diff options
| author | Pauli <paul.dale@oracle.com> | 2020-09-08 12:56:34 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-09-12 16:46:51 +1000 |
| commit | f99d3eedf7c3e1e2b10aad911f469f1fc783a395 (patch) | |
| tree | 3fae1a4f153367e1296c2c61d782bd59acbf73dc /providers | |
| parent | 422cbcee6167faa20f439726a8b7bff0af51edc9 (diff) | |
ciphers: add FIPS error state handling
The functions that check for the provider being runnable are: new, init, final
and dupctx.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
Diffstat (limited to 'providers')
31 files changed, 328 insertions, 68 deletions
diff --git a/providers/implementations/ciphers/cipher_aes.c b/providers/implementations/ciphers/cipher_aes.c index b0c716e3b7..4fa197024a 100644 --- a/providers/implementations/ciphers/cipher_aes.c +++ b/providers/implementations/ciphers/cipher_aes.c @@ -18,6 +18,7 @@ #include "cipher_aes.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn aes_freectx; static OSSL_FUNC_cipher_dupctx_fn aes_dupctx; @@ -33,8 +34,12 @@ static void aes_freectx(void *vctx) static void *aes_dupctx(void *ctx) { PROV_AES_CTX *in = (PROV_AES_CTX *)ctx; - PROV_AES_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_AES_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 9c927352a2..6f5ecc12fb 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -20,6 +20,7 @@ #include <openssl/ssl.h> #include "cipher_aes_cbc_hmac_sha.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #ifndef AES_CBC_HMAC_SHA_CAPABLE # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ @@ -299,8 +300,12 @@ static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, uint64_t flags) { - PROV_AES_HMAC_SHA1_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_HMAC_SHA1_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) base_init(provctx, &ctx->base_ctx, PROV_CIPHER_HW_aes_cbc_hmac_sha1(), kbits, blkbits, @@ -322,8 +327,12 @@ static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, uint64_t flags) { - PROV_AES_HMAC_SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_HMAC_SHA256_CTX *ctx; + + if (!ossl_prov_is_running()) + return NULL; + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) base_init(provctx, &ctx->base_ctx, PROV_CIPHER_HW_aes_cbc_hmac_sha256(), kbits, blkbits, diff --git a/providers/implementations/ciphers/cipher_aes_ccm.c b/providers/implementations/ciphers/cipher_aes_ccm.c index ae32e34d25..e45de7bca2 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm.c +++ b/providers/implementations/ciphers/cipher_aes_ccm.c @@ -18,11 +18,16 @@ #include "cipher_aes_ccm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static void *aes_ccm_newctx(void *provctx, size_t keybits) { - PROV_AES_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_CCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ccm_initctx(&ctx->base, keybits, PROV_AES_HW_ccm(keybits)); return ctx; diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index 92a0ad1795..2f22c32067 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -18,11 +18,16 @@ #include "cipher_aes_gcm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static void *aes_gcm_newctx(void *provctx, size_t keybits) { - PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_GCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) gcm_initctx(provctx, &ctx->base, keybits, PROV_AES_HW_gcm(keybits), 8); return ctx; diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index d6190695a2..27edd455ed 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -15,6 +15,7 @@ #include "internal/deprecated.h" #include "cipher_aes_ocb.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" #include "prov/implementations.h" @@ -103,33 +104,36 @@ static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst, static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, int enc) { - PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; - - ctx->aad_buf_len = 0; - ctx->data_buf_len = 0; - ctx->base.enc = enc; - - if (iv != NULL) { - if (ivlen != ctx->base.ivlen) { - /* IV len must be 1 to 15 */ - if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); - return 0; - } - ctx->base.ivlen = ivlen; - } - if (!cipher_generic_initiv(&ctx->base, iv, ivlen)) - return 0; - ctx->iv_state = IV_STATE_BUFFERED; - } - if (key != NULL) { - if (keylen != ctx->base.keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - return ctx->base.hw->init(&ctx->base, key, keylen); - } - return 1; + PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; + + if (!ossl_prov_is_running()) + return 0; + + ctx->aad_buf_len = 0; + ctx->data_buf_len = 0; + ctx->base.enc = enc; + + if (iv != NULL) { + if (ivlen != ctx->base.ivlen) { + /* IV len must be 1 to 15 */ + if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + return 0; + } + ctx->base.ivlen = ivlen; + } + if (!cipher_generic_initiv(&ctx->base, iv, ivlen)) + return 0; + ctx->iv_state = IV_STATE_BUFFERED; + } + if (key != NULL) { + if (keylen != ctx->base.keylen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + return ctx->base.hw->init(&ctx->base, key, keylen); + } + return 1; } static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen, @@ -254,6 +258,9 @@ static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + /* If no block_update has run then the iv still needs to be set */ if (!ctx->key_set || !update_iv(ctx)) return 0; @@ -293,8 +300,12 @@ static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags) { - PROV_AES_OCB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_OCB_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, PROV_CIPHER_HW_aes_ocb(kbits), NULL); @@ -317,8 +328,12 @@ static void aes_ocb_freectx(void *vctx) static void *aes_ocb_dupctx(void *vctx) { PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx; - PROV_AES_OCB_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_AES_OCB_CTX *ret; + + if (!ossl_prov_is_running()) + return NULL; + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -473,6 +488,9 @@ static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index b2e07bc228..6894567fb2 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -17,6 +17,7 @@ #include "cipher_aes_siv.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" #include "prov/provider_ctx.h" @@ -27,8 +28,12 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, uint64_t flags) { - PROV_AES_SIV_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_SIV_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { ctx->taglen = SIV_LEN; ctx->mode = mode; @@ -53,8 +58,12 @@ static void aes_siv_freectx(void *vctx) static void *siv_dupctx(void *vctx) { PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)vctx; - PROV_AES_SIV_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_AES_SIV_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -71,6 +80,9 @@ static int siv_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; if (key != NULL) { @@ -100,6 +112,9 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (inl == 0) { *outl = 0; return 1; @@ -123,6 +138,9 @@ static int siv_stream_final(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (!ctx->hw->cipher(vctx, out, NULL, 0)) return 0; diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index 5c2ab1c507..df10a65a87 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -14,6 +14,7 @@ #include "internal/deprecated.h" #include "cipher_aes.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/implementations.h" @@ -49,9 +50,14 @@ typedef struct prov_aes_wrap_ctx_st { static void *aes_wrap_newctx(size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags) { - PROV_AES_WRAP_CTX *wctx = OPENSSL_zalloc(sizeof(*wctx)); - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)wctx; + PROV_AES_WRAP_CTX *wctx; + PROV_CIPHER_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + wctx = OPENSSL_zalloc(sizeof(*wctx)); + ctx = (PROV_CIPHER_CTX *)wctx; if (ctx != NULL) { cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, NULL, NULL); @@ -75,6 +81,9 @@ static int aes_wrap_init(void *vctx, const unsigned char *key, PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; ctx->block = enc ? (block128_f)AES_encrypt : (block128_f)AES_decrypt; if (ctx->pad) @@ -160,6 +169,9 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + if (!ossl_prov_is_running()) + return 0; + *outl = 0; return 1; } @@ -171,6 +183,9 @@ static int aes_wrap_cipher(void *vctx, PROV_AES_WRAP_CTX *ctx = (PROV_AES_WRAP_CTX *)vctx; size_t len; + if (!ossl_prov_is_running()) + return 0; + if (inl == 0) { *outl = 0; return 1; diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index 33d8c7fbb5..72ed2334b1 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -16,6 +16,7 @@ #include "cipher_aes_xts.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /* TODO (3.0) Figure out what flags need to be set */ @@ -74,6 +75,9 @@ static int aes_xts_init(void *vctx, const unsigned char *key, size_t keylen, PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)vctx; PROV_CIPHER_CTX *ctx = &xctx->base; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; if (iv != NULL) { @@ -129,6 +133,9 @@ static void *aes_xts_dupctx(void *vctx) PROV_AES_XTS_CTX *in = (PROV_AES_XTS_CTX *)vctx; PROV_AES_XTS_CTX *ret = NULL; + if (!ossl_prov_is_running()) + return NULL; + if (in->xts.key1 != NULL) { if (in->xts.key1 != &in->ks1) return NULL; @@ -151,7 +158,8 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx; - if (ctx->xts.key1 == NULL + if (!ossl_prov_is_running() + || ctx->xts.key1 == NULL || ctx->xts.key2 == NULL || !ctx->base.iv_set || out == NULL @@ -202,6 +210,8 @@ static int aes_xts_stream_update(void *vctx, unsigned char *out, size_t *outl, static int aes_xts_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + if (!ossl_prov_is_running()) + return 0; *outl = 0; return 1; } diff --git a/providers/implementations/ciphers/cipher_aria.c b/providers/implementations/ciphers/cipher_aria.c index a079617928..9f4c8dda7b 100644 --- a/providers/implementations/ciphers/cipher_aria.c +++ b/providers/implementations/ciphers/cipher_aria.c @@ -11,6 +11,7 @@ #include "cipher_aria.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn aria_freectx; static OSSL_FUNC_cipher_dupctx_fn aria_dupctx; @@ -26,8 +27,12 @@ static void aria_freectx(void *vctx) static void *aria_dupctx(void *ctx) { PROV_ARIA_CTX *in = (PROV_ARIA_CTX *)ctx; - PROV_ARIA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_ARIA_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c index ffc8166d68..7f89b223f1 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm.c +++ b/providers/implementations/ciphers/cipher_aria_ccm.c @@ -11,13 +11,18 @@ #include "cipher_aria_ccm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn aria_ccm_freectx; static void *aria_ccm_newctx(void *provctx, size_t keybits) { - PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_ARIA_CCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits)); return ctx; diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c index 7205522d7d..de228a0755 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm.c +++ b/providers/implementations/ciphers/cipher_aria_gcm.c @@ -11,11 +11,16 @@ #include "cipher_aria_gcm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static void *aria_gcm_newctx(void *provctx, size_t keybits) { - PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_ARIA_GCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) gcm_initctx(provctx, &ctx->base, keybits, PROV_ARIA_HW_gcm(keybits), 4); return ctx; diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index 3eb4ebead2..f4ab8f5352 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -17,6 +17,7 @@ #include "cipher_blowfish.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH) @@ -34,8 +35,12 @@ static void blowfish_freectx(void *vctx) static void *blowfish_dupctx(void *ctx) { PROV_BLOWFISH_CTX *in = (PROV_BLOWFISH_CTX *)ctx; - PROV_BLOWFISH_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_BLOWFISH_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_camellia.c b/providers/implementations/ciphers/cipher_camellia.c index ffb23b475a..84d5aaaa89 100644 --- a/providers/implementations/ciphers/cipher_camellia.c +++ b/providers/implementations/ciphers/cipher_camellia.c @@ -17,6 +17,7 @@ #include "cipher_camellia.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn camellia_freectx; static OSSL_FUNC_cipher_dupctx_fn camellia_dupctx; @@ -32,8 +33,12 @@ static void camellia_freectx(void *vctx) static void *camellia_dupctx(void *ctx) { PROV_CAMELLIA_CTX *in = (PROV_CAMELLIA_CTX *)ctx; - PROV_CAMELLIA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_CAMELLIA_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index 938b8d2013..bc3088f81b 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -17,6 +17,7 @@ #include "cipher_cast.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH) @@ -35,8 +36,12 @@ static void cast5_freectx(void *vctx) static void *cast5_dupctx(void *ctx) { PROV_CAST_CTX *in = (PROV_CAST_CTX *)ctx; - PROV_CAST_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_CAST_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c index 4e02ce9493..56bc1b95af 100644 --- a/providers/implementations/ciphers/cipher_chacha20.c +++ b/providers/implementations/ciphers/cipher_chacha20.c @@ -11,6 +11,7 @@ #include "cipher_chacha20.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE) @@ -43,11 +44,15 @@ void chacha20_initctx(PROV_CHACHA20_CTX *ctx) static void *chacha20_newctx(void *provctx) { - PROV_CHACHA20_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_CHACHA20_CTX *ctx; - if (ctx != NULL) - chacha20_initctx(ctx); - return ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx != NULL) + chacha20_initctx(ctx); + return ctx; } static void chacha20_freectx(void *vctx) @@ -141,6 +146,7 @@ int chacha20_einit(void *vctx, const unsigned char *key, size_t keylen, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret= cipher_generic_einit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -156,6 +162,7 @@ int chacha20_dinit(void *vctx, const unsigned char *key, size_t keylen, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret= cipher_generic_dinit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c index 90ff4ce1f5..da47e34fdf 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c @@ -11,6 +11,7 @@ #include "cipher_chacha20_poly1305.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" @@ -43,8 +44,12 @@ static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_pa static void *chacha20_poly1305_newctx(void *provctx) { - PROV_CHACHA20_POLY1305_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_CHACHA20_POLY1305_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { cipher_generic_initkey(&ctx->base, CHACHA20_POLY1305_KEYLEN * 8, CHACHA20_POLY1305_BLKLEN * 8, @@ -229,6 +234,7 @@ static int chacha20_poly1305_einit(void *vctx, const unsigned char *key, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret = cipher_generic_einit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -246,6 +252,7 @@ static int chacha20_poly1305_dinit(void *vctx, const unsigned char *key, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret = cipher_generic_dinit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -265,6 +272,9 @@ static int chacha20_poly1305_cipher(void *vctx, unsigned char *out, PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + if (!ossl_prov_is_running()) + return 0; + if (inl == 0) { *outl = 0; return 1; @@ -288,6 +298,9 @@ static int chacha20_poly1305_final(void *vctx, unsigned char *out, size_t *outl, PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + if (!ossl_prov_is_running()) + return 0; + if (hw->aead_cipher(ctx, out, outl, NULL, 0) <= 0) return 0; diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 4974234efd..269125c63d 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -17,6 +17,7 @@ #include "cipher_des.h" #include <openssl/rand.h> #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /* TODO(3.0) Figure out what flags need to be here */ @@ -32,8 +33,12 @@ static void *des_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags, const PROV_CIPHER_HW *hw) { - PROV_DES_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_DES_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, hw, provctx); @@ -43,8 +48,12 @@ static void *des_newctx(void *provctx, size_t kbits, size_t blkbits, static void *des_dupctx(void *ctx) |