defltprov.c 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include <stdio.h>
  11. #include <openssl/opensslconf.h>
  12. #include <openssl/core.h>
  13. #include <openssl/core_dispatch.h>
  14. #include <openssl/core_names.h>
  15. #include <openssl/params.h>
  16. #include "prov/bio.h"
  17. #include "prov/provider_ctx.h"
  18. #include "prov/providercommon.h"
  19. #include "prov/implementations.h"
  20. #include "prov/provider_util.h"
  21. #include "prov/seeding.h"
  22. #include "internal/nelem.h"
  23. /*
  24. * Forward declarations to ensure that interface functions are correctly
  25. * defined.
  26. */
  27. static OSSL_FUNC_provider_gettable_params_fn deflt_gettable_params;
  28. static OSSL_FUNC_provider_get_params_fn deflt_get_params;
  29. static OSSL_FUNC_provider_query_operation_fn deflt_query;
  30. #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=default", FUNC }, CHECK }
  31. #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
  32. /* Functions provided by the core */
  33. static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
  34. static OSSL_FUNC_core_get_params_fn *c_get_params = NULL;
  35. /* Parameters we provide to the core */
  36. static const OSSL_PARAM deflt_param_types[] = {
  37. OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
  38. OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
  39. OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
  40. OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0),
  41. OSSL_PARAM_END
  42. };
  43. static const OSSL_PARAM *deflt_gettable_params(void *provctx)
  44. {
  45. return deflt_param_types;
  46. }
  47. static int deflt_get_params(void *provctx, OSSL_PARAM params[])
  48. {
  49. OSSL_PARAM *p;
  50. p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
  51. if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Default Provider"))
  52. return 0;
  53. p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
  54. if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
  55. return 0;
  56. p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
  57. if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
  58. return 0;
  59. p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
  60. if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
  61. return 0;
  62. return 1;
  63. }
  64. /*
  65. * For the algorithm names, we use the following formula for our primary
  66. * names:
  67. *
  68. * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
  69. *
  70. * VERSION is only present if there are multiple versions of
  71. * an alg (MD2, MD4, MD5). It may be omitted if there is only
  72. * one version (if a subsequent version is released in the future,
  73. * we can always change the canonical name, and add the old name
  74. * as an alias).
  75. *
  76. * SUBNAME may be present where we are combining multiple
  77. * algorithms together, e.g. MD5-SHA1.
  78. *
  79. * SIZE is only present if multiple versions of an algorithm exist
  80. * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
  81. *
  82. * MODE is only present where applicable.
  83. *
  84. * We add diverse other names where applicable, such as the names that
  85. * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
  86. * we have used historically.
  87. *
  88. * Algorithm names are case insensitive, but we use all caps in our "canonical"
  89. * names for consistency.
  90. */
  91. static const OSSL_ALGORITHM deflt_digests[] = {
  92. /* Our primary name:NIST name[:our older names] */
  93. { "SHA1:SHA-1:SSL3-SHA1", "provider=default", ossl_sha1_functions },
  94. { "SHA2-224:SHA-224:SHA224", "provider=default", ossl_sha224_functions },
  95. { "SHA2-256:SHA-256:SHA256", "provider=default", ossl_sha256_functions },
  96. { "SHA2-384:SHA-384:SHA384", "provider=default", ossl_sha384_functions },
  97. { "SHA2-512:SHA-512:SHA512", "provider=default", ossl_sha512_functions },
  98. { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=default",
  99. ossl_sha512_224_functions },
  100. { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=default",
  101. ossl_sha512_256_functions },
  102. /* We agree with NIST here, so one name only */
  103. { "SHA3-224", "provider=default", ossl_sha3_224_functions },
  104. { "SHA3-256", "provider=default", ossl_sha3_256_functions },
  105. { "SHA3-384", "provider=default", ossl_sha3_384_functions },
  106. { "SHA3-512", "provider=default", ossl_sha3_512_functions },
  107. /*
  108. * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
  109. * the KMAC-128 and KMAC-256.
  110. */
  111. { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=default",
  112. ossl_keccak_kmac_128_functions },
  113. { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=default",
  114. ossl_keccak_kmac_256_functions },
  115. /* Our primary name:NIST name */
  116. { "SHAKE-128:SHAKE128", "provider=default", ossl_shake_128_functions },
  117. { "SHAKE-256:SHAKE256", "provider=default", ossl_shake_256_functions },
  118. #ifndef OPENSSL_NO_BLAKE2
  119. /*
  120. * https://blake2.net/ doesn't specify size variants,
  121. * but mentions that Bouncy Castle uses the names
  122. * BLAKE2b-160, BLAKE2b-256, BLAKE2b-384, and BLAKE2b-512
  123. * If we assume that "2b" and "2s" are versions, that pattern
  124. * fits with ours. We also add our historical names.
  125. */
  126. { "BLAKE2S-256:BLAKE2s256", "provider=default", ossl_blake2s256_functions },
  127. { "BLAKE2B-512:BLAKE2b512", "provider=default", ossl_blake2b512_functions },
  128. #endif /* OPENSSL_NO_BLAKE2 */
  129. #ifndef OPENSSL_NO_SM3
  130. { "SM3", "provider=default", ossl_sm3_functions },
  131. #endif /* OPENSSL_NO_SM3 */
  132. #ifndef OPENSSL_NO_MD5
  133. { "MD5:SSL3-MD5", "provider=default", ossl_md5_functions },
  134. { "MD5-SHA1", "provider=default", ossl_md5_sha1_functions },
  135. #endif /* OPENSSL_NO_MD5 */
  136. { NULL, NULL, NULL }
  137. };
  138. static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
  139. ALG("NULL", ossl_null_functions),
  140. ALG("AES-256-ECB", ossl_aes256ecb_functions),
  141. ALG("AES-192-ECB", ossl_aes192ecb_functions),
  142. ALG("AES-128-ECB", ossl_aes128ecb_functions),
  143. ALG("AES-256-CBC:AES256", ossl_aes256cbc_functions),
  144. ALG("AES-192-CBC:AES192", ossl_aes192cbc_functions),
  145. ALG("AES-128-CBC:AES128", ossl_aes128cbc_functions),
  146. ALG("AES-128-CBC-CTS", ossl_aes128cbc_cts_functions),
  147. ALG("AES-192-CBC-CTS", ossl_aes192cbc_cts_functions),
  148. ALG("AES-256-CBC-CTS", ossl_aes256cbc_cts_functions),
  149. ALG("AES-256-OFB", ossl_aes256ofb_functions),
  150. ALG("AES-192-OFB", ossl_aes192ofb_functions),
  151. ALG("AES-128-OFB", ossl_aes128ofb_functions),
  152. ALG("AES-256-CFB", ossl_aes256cfb_functions),
  153. ALG("AES-192-CFB", ossl_aes192cfb_functions),
  154. ALG("AES-128-CFB", ossl_aes128cfb_functions),
  155. ALG("AES-256-CFB1", ossl_aes256cfb1_functions),
  156. ALG("AES-192-CFB1", ossl_aes192cfb1_functions),
  157. ALG("AES-128-CFB1", ossl_aes128cfb1_functions),
  158. ALG("AES-256-CFB8", ossl_aes256cfb8_functions),
  159. ALG("AES-192-CFB8", ossl_aes192cfb8_functions),
  160. ALG("AES-128-CFB8", ossl_aes128cfb8_functions),
  161. ALG("AES-256-CTR", ossl_aes256ctr_functions),
  162. ALG("AES-192-CTR", ossl_aes192ctr_functions),
  163. ALG("AES-128-CTR", ossl_aes128ctr_functions),
  164. ALG("AES-256-XTS", ossl_aes256xts_functions),
  165. ALG("AES-128-XTS", ossl_aes128xts_functions),
  166. #ifndef OPENSSL_NO_OCB
  167. ALG("AES-256-OCB", ossl_aes256ocb_functions),
  168. ALG("AES-192-OCB", ossl_aes192ocb_functions),
  169. ALG("AES-128-OCB", ossl_aes128ocb_functions),
  170. #endif /* OPENSSL_NO_OCB */
  171. #ifndef OPENSSL_NO_SIV
  172. ALG("AES-128-SIV", ossl_aes128siv_functions),
  173. ALG("AES-192-SIV", ossl_aes192siv_functions),
  174. ALG("AES-256-SIV", ossl_aes256siv_functions),
  175. #endif /* OPENSSL_NO_SIV */
  176. ALG("AES-256-GCM:id-aes256-GCM", ossl_aes256gcm_functions),
  177. ALG("AES-192-GCM:id-aes192-GCM", ossl_aes192gcm_functions),
  178. ALG("AES-128-GCM:id-aes128-GCM", ossl_aes128gcm_functions),
  179. ALG("AES-256-CCM:id-aes256-CCM", ossl_aes256ccm_functions),
  180. ALG("AES-192-CCM:id-aes192-CCM", ossl_aes192ccm_functions),
  181. ALG("AES-128-CCM:id-aes128-CCM", ossl_aes128ccm_functions),
  182. ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", ossl_aes256wrap_functions),
  183. ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", ossl_aes192wrap_functions),
  184. ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", ossl_aes128wrap_functions),
  185. ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
  186. ossl_aes256wrappad_functions),
  187. ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
  188. ossl_aes192wrappad_functions),
  189. ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
  190. ossl_aes128wrappad_functions),
  191. ALG("AES-256-WRAP-INV:AES256-WRAP-INV", ossl_aes256wrapinv_functions),
  192. ALG("AES-192-WRAP-INV:AES192-WRAP-INV", ossl_aes192wrapinv_functions),
  193. ALG("AES-128-WRAP-INV:AES128-WRAP-INV", ossl_aes128wrapinv_functions),
  194. ALG("AES-256-WRAP-PAD-INV:AES256-WRAP-PAD-INV",
  195. ossl_aes256wrappadinv_functions),
  196. ALG("AES-192-WRAP-PAD-INV:AES192-WRAP-PAD-INV",
  197. ossl_aes192wrappadinv_functions),
  198. ALG("AES-128-WRAP-PAD-INV:AES128-WRAP-PAD-INV",
  199. ossl_aes128wrappadinv_functions),
  200. ALGC("AES-128-CBC-HMAC-SHA1", ossl_aes128cbc_hmac_sha1_functions,
  201. ossl_cipher_capable_aes_cbc_hmac_sha1),
  202. ALGC("AES-256-CBC-HMAC-SHA1", ossl_aes256cbc_hmac_sha1_functions,
  203. ossl_cipher_capable_aes_cbc_hmac_sha1),
  204. ALGC("AES-128-CBC-HMAC-SHA256", ossl_aes128cbc_hmac_sha256_functions,
  205. ossl_cipher_capable_aes_cbc_hmac_sha256),
  206. ALGC("AES-256-CBC-HMAC-SHA256", ossl_aes256cbc_hmac_sha256_functions,
  207. ossl_cipher_capable_aes_cbc_hmac_sha256),
  208. #ifndef OPENSSL_NO_ARIA
  209. ALG("ARIA-256-GCM", ossl_aria256gcm_functions),
  210. ALG("ARIA-192-GCM", ossl_aria192gcm_functions),
  211. ALG("ARIA-128-GCM", ossl_aria128gcm_functions),
  212. ALG("ARIA-256-CCM", ossl_aria256ccm_functions),
  213. ALG("ARIA-192-CCM", ossl_aria192ccm_functions),
  214. ALG("ARIA-128-CCM", ossl_aria128ccm_functions),
  215. ALG("ARIA-256-ECB", ossl_aria256ecb_functions),
  216. ALG("ARIA-192-ECB", ossl_aria192ecb_functions),
  217. ALG("ARIA-128-ECB", ossl_aria128ecb_functions),
  218. ALG("ARIA-256-CBC:ARIA256", ossl_aria256cbc_functions),
  219. ALG("ARIA-192-CBC:ARIA192", ossl_aria192cbc_functions),
  220. ALG("ARIA-128-CBC:ARIA128", ossl_aria128cbc_functions),
  221. ALG("ARIA-256-OFB", ossl_aria256ofb_functions),
  222. ALG("ARIA-192-OFB", ossl_aria192ofb_functions),
  223. ALG("ARIA-128-OFB", ossl_aria128ofb_functions),
  224. ALG("ARIA-256-CFB", ossl_aria256cfb_functions),
  225. ALG("ARIA-192-CFB", ossl_aria192cfb_functions),
  226. ALG("ARIA-128-CFB", ossl_aria128cfb_functions),
  227. ALG("ARIA-256-CFB1", ossl_aria256cfb1_functions),
  228. ALG("ARIA-192-CFB1", ossl_aria192cfb1_functions),
  229. ALG("ARIA-128-CFB1", ossl_aria128cfb1_functions),
  230. ALG("ARIA-256-CFB8", ossl_aria256cfb8_functions),
  231. ALG("ARIA-192-CFB8", ossl_aria192cfb8_functions),
  232. ALG("ARIA-128-CFB8", ossl_aria128cfb8_functions),
  233. ALG("ARIA-256-CTR", ossl_aria256ctr_functions),
  234. ALG("ARIA-192-CTR", ossl_aria192ctr_functions),
  235. ALG("ARIA-128-CTR", ossl_aria128ctr_functions),
  236. #endif /* OPENSSL_NO_ARIA */
  237. #ifndef OPENSSL_NO_CAMELLIA
  238. ALG("CAMELLIA-256-ECB", ossl_camellia256ecb_functions),
  239. ALG("CAMELLIA-192-ECB", ossl_camellia192ecb_functions),
  240. ALG("CAMELLIA-128-ECB", ossl_camellia128ecb_functions),
  241. ALG("CAMELLIA-256-CBC:CAMELLIA256", ossl_camellia256cbc_functions),
  242. ALG("CAMELLIA-192-CBC:CAMELLIA192", ossl_camellia192cbc_functions),
  243. ALG("CAMELLIA-128-CBC:CAMELLIA128", ossl_camellia128cbc_functions),
  244. ALG("CAMELLIA-256-OFB", ossl_camellia256ofb_functions),
  245. ALG("CAMELLIA-192-OFB", ossl_camellia192ofb_functions),
  246. ALG("CAMELLIA-128-OFB", ossl_camellia128ofb_functions),
  247. ALG("CAMELLIA-256-CFB", ossl_camellia256cfb_functions),
  248. ALG("CAMELLIA-192-CFB", ossl_camellia192cfb_functions),
  249. ALG("CAMELLIA-128-CFB", ossl_camellia128cfb_functions),
  250. ALG("CAMELLIA-256-CFB1", ossl_camellia256cfb1_functions),
  251. ALG("CAMELLIA-192-CFB1", ossl_camellia192cfb1_functions),
  252. ALG("CAMELLIA-128-CFB1", ossl_camellia128cfb1_functions),
  253. ALG("CAMELLIA-256-CFB8", ossl_camellia256cfb8_functions),
  254. ALG("CAMELLIA-192-CFB8", ossl_camellia192cfb8_functions),
  255. ALG("CAMELLIA-128-CFB8", ossl_camellia128cfb8_functions),
  256. ALG("CAMELLIA-256-CTR", ossl_camellia256ctr_functions),
  257. ALG("CAMELLIA-192-CTR", ossl_camellia192ctr_functions),
  258. ALG("CAMELLIA-128-CTR", ossl_camellia128ctr_functions),
  259. #endif /* OPENSSL_NO_CAMELLIA */
  260. #ifndef OPENSSL_NO_DES
  261. ALG("DES-EDE3-ECB:DES-EDE3", ossl_tdes_ede3_ecb_functions),
  262. ALG("DES-EDE3-CBC:DES3", ossl_tdes_ede3_cbc_functions),
  263. ALG("DES-EDE3-OFB", ossl_tdes_ede3_ofb_functions),
  264. ALG("DES-EDE3-CFB", ossl_tdes_ede3_cfb_functions),
  265. ALG("DES-EDE3-CFB8", ossl_tdes_ede3_cfb8_functions),
  266. ALG("DES-EDE3-CFB1", ossl_tdes_ede3_cfb1_functions),
  267. ALG("DES3-WRAP:id-smime-alg-CMS3DESwrap", ossl_tdes_wrap_cbc_functions),
  268. ALG("DES-EDE-ECB:DES-EDE", ossl_tdes_ede2_ecb_functions),
  269. ALG("DES-EDE-CBC", ossl_tdes_ede2_cbc_functions),
  270. ALG("DES-EDE-OFB", ossl_tdes_ede2_ofb_functions),
  271. ALG("DES-EDE-CFB", ossl_tdes_ede2_cfb_functions),
  272. #endif /* OPENSSL_NO_DES */
  273. #ifndef OPENSSL_NO_SM4
  274. ALG("SM4-ECB", ossl_sm4128ecb_functions),
  275. ALG("SM4-CBC:SM4", ossl_sm4128cbc_functions),
  276. ALG("SM4-CTR", ossl_sm4128ctr_functions),
  277. ALG("SM4-OFB:SM4-OFB128", ossl_sm4128ofb128_functions),
  278. ALG("SM4-CFB:SM4-CFB128", ossl_sm4128cfb128_functions),
  279. #endif /* OPENSSL_NO_SM4 */
  280. #ifndef OPENSSL_NO_CHACHA
  281. ALG("ChaCha20", ossl_chacha20_functions),
  282. # ifndef OPENSSL_NO_POLY1305
  283. ALG("ChaCha20-Poly1305", ossl_chacha20_ossl_poly1305_functions),
  284. # endif /* OPENSSL_NO_POLY1305 */
  285. #endif /* OPENSSL_NO_CHACHA */
  286. { { NULL, NULL, NULL }, NULL }
  287. };
  288. static OSSL_ALGORITHM exported_ciphers[OSSL_NELEM(deflt_ciphers)];
  289. static const OSSL_ALGORITHM deflt_macs[] = {
  290. #ifndef OPENSSL_NO_BLAKE2
  291. { "BLAKE2BMAC", "provider=default", ossl_blake2bmac_functions },
  292. { "BLAKE2SMAC", "provider=default", ossl_blake2smac_functions },
  293. #endif
  294. #ifndef OPENSSL_NO_CMAC
  295. { "CMAC", "provider=default", ossl_cmac_functions },
  296. #endif
  297. { "GMAC", "provider=default", ossl_gmac_functions },
  298. { "HMAC", "provider=default", ossl_hmac_functions },
  299. { "KMAC-128:KMAC128", "provider=default", ossl_kmac128_functions },
  300. { "KMAC-256:KMAC256", "provider=default", ossl_kmac256_functions },
  301. #ifndef OPENSSL_NO_SIPHASH
  302. { "SIPHASH", "provider=default", ossl_siphash_functions },
  303. #endif
  304. #ifndef OPENSSL_NO_POLY1305
  305. { "POLY1305", "provider=default", ossl_poly1305_functions },
  306. #endif
  307. { NULL, NULL, NULL }
  308. };
  309. static const OSSL_ALGORITHM deflt_kdfs[] = {
  310. { "HKDF", "provider=default", ossl_kdf_hkdf_functions },
  311. { "SSKDF", "provider=default", ossl_kdf_sskdf_functions },
  312. { "PBKDF2", "provider=default", ossl_kdf_pbkdf2_functions },
  313. { "PKCS12KDF", "provider=default", ossl_kdf_pkcs12_functions },
  314. { "SSHKDF", "provider=default", ossl_kdf_sshkdf_functions },
  315. { "X963KDF:X942KDF-CONCAT", "provider=default", ossl_kdf_x963_kdf_functions },
  316. { "TLS1-PRF", "provider=default", ossl_kdf_tls1_prf_functions },
  317. { "KBKDF", "provider=default", ossl_kdf_kbkdf_functions },
  318. { "X942KDF-ASN1:X942KDF", "provider=default", ossl_kdf_x942_kdf_functions },
  319. #ifndef OPENSSL_NO_SCRYPT
  320. { "SCRYPT:id-scrypt", "provider=default", ossl_kdf_scrypt_functions },
  321. #endif
  322. { "KRB5KDF", "provider=default", ossl_kdf_krb5kdf_functions },
  323. { NULL, NULL, NULL }
  324. };
  325. static const OSSL_ALGORITHM deflt_keyexch[] = {
  326. #ifndef OPENSSL_NO_DH
  327. { "DH:dhKeyAgreement", "provider=default", ossl_dh_keyexch_functions },
  328. #endif
  329. #ifndef OPENSSL_NO_EC
  330. { "ECDH", "provider=default", ossl_ecdh_keyexch_functions },
  331. { "X25519", "provider=default", ossl_x25519_keyexch_functions },
  332. { "X448", "provider=default", ossl_x448_keyexch_functions },
  333. #endif
  334. { "TLS1-PRF", "provider=default", ossl_kdf_tls1_prf_keyexch_functions },
  335. { "HKDF", "provider=default", ossl_kdf_hkdf_keyexch_functions },
  336. { "SCRYPT:id-scrypt", "provider=default",
  337. ossl_kdf_scrypt_keyexch_functions },
  338. { NULL, NULL, NULL }
  339. };
  340. static const OSSL_ALGORITHM deflt_rands[] = {
  341. { "CTR-DRBG", "provider=default", ossl_drbg_ctr_functions },
  342. { "HASH-DRBG", "provider=default", ossl_drbg_hash_functions },
  343. { "HMAC-DRBG", "provider=default", ossl_drbg_ossl_hmac_functions },
  344. { "SEED-SRC", "provider=default", ossl_seed_src_functions },
  345. { "TEST-RAND", "provider=default", ossl_test_rng_functions },
  346. { NULL, NULL, NULL }
  347. };
  348. static const OSSL_ALGORITHM deflt_signature[] = {
  349. #ifndef OPENSSL_NO_DSA
  350. { "DSA:dsaEncryption", "provider=default", ossl_dsa_signature_functions },
  351. #endif
  352. { "RSA:rsaEncryption", "provider=default", ossl_rsa_signature_functions },
  353. #ifndef OPENSSL_NO_EC
  354. { "ED25519", "provider=default", ossl_ed25519_signature_functions },
  355. { "ED448", "provider=default", ossl_ed448_signature_functions },
  356. { "ECDSA", "provider=default", ossl_ecdsa_signature_functions },
  357. # ifndef OPENSSL_NO_SM2
  358. { "SM2", "provider=default", ossl_sm2_signature_functions },
  359. # endif
  360. #endif
  361. { "HMAC", "provider=default", ossl_mac_legacy_hmac_signature_functions },
  362. { "SIPHASH", "provider=default",
  363. ossl_mac_legacy_siphash_signature_functions },
  364. #ifndef OPENSSL_NO_POLY1305
  365. { "POLY1305", "provider=default",
  366. ossl_mac_legacy_poly1305_signature_functions },
  367. #endif
  368. #ifndef OPENSSL_NO_CMAC
  369. { "CMAC", "provider=default", ossl_mac_legacy_cmac_signature_functions },
  370. #endif
  371. { NULL, NULL, NULL }
  372. };
  373. static const OSSL_ALGORITHM deflt_asym_cipher[] = {
  374. { "RSA:rsaEncryption", "provider=default", ossl_rsa_asym_cipher_functions },
  375. #ifndef OPENSSL_NO_SM2
  376. { "SM2", "provider=default", ossl_sm2_asym_cipher_functions },
  377. #endif
  378. { NULL, NULL, NULL }
  379. };
  380. static const OSSL_ALGORITHM deflt_asym_kem[] = {
  381. { "RSA", "provider=default", ossl_rsa_asym_kem_functions },
  382. { NULL, NULL, NULL }
  383. };
  384. static const OSSL_ALGORITHM deflt_keymgmt[] = {
  385. #ifndef OPENSSL_NO_DH
  386. { "DH:dhKeyAgreement", "provider=default", ossl_dh_keymgmt_functions,
  387. "OpenSSL PKCS#3 DH implementation" },
  388. { "DHX:X9.42 DH:dhpublicnumber", "provider=default",
  389. ossl_dhx_keymgmt_functions, "OpenSSL X9.42 DH implementation" },
  390. #endif
  391. #ifndef OPENSSL_NO_DSA
  392. { "DSA:dsaEncryption", "provider=default", ossl_dsa_keymgmt_functions,
  393. "OpenSSL DSA implementation" },
  394. #endif
  395. { "RSA:rsaEncryption", "provider=default", ossl_rsa_keymgmt_functions,
  396. "OpenSSL RSA implementation" },
  397. { "RSA-PSS:RSASSA-PSS", "provider=default", ossl_rsapss_keymgmt_functions,
  398. "OpenSSL RSA-PSS implementation" },
  399. #ifndef OPENSSL_NO_EC
  400. { "EC:id-ecPublicKey", "provider=default", ossl_ec_keymgmt_functions,
  401. "OpenSSL EC implementation" },
  402. { "X25519", "provider=default", ossl_x25519_keymgmt_functions,
  403. "OpenSSL X25519 implementation" },
  404. { "X448", "provider=default", ossl_x448_keymgmt_functions,
  405. "OpenSSL X448 implementation" },
  406. { "ED25519", "provider=default", ossl_ed25519_keymgmt_functions,
  407. "OpenSSL ED25519 implementation" },
  408. { "ED448", "provider=default", ossl_ed448_keymgmt_functions,
  409. "OpenSSL ED448 implementation" },
  410. #endif
  411. { "TLS1-PRF", "provider=default", ossl_kdf_keymgmt_functions,
  412. "OpenSSL TLS1-PRF via EVP_PKEY implementation" },
  413. { "HKDF", "provider=default", ossl_kdf_keymgmt_functions,
  414. "OpenSSL HKDF via EVP_PKEY implementation" },
  415. { "SCRYPT:id-scrypt", "provider=default", ossl_kdf_keymgmt_functions,
  416. "OpenSSL SCRYPT via EVP_PKEY implementation" },
  417. { "HMAC", "provider=default", ossl_mac_legacy_keymgmt_functions,
  418. "OpenSSL HMAC via EVP_PKEY implementation" },
  419. { "SIPHASH", "provider=default", ossl_mac_legacy_keymgmt_functions,
  420. "OpenSSL SIPHASH via EVP_PKEY implementation" },
  421. #ifndef OPENSSL_NO_POLY1305
  422. { "POLY1305", "provider=default", ossl_mac_legacy_keymgmt_functions,
  423. "OpenSSL POLY1305 via EVP_PKEY implementation" },
  424. #endif
  425. #ifndef OPENSSL_NO_CMAC
  426. { "CMAC", "provider=default", ossl_cossl_mac_legacy_keymgmt_functions,
  427. "OpenSSL CMAC via EVP_PKEY implementation" },
  428. #endif
  429. #ifndef OPENSSL_NO_SM2
  430. { "SM2", "provider=default", ossl_sm2_keymgmt_functions,
  431. "OpenSSL SM2 implementation" },
  432. #endif
  433. { NULL, NULL, NULL }
  434. };
  435. static const OSSL_ALGORITHM deflt_encoder[] = {
  436. #define ENCODER_PROVIDER "default"
  437. #include "encoders.inc"
  438. { NULL, NULL, NULL }
  439. #undef ENCODER_PROVIDER
  440. };
  441. static const OSSL_ALGORITHM deflt_decoder[] = {
  442. #define DECODER_PROVIDER "default"
  443. #include "decoders.inc"
  444. { NULL, NULL, NULL }
  445. #undef DECODER_PROVIDER
  446. };
  447. static const OSSL_ALGORITHM deflt_store[] = {
  448. #define STORE(name, _fips, func_table) \
  449. { name, "provider=default,fips=" _fips, (func_table) },
  450. #include "stores.inc"
  451. { NULL, NULL, NULL }
  452. #undef STORE
  453. };
  454. static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id,
  455. int *no_cache)
  456. {
  457. *no_cache = 0;
  458. switch (operation_id) {
  459. case OSSL_OP_DIGEST:
  460. return deflt_digests;
  461. case OSSL_OP_CIPHER:
  462. return exported_ciphers;
  463. case OSSL_OP_MAC:
  464. return deflt_macs;
  465. case OSSL_OP_KDF:
  466. return deflt_kdfs;
  467. case OSSL_OP_RAND:
  468. return deflt_rands;
  469. case OSSL_OP_KEYMGMT:
  470. return deflt_keymgmt;
  471. case OSSL_OP_KEYEXCH:
  472. return deflt_keyexch;
  473. case OSSL_OP_SIGNATURE:
  474. return deflt_signature;
  475. case OSSL_OP_ASYM_CIPHER:
  476. return deflt_asym_cipher;
  477. case OSSL_OP_KEM:
  478. return deflt_asym_kem;
  479. case OSSL_OP_ENCODER:
  480. return deflt_encoder;
  481. case OSSL_OP_DECODER:
  482. return deflt_decoder;
  483. case OSSL_OP_STORE:
  484. return deflt_store;
  485. }
  486. return NULL;
  487. }
  488. static void deflt_teardown(void *provctx)
  489. {
  490. BIO_meth_free(ossl_prov_ctx_get0_core_bio_method(provctx));
  491. ossl_prov_ctx_free(provctx);
  492. }
  493. /* Functions we provide to the core */
  494. static const OSSL_DISPATCH deflt_dispatch_table[] = {
  495. { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))deflt_teardown },
  496. { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))deflt_gettable_params },
  497. { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params },
  498. { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query },
  499. { OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
  500. (void (*)(void))ossl_prov_get_capabilities },
  501. { 0, NULL }
  502. };
  503. OSSL_provider_init_fn ossl_default_provider_init;
  504. int ossl_default_provider_init(const OSSL_CORE_HANDLE *handle,
  505. const OSSL_DISPATCH *in,
  506. const OSSL_DISPATCH **out,
  507. void **provctx)
  508. {
  509. OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
  510. BIO_METHOD *corebiometh;
  511. if (!ossl_prov_bio_from_dispatch(in)
  512. || !ossl_prov_seeding_from_dispatch(in))
  513. return 0;
  514. for (; in->function_id != 0; in++) {
  515. switch (in->function_id) {
  516. case OSSL_FUNC_CORE_GETTABLE_PARAMS:
  517. c_gettable_params = OSSL_FUNC_core_gettable_params(in);
  518. break;
  519. case OSSL_FUNC_CORE_GET_PARAMS:
  520. c_get_params = OSSL_FUNC_core_get_params(in);
  521. break;
  522. case OSSL_FUNC_CORE_GET_LIBCTX:
  523. c_get_libctx = OSSL_FUNC_core_get_libctx(in);
  524. break;
  525. default:
  526. /* Just ignore anything we don't understand */
  527. break;
  528. }
  529. }
  530. if (c_get_libctx == NULL)
  531. return 0;
  532. /*
  533. * We want to make sure that all calls from this provider that requires
  534. * a library context use the same context as the one used to call our
  535. * functions. We do that by passing it along in the provider context.
  536. *
  537. * This only works for built-in providers. Most providers should
  538. * create their own library context.
  539. */
  540. if ((*provctx = ossl_prov_ctx_new()) == NULL
  541. || (corebiometh = ossl_bio_prov_init_bio_method()) == NULL) {
  542. ossl_prov_ctx_free(*provctx);
  543. *provctx = NULL;
  544. return 0;
  545. }
  546. ossl_prov_ctx_set0_libctx(*provctx,
  547. (OSSL_LIB_CTX *)c_get_libctx(handle));
  548. ossl_prov_ctx_set0_handle(*provctx, handle);
  549. ossl_prov_ctx_set0_core_bio_method(*provctx, corebiometh);
  550. *out = deflt_dispatch_table;
  551. ossl_prov_cache_exported_algorithms(deflt_ciphers, exported_ciphers);
  552. return 1;
  553. }