diff options
| author | Pauli <paul.dale@oracle.com> | 2020-09-07 13:03:07 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-09-12 16:46:20 +1000 |
| commit | 5b104a81f088ae0da6b0d2d2c746237694ab0a2c (patch) | |
| tree | df3bab64c042ef384d5e6fa6c973e0c2e2338c1a /providers/implementations/macs/hmac_prov.c | |
| parent | aef30ad0b6811fd6ef1232ec67d24a77c17831ba (diff) | |
mac: add FIPS error state handling
Check for provider being runnable in new, dup, init and final calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
Diffstat (limited to 'providers/implementations/macs/hmac_prov.c')
| -rw-r--r-- | providers/implementations/macs/hmac_prov.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index f6cb544f64..2f99e75a88 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -25,6 +25,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -76,6 +77,9 @@ static void *hmac_new(void *provctx) { struct hmac_data_st *macctx; + if (!ossl_prov_is_running()) + return NULL; + if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL || (macctx->ctx = HMAC_CTX_new()) == NULL) { OPENSSL_free(macctx); @@ -102,9 +106,12 @@ static void hmac_free(void *vmacctx) static void *hmac_dup(void *vsrc) { struct hmac_data_st *src = vsrc; - struct hmac_data_st *dst = hmac_new(src->provctx); + struct hmac_data_st *dst; HMAC_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + dst = hmac_new(src->provctx); if (dst == NULL) return NULL; @@ -140,9 +147,13 @@ static size_t hmac_size(void *vmacctx) static int hmac_init(void *vmacctx) { struct hmac_data_st *macctx = vmacctx; - const EVP_MD *digest = ossl_prov_digest_md(&macctx->digest); + const EVP_MD *digest; int rv = 1; + if (!ossl_prov_is_running()) + return 0; + + digest = ossl_prov_digest_md(&macctx->digest); /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ if (macctx->tls_data_size == 0 && digest != NULL) rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest, @@ -191,6 +202,8 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, unsigned int hlen; struct hmac_data_st *macctx = vmacctx; + if (!ossl_prov_is_running()) + return 0; if (macctx->tls_data_size > 0) { if (macctx->tls_mac_out_size == 0) return 0; |