHM *fips_query_internal(void *provctx, int operation_id, + int *no_cache) +{ + if (operation_id == OSSL_OP_MAC) { + *no_cache = 0; + if (!ossl_prov_is_running()) + return NULL; + return fips_macs_internal; + } + return fips_query(provctx, operation_id, no_cache); +} + static void fips_teardown(void *provctx) { OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx)); @@ -557,7 +606,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = { /* Functions we provide to ourself */ static const OSSL_DISPATCH intern_dispatch_table[] = { { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_intern_teardown }, - { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query_internal }, OSSL_DISPATCH_END }; @@ -689,6 +738,9 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_SELF_TEST_CB: set_func(c_stcbfn, OSSL_FUNC_self_test_cb(in)); break; + case OSSL_FUNC_INDICATOR_CB: + set_func(c_indcbfn, OSSL_FUNC_indicator_cb(in)); + break; default: /* Just ignore anything we don't understand */ break; @@ -740,20 +792,17 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, SELF_TEST_disable_conditional_error_state(); /* Enable or disable FIPS provider options */ -#define FIPS_SET_OPTION(fgbl, field) \ - if (fgbl->field.option != NULL) { \ - if (strcmp(fgbl->field.option, "1") == 0) \ - fgbl->field.enabled = 1; \ - else if (strcmp(fgbl->field.option, "0") == 0) \ - fgbl->field.enabled = 0; \ - else \ - goto err; \ +#define OSSL_FIPS_PARAM(structname, paramname, unused) \ + if (fgbl->fips_##structname.option != NULL) { \ + if (strcmp(fgbl->fips_##structname.option, "1") == 0) \ + fgbl->fips_##structname.enabled = 1; \ + else if (strcmp(fgbl->fips_##structname.option, "0") == 0) \ + fgbl->fips_##structname.enabled = 0; \ + else \ + goto err; \ } - - FIPS_SET_OPTION(fgbl, fips_security_checks); - FIPS_SET_OPTION(fgbl, fips_tls1_prf_ems_check); - FIPS_SET_OPTION(fgbl, fips_restricted_drgb_digests); -#undef FIPS_SET_OPTION +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); @@ -931,6 +980,12 @@ int CRYPTO_secure_allocated(const void *ptr) return c_CRYPTO_secure_allocated(ptr); } +void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, + const char *file, int line) +{ + return NULL; +} + int BIO_snprintf(char *buf, size_t n, const char *format, ...) { va_list args; @@ -942,19 +997,16 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) return ret; } -#define FIPS_FEATURE_CHECK(fname, field) \ - int fname(OSSL_LIB_CTX *libctx) \ - { \ - FIPS_GLOBAL *fgbl = \ - ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX); \ - return fgbl->field.enabled; \ +#define OSSL_FIPS_PARAM(structname, paramname, unused) \ + int ossl_fips_config_##structname(OSSL_LIB_CTX *libctx) \ + { \ + FIPS_GLOBAL *fgbl = \ + ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX); \ + \ + return fgbl->fips_##structname.enabled; \ } - -FIPS_FEATURE_CHECK(FIPS_security_check_enabled, fips_security_checks) -FIPS_FEATURE_CHECK(FIPS_tls_prf_ems_check, fips_tls1_prf_ems_check) -FIPS_FEATURE_CHECK(FIPS_restricted_drbg_digests_enabled, - fips_restricted_drgb_digests) -#undef FIPS_FEATURE_CHECK +#include "fips_indicator_params.inc" +#undef OSSL_FIPS_PARAM void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, void **cbarg) @@ -971,3 +1023,17 @@ void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, *cbarg = NULL; } } + +void OSSL_INDICATOR_get_callback(OSSL_LIB_CTX *libctx, + OSSL_INDICATOR_CALLBACK **cb) +{ + assert(libctx != NULL); + + if (c_indcbfn != NULL && c_get_libctx != NULL) { + /* Get the parent libctx */ + c_indcbfn(c_get_libctx(FIPS_get_core_handle(libctx)), cb); + } else { + if (cb != NULL) + *cb = NULL; + } +} |