Coverage Report

Created: 2024-11-21 07:03

/src/boringssl/crypto/fipsmodule/self_check/fips.c.inc
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (c) 2017, Google Inc.
2
 *
3
 * Permission to use, copy, modify, and/or distribute this software for any
4
 * purpose with or without fee is hereby granted, provided that the above
5
 * copyright notice and this permission notice appear in all copies.
6
 *
7
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15
#include <openssl/crypto.h>
16
17
#include "../../internal.h"
18
#include "../delocate.h"
19
20
21
0
int FIPS_mode(void) {
22
#if defined(BORINGSSL_FIPS) && !defined(OPENSSL_ASAN)
23
  return 1;
24
#else
25
0
  return 0;
26
0
#endif
27
0
}
28
29
0
int FIPS_mode_set(int on) { return on == FIPS_mode(); }
30
31
0
const char *FIPS_module_name(void) { return "BoringCrypto"; }
32
33
0
int CRYPTO_has_asm(void) {
34
0
#if defined(OPENSSL_NO_ASM)
35
0
  return 0;
36
#else
37
  return 1;
38
#endif
39
0
}
40
41
0
uint32_t FIPS_version(void) {
42
0
  return 0;
43
0
}
44
45
0
int FIPS_query_algorithm_status(const char *algorithm) {
46
#if defined(BORINGSSL_FIPS)
47
  static const char kApprovedAlgorithms[][13] = {
48
    "AES-CBC",
49
    "AES-CCM",
50
    "AES-CTR",
51
    "AES-ECB",
52
    "AES-GCM",
53
    "AES-KW",
54
    "AES-KWP",
55
    "ctrDRBG",
56
    "ECC-SSC",
57
    "ECDSA-sign",
58
    "ECDSA-verify",
59
    "FFC-SSC",
60
    "HMAC",
61
    "RSA-sign",
62
    "RSA-verify",
63
    "SHA-1",
64
    "SHA2-224",
65
    "SHA2-256",
66
    "SHA2-384",
67
    "SHA2-512",
68
    "SHA2-512/256",
69
  };
70
  for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kApprovedAlgorithms); i++) {
71
    if (strcmp(algorithm, kApprovedAlgorithms[i]) == 0) {
72
      return 1;
73
    }
74
  }
75
#endif  // BORINGSSL_FIPS
76
77
0
  return 0;
78
0
}
79
80
#if defined(BORINGSSL_FIPS_COUNTERS)
81
82
size_t FIPS_read_counter(enum fips_counter_t counter) {
83
  size_t index = (size_t)counter;
84
  if (index > fips_counter_max) {
85
    abort();
86
  }
87
88
  const size_t *array =
89
      CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
90
  if (!array) {
91
    return 0;
92
  }
93
94
  return array[index];
95
}
96
97
void boringssl_fips_inc_counter(enum fips_counter_t counter) {
98
  size_t index = (size_t)counter;
99
  if (index > fips_counter_max) {
100
    abort();
101
  }
102
103
  size_t *array =
104
      CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
105
  if (!array) {
106
    const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1);
107
    array = OPENSSL_zalloc(num_bytes);
108
    if (!array) {
109
      return;
110
    }
111
112
    if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array,
113
                                 OPENSSL_free)) {
114
      // |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|.
115
      return;
116
    }
117
  }
118
119
  array[index]++;
120
}
121
122
#else
123
124
0
size_t FIPS_read_counter(enum fips_counter_t counter) { return 0; }
125
126
// boringssl_fips_inc_counter is a no-op, inline function in internal.h in this
127
// case. That should let the compiler optimise away the callsites.
128
129
#endif