Make some EVP code available from within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8728)
author: Matt Caswell <matt@openssl.org> 2019-05-13 06:41:06 +0100
committer: Matt Caswell <matt@openssl.org> 2019-05-23 11:02:04 +0100
commit: 319e518a5ae17fb8def2bd9209675acbaa6c22c2 (patch)
tree: 34d515cc857f1a4adf37311228925330ad635dd3 /providers
parent: 3593266d1c924ea595a1074e78381890f964392c (diff)
download: openssl-319e518a5ae17fb8def2bd9209675acbaa6c22c2.zip
openssl-319e518a5ae17fb8def2bd9209675acbaa6c22c2.tar.gz
openssl-319e518a5ae17fb8def2bd9209675acbaa6c22c2.tar.bz2
1 files changed, 71 insertions, 8 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 026dd2f..801a9fd 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -14,7 +14,12 @@
 #include <openssl/core_names.h>
 #include <openssl/params.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
+/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
+#include <openssl/sha.h>
 #include "internal/cryptlib.h"
+#include "internal/property.h"
+#include "internal/evp_int.h"
 
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
@@ -30,9 +35,38 @@ static const OSSL_ITEM fips_param_types[] = {
     { 0, NULL }
 };
 
-static void fips_teardown(void)
+/* TODO(3.0): To be removed */
+static int dummy_evp_call(OPENSSL_CTX *libctx)
 {
-    do_default_context_deinit();
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
+    char msg[] = "Hello World!";
+    const unsigned char exptd[] = {
+        0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
+        0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
+        0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
+    };
+    unsigned int dgstlen = 0;
+    unsigned char dgst[SHA256_DIGEST_LENGTH];
+    int ret = 0;
+
+    if (ctx == NULL || sha256 == NULL)
+        goto err;
+
+    if (!EVP_DigestInit_ex(ctx, sha256, NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
+        goto err;
+    if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
+        goto err;
+    if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    EVP_MD_meth_free(sha256);
+    return ret;
 }
 
 static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov)
@@ -79,18 +113,31 @@ static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
 
 /* Functions we provide to the core */
 static const OSSL_DISPATCH fips_dispatch_table[] = {
-    { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))fips_teardown },
+    /*
+     * To release our resources we just need to free the OPENSSL_CTX so we just
+     * use OPENSSL_CTX_free directly as our teardown function
+     */
+    { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
     { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))fips_get_param_types },
     { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
     { 0, NULL }
 };
 
+/* Functions we provide to ourself */
+static const OSSL_DISPATCH intern_dispatch_table[] = {
+    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
+    { 0, NULL }
+};
+
+
 int OSSL_provider_init(const OSSL_PROVIDER *provider,
                        const OSSL_DISPATCH *in,
                        const OSSL_DISPATCH **out,
                        void **provctx)
 {
+    OPENSSL_CTX *ctx;
+
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
         case OSSL_FUNC_CORE_GET_PARAM_TYPES:
@@ -111,19 +158,35 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
         }
     }
 
+    ctx = OPENSSL_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    /*
+     * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
+     * EVP calls from within the FIPS module.
+     */
+    if (!dummy_evp_call(ctx)) {
+        OPENSSL_CTX_free(ctx);
+        return 0;
+    }
+
     *out = fips_dispatch_table;
+    *provctx = ctx;
     return 1;
 }
 
+/*
+ * The internal init function used when the FIPS module uses EVP to call
+ * another algorithm also in the FIPS module.
+ */
 OSSL_provider_init_fn fips_intern_provider_init;
 int fips_intern_provider_init(const OSSL_PROVIDER *provider,
                               const OSSL_DISPATCH *in,
-                              const OSSL_DISPATCH **out)
+                              const OSSL_DISPATCH **out,
+                              void **provctx)
 {
-    /*
-     * The internal init function used when the FIPS module uses EVP to call
-     * another algorithm also in the FIPS module.
-     */
+    *out = intern_dispatch_table;
     return 1;
 }
author	Matt Caswell <matt@openssl.org>	2019-05-13 06:41:06 +0100
committer	Matt Caswell <matt@openssl.org>	2019-05-23 11:02:04 +0100
commit	319e518a5ae17fb8def2bd9209675acbaa6c22c2 (patch)
tree	34d515cc857f1a4adf37311228925330ad635dd3 /providers
parent	3593266d1c924ea595a1074e78381890f964392c (diff)
download	openssl-319e518a5ae17fb8def2bd9209675acbaa6c22c2.zip openssl-319e518a5ae17fb8def2bd9209675acbaa6c22c2.tar.gz openssl-319e518a5ae17fb8def2bd9209675acbaa6c22c2.tar.bz2