From f99d3eedf7c3e1e2b10aad911f469f1fc783a395 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 8 Sep 2020 12:56:34 +1000 Subject: ciphers: add FIPS error state handling The functions that check for the provider being runnable are: new, init, final and dupctx. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12801) --- providers/implementations/ciphers/cipher_aes.c | 7 +- .../ciphers/cipher_aes_cbc_hmac_sha.c | 13 +++- providers/implementations/ciphers/cipher_aes_ccm.c | 7 +- providers/implementations/ciphers/cipher_aes_gcm.c | 7 +- providers/implementations/ciphers/cipher_aes_ocb.c | 76 +++++++++++++--------- providers/implementations/ciphers/cipher_aes_siv.c | 22 ++++++- providers/implementations/ciphers/cipher_aes_wrp.c | 19 +++++- providers/implementations/ciphers/cipher_aes_xts.c | 12 +++- providers/implementations/ciphers/cipher_aria.c | 7 +- .../implementations/ciphers/cipher_aria_ccm.c | 7 +- .../implementations/ciphers/cipher_aria_gcm.c | 7 +- .../implementations/ciphers/cipher_blowfish.c | 7 +- .../implementations/ciphers/cipher_camellia.c | 7 +- providers/implementations/ciphers/cipher_cast5.c | 7 +- .../implementations/ciphers/cipher_chacha20.c | 15 +++-- .../ciphers/cipher_chacha20_poly1305.c | 15 ++++- providers/implementations/ciphers/cipher_des.c | 16 ++++- providers/implementations/ciphers/cipher_idea.c | 7 +- providers/implementations/ciphers/cipher_null.c | 16 +++++ providers/implementations/ciphers/cipher_rc2.c | 12 +++- providers/implementations/ciphers/cipher_rc4.c | 12 +++- .../implementations/ciphers/cipher_rc4_hmac_md5.c | 7 +- providers/implementations/ciphers/cipher_rc5.c | 12 +++- providers/implementations/ciphers/cipher_seed.c | 7 +- providers/implementations/ciphers/cipher_sm4.c | 7 +- .../implementations/ciphers/cipher_tdes_common.c | 16 ++++- .../implementations/ciphers/cipher_tdes_wrap.c | 4 ++ providers/implementations/ciphers/ciphercommon.c | 13 ++++ .../implementations/ciphers/ciphercommon_ccm.c | 15 ++++- .../implementations/ciphers/ciphercommon_gcm.c | 14 +++- .../implementations/include/prov/ciphercommon.h | 3 +- 31 files changed, 328 insertions(+), 68 deletions(-) (limited to 'providers') diff --git a/providers/implementations/ciphers/cipher_aes.c b/providers/implementations/ciphers/cipher_aes.c index b0c716e3b7..4fa197024a 100644 --- a/providers/implementations/ciphers/cipher_aes.c +++ b/providers/implementations/ciphers/cipher_aes.c @@ -18,6 +18,7 @@ #include "cipher_aes.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn aes_freectx; static OSSL_FUNC_cipher_dupctx_fn aes_dupctx; @@ -33,8 +34,12 @@ static void aes_freectx(void *vctx) static void *aes_dupctx(void *ctx) { PROV_AES_CTX *in = (PROV_AES_CTX *)ctx; - PROV_AES_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_AES_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c index 9c927352a2..6f5ecc12fb 100644 --- a/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +++ b/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -20,6 +20,7 @@ #include #include "cipher_aes_cbc_hmac_sha.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #ifndef AES_CBC_HMAC_SHA_CAPABLE # define IMPLEMENT_CIPHER(nm, sub, kbits, blkbits, ivbits, flags) \ @@ -299,8 +300,12 @@ static void *aes_cbc_hmac_sha1_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, uint64_t flags) { - PROV_AES_HMAC_SHA1_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_HMAC_SHA1_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) base_init(provctx, &ctx->base_ctx, PROV_CIPHER_HW_aes_cbc_hmac_sha1(), kbits, blkbits, @@ -322,8 +327,12 @@ static void *aes_cbc_hmac_sha256_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, uint64_t flags) { - PROV_AES_HMAC_SHA256_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_HMAC_SHA256_CTX *ctx; + + if (!ossl_prov_is_running()) + return NULL; + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) base_init(provctx, &ctx->base_ctx, PROV_CIPHER_HW_aes_cbc_hmac_sha256(), kbits, blkbits, diff --git a/providers/implementations/ciphers/cipher_aes_ccm.c b/providers/implementations/ciphers/cipher_aes_ccm.c index ae32e34d25..e45de7bca2 100644 --- a/providers/implementations/ciphers/cipher_aes_ccm.c +++ b/providers/implementations/ciphers/cipher_aes_ccm.c @@ -18,11 +18,16 @@ #include "cipher_aes_ccm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static void *aes_ccm_newctx(void *provctx, size_t keybits) { - PROV_AES_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_CCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ccm_initctx(&ctx->base, keybits, PROV_AES_HW_ccm(keybits)); return ctx; diff --git a/providers/implementations/ciphers/cipher_aes_gcm.c b/providers/implementations/ciphers/cipher_aes_gcm.c index 92a0ad1795..2f22c32067 100644 --- a/providers/implementations/ciphers/cipher_aes_gcm.c +++ b/providers/implementations/ciphers/cipher_aes_gcm.c @@ -18,11 +18,16 @@ #include "cipher_aes_gcm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static void *aes_gcm_newctx(void *provctx, size_t keybits) { - PROV_AES_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_GCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) gcm_initctx(provctx, &ctx->base, keybits, PROV_AES_HW_gcm(keybits), 8); return ctx; diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c index d6190695a2..27edd455ed 100644 --- a/providers/implementations/ciphers/cipher_aes_ocb.c +++ b/providers/implementations/ciphers/cipher_aes_ocb.c @@ -15,6 +15,7 @@ #include "internal/deprecated.h" #include "cipher_aes_ocb.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" #include "prov/implementations.h" @@ -103,33 +104,36 @@ static ossl_inline int aes_generic_ocb_copy_ctx(PROV_AES_OCB_CTX *dst, static int aes_ocb_init(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, int enc) { - PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; - - ctx->aad_buf_len = 0; - ctx->data_buf_len = 0; - ctx->base.enc = enc; - - if (iv != NULL) { - if (ivlen != ctx->base.ivlen) { - /* IV len must be 1 to 15 */ - if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); - return 0; - } - ctx->base.ivlen = ivlen; - } - if (!cipher_generic_initiv(&ctx->base, iv, ivlen)) - return 0; - ctx->iv_state = IV_STATE_BUFFERED; - } - if (key != NULL) { - if (keylen != ctx->base.keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); - return 0; - } - return ctx->base.hw->init(&ctx->base, key, keylen); - } - return 1; + PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; + + if (!ossl_prov_is_running()) + return 0; + + ctx->aad_buf_len = 0; + ctx->data_buf_len = 0; + ctx->base.enc = enc; + + if (iv != NULL) { + if (ivlen != ctx->base.ivlen) { + /* IV len must be 1 to 15 */ + if (ivlen < OCB_MIN_IV_LEN || ivlen > OCB_MAX_IV_LEN) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + return 0; + } + ctx->base.ivlen = ivlen; + } + if (!cipher_generic_initiv(&ctx->base, iv, ivlen)) + return 0; + ctx->iv_state = IV_STATE_BUFFERED; + } + if (key != NULL) { + if (keylen != ctx->base.keylen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + return ctx->base.hw->init(&ctx->base, key, keylen); + } + return 1; } static int aes_ocb_einit(void *vctx, const unsigned char *key, size_t keylen, @@ -254,6 +258,9 @@ static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + /* If no block_update has run then the iv still needs to be set */ if (!ctx->key_set || !update_iv(ctx)) return 0; @@ -293,8 +300,12 @@ static int aes_ocb_block_final(void *vctx, unsigned char *out, size_t *outl, static void *aes_ocb_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags) { - PROV_AES_OCB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_OCB_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, PROV_CIPHER_HW_aes_ocb(kbits), NULL); @@ -317,8 +328,12 @@ static void aes_ocb_freectx(void *vctx) static void *aes_ocb_dupctx(void *vctx) { PROV_AES_OCB_CTX *in = (PROV_AES_OCB_CTX *)vctx; - PROV_AES_OCB_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_AES_OCB_CTX *ret; + + if (!ossl_prov_is_running()) + return NULL; + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -473,6 +488,9 @@ static int aes_ocb_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_OCB_CTX *ctx = (PROV_AES_OCB_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c index b2e07bc228..6894567fb2 100644 --- a/providers/implementations/ciphers/cipher_aes_siv.c +++ b/providers/implementations/ciphers/cipher_aes_siv.c @@ -17,6 +17,7 @@ #include "cipher_aes_siv.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/ciphercommon_aead.h" #include "prov/provider_ctx.h" @@ -27,8 +28,12 @@ static void *aes_siv_newctx(void *provctx, size_t keybits, unsigned int mode, uint64_t flags) { - PROV_AES_SIV_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_AES_SIV_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { ctx->taglen = SIV_LEN; ctx->mode = mode; @@ -53,8 +58,12 @@ static void aes_siv_freectx(void *vctx) static void *siv_dupctx(void *vctx) { PROV_AES_SIV_CTX *in = (PROV_AES_SIV_CTX *)vctx; - PROV_AES_SIV_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_AES_SIV_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -71,6 +80,9 @@ static int siv_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; if (key != NULL) { @@ -100,6 +112,9 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (inl == 0) { *outl = 0; return 1; @@ -123,6 +138,9 @@ static int siv_stream_final(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (!ctx->hw->cipher(vctx, out, NULL, 0)) return 0; diff --git a/providers/implementations/ciphers/cipher_aes_wrp.c b/providers/implementations/ciphers/cipher_aes_wrp.c index 5c2ab1c507..df10a65a87 100644 --- a/providers/implementations/ciphers/cipher_aes_wrp.c +++ b/providers/implementations/ciphers/cipher_aes_wrp.c @@ -14,6 +14,7 @@ #include "internal/deprecated.h" #include "cipher_aes.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/implementations.h" @@ -49,9 +50,14 @@ typedef struct prov_aes_wrap_ctx_st { static void *aes_wrap_newctx(size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags) { - PROV_AES_WRAP_CTX *wctx = OPENSSL_zalloc(sizeof(*wctx)); - PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)wctx; + PROV_AES_WRAP_CTX *wctx; + PROV_CIPHER_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + wctx = OPENSSL_zalloc(sizeof(*wctx)); + ctx = (PROV_CIPHER_CTX *)wctx; if (ctx != NULL) { cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, NULL, NULL); @@ -75,6 +81,9 @@ static int aes_wrap_init(void *vctx, const unsigned char *key, PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; ctx->block = enc ? (block128_f)AES_encrypt : (block128_f)AES_decrypt; if (ctx->pad) @@ -160,6 +169,9 @@ static int aes_wrap_cipher_internal(void *vctx, unsigned char *out, static int aes_wrap_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + if (!ossl_prov_is_running()) + return 0; + *outl = 0; return 1; } @@ -171,6 +183,9 @@ static int aes_wrap_cipher(void *vctx, PROV_AES_WRAP_CTX *ctx = (PROV_AES_WRAP_CTX *)vctx; size_t len; + if (!ossl_prov_is_running()) + return 0; + if (inl == 0) { *outl = 0; return 1; diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c index 33d8c7fbb5..72ed2334b1 100644 --- a/providers/implementations/ciphers/cipher_aes_xts.c +++ b/providers/implementations/ciphers/cipher_aes_xts.c @@ -16,6 +16,7 @@ #include "cipher_aes_xts.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /* TODO (3.0) Figure out what flags need to be set */ @@ -74,6 +75,9 @@ static int aes_xts_init(void *vctx, const unsigned char *key, size_t keylen, PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)vctx; PROV_CIPHER_CTX *ctx = &xctx->base; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; if (iv != NULL) { @@ -129,6 +133,9 @@ static void *aes_xts_dupctx(void *vctx) PROV_AES_XTS_CTX *in = (PROV_AES_XTS_CTX *)vctx; PROV_AES_XTS_CTX *ret = NULL; + if (!ossl_prov_is_running()) + return NULL; + if (in->xts.key1 != NULL) { if (in->xts.key1 != &in->ks1) return NULL; @@ -151,7 +158,8 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_XTS_CTX *ctx = (PROV_AES_XTS_CTX *)vctx; - if (ctx->xts.key1 == NULL + if (!ossl_prov_is_running() + || ctx->xts.key1 == NULL || ctx->xts.key2 == NULL || !ctx->base.iv_set || out == NULL @@ -202,6 +210,8 @@ static int aes_xts_stream_update(void *vctx, unsigned char *out, size_t *outl, static int aes_xts_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + if (!ossl_prov_is_running()) + return 0; *outl = 0; return 1; } diff --git a/providers/implementations/ciphers/cipher_aria.c b/providers/implementations/ciphers/cipher_aria.c index a079617928..9f4c8dda7b 100644 --- a/providers/implementations/ciphers/cipher_aria.c +++ b/providers/implementations/ciphers/cipher_aria.c @@ -11,6 +11,7 @@ #include "cipher_aria.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn aria_freectx; static OSSL_FUNC_cipher_dupctx_fn aria_dupctx; @@ -26,8 +27,12 @@ static void aria_freectx(void *vctx) static void *aria_dupctx(void *ctx) { PROV_ARIA_CTX *in = (PROV_ARIA_CTX *)ctx; - PROV_ARIA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_ARIA_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_aria_ccm.c b/providers/implementations/ciphers/cipher_aria_ccm.c index ffc8166d68..7f89b223f1 100644 --- a/providers/implementations/ciphers/cipher_aria_ccm.c +++ b/providers/implementations/ciphers/cipher_aria_ccm.c @@ -11,13 +11,18 @@ #include "cipher_aria_ccm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn aria_ccm_freectx; static void *aria_ccm_newctx(void *provctx, size_t keybits) { - PROV_ARIA_CCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_ARIA_CCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ccm_initctx(&ctx->base, keybits, PROV_ARIA_HW_ccm(keybits)); return ctx; diff --git a/providers/implementations/ciphers/cipher_aria_gcm.c b/providers/implementations/ciphers/cipher_aria_gcm.c index 7205522d7d..de228a0755 100644 --- a/providers/implementations/ciphers/cipher_aria_gcm.c +++ b/providers/implementations/ciphers/cipher_aria_gcm.c @@ -11,11 +11,16 @@ #include "cipher_aria_gcm.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static void *aria_gcm_newctx(void *provctx, size_t keybits) { - PROV_ARIA_GCM_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_ARIA_GCM_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) gcm_initctx(provctx, &ctx->base, keybits, PROV_ARIA_HW_gcm(keybits), 4); return ctx; diff --git a/providers/implementations/ciphers/cipher_blowfish.c b/providers/implementations/ciphers/cipher_blowfish.c index 3eb4ebead2..f4ab8f5352 100644 --- a/providers/implementations/ciphers/cipher_blowfish.c +++ b/providers/implementations/ciphers/cipher_blowfish.c @@ -17,6 +17,7 @@ #include "cipher_blowfish.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #define BF_FLAGS (EVP_CIPH_VARIABLE_LENGTH) @@ -34,8 +35,12 @@ static void blowfish_freectx(void *vctx) static void *blowfish_dupctx(void *ctx) { PROV_BLOWFISH_CTX *in = (PROV_BLOWFISH_CTX *)ctx; - PROV_BLOWFISH_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_BLOWFISH_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_camellia.c b/providers/implementations/ciphers/cipher_camellia.c index ffb23b475a..84d5aaaa89 100644 --- a/providers/implementations/ciphers/cipher_camellia.c +++ b/providers/implementations/ciphers/cipher_camellia.c @@ -17,6 +17,7 @@ #include "cipher_camellia.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn camellia_freectx; static OSSL_FUNC_cipher_dupctx_fn camellia_dupctx; @@ -32,8 +33,12 @@ static void camellia_freectx(void *vctx) static void *camellia_dupctx(void *ctx) { PROV_CAMELLIA_CTX *in = (PROV_CAMELLIA_CTX *)ctx; - PROV_CAMELLIA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_CAMELLIA_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_cast5.c b/providers/implementations/ciphers/cipher_cast5.c index 938b8d2013..bc3088f81b 100644 --- a/providers/implementations/ciphers/cipher_cast5.c +++ b/providers/implementations/ciphers/cipher_cast5.c @@ -17,6 +17,7 @@ #include "cipher_cast.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #define CAST5_FLAGS (EVP_CIPH_VARIABLE_LENGTH) @@ -35,8 +36,12 @@ static void cast5_freectx(void *vctx) static void *cast5_dupctx(void *ctx) { PROV_CAST_CTX *in = (PROV_CAST_CTX *)ctx; - PROV_CAST_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_CAST_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c index 4e02ce9493..56bc1b95af 100644 --- a/providers/implementations/ciphers/cipher_chacha20.c +++ b/providers/implementations/ciphers/cipher_chacha20.c @@ -11,6 +11,7 @@ #include "cipher_chacha20.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE) @@ -43,11 +44,15 @@ void chacha20_initctx(PROV_CHACHA20_CTX *ctx) static void *chacha20_newctx(void *provctx) { - PROV_CHACHA20_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_CHACHA20_CTX *ctx; - if (ctx != NULL) - chacha20_initctx(ctx); - return ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); + if (ctx != NULL) + chacha20_initctx(ctx); + return ctx; } static void chacha20_freectx(void *vctx) @@ -141,6 +146,7 @@ int chacha20_einit(void *vctx, const unsigned char *key, size_t keylen, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret= cipher_generic_einit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -156,6 +162,7 @@ int chacha20_dinit(void *vctx, const unsigned char *key, size_t keylen, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret= cipher_generic_dinit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; diff --git a/providers/implementations/ciphers/cipher_chacha20_poly1305.c b/providers/implementations/ciphers/cipher_chacha20_poly1305.c index 90ff4ce1f5..da47e34fdf 100644 --- a/providers/implementations/ciphers/cipher_chacha20_poly1305.c +++ b/providers/implementations/ciphers/cipher_chacha20_poly1305.c @@ -11,6 +11,7 @@ #include "cipher_chacha20_poly1305.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" @@ -43,8 +44,12 @@ static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_pa static void *chacha20_poly1305_newctx(void *provctx) { - PROV_CHACHA20_POLY1305_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_CHACHA20_POLY1305_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) { cipher_generic_initkey(&ctx->base, CHACHA20_POLY1305_KEYLEN * 8, CHACHA20_POLY1305_BLKLEN * 8, @@ -229,6 +234,7 @@ static int chacha20_poly1305_einit(void *vctx, const unsigned char *key, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret = cipher_generic_einit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -246,6 +252,7 @@ static int chacha20_poly1305_dinit(void *vctx, const unsigned char *key, { int ret; + /* The generic function checks for ossl_prov_is_running() */ ret = cipher_generic_dinit(vctx, key, keylen, iv, ivlen); if (ret && iv != NULL) { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; @@ -265,6 +272,9 @@ static int chacha20_poly1305_cipher(void *vctx, unsigned char *out, PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + if (!ossl_prov_is_running()) + return 0; + if (inl == 0) { *outl = 0; return 1; @@ -288,6 +298,9 @@ static int chacha20_poly1305_final(void *vctx, unsigned char *out, size_t *outl, PROV_CIPHER_HW_CHACHA20_POLY1305 *hw = (PROV_CIPHER_HW_CHACHA20_POLY1305 *)ctx->hw; + if (!ossl_prov_is_running()) + return 0; + if (hw->aead_cipher(ctx, out, outl, NULL, 0) <= 0) return 0; diff --git a/providers/implementations/ciphers/cipher_des.c b/providers/implementations/ciphers/cipher_des.c index 4974234efd..269125c63d 100644 --- a/providers/implementations/ciphers/cipher_des.c +++ b/providers/implementations/ciphers/cipher_des.c @@ -17,6 +17,7 @@ #include "cipher_des.h" #include #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /* TODO(3.0) Figure out what flags need to be here */ @@ -32,8 +33,12 @@ static void *des_newctx(void *provctx, size_t kbits, size_t blkbits, size_t ivbits, unsigned int mode, uint64_t flags, const PROV_CIPHER_HW *hw) { - PROV_DES_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_DES_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) cipher_generic_initkey(ctx, kbits, blkbits, ivbits, mode, flags, hw, provctx); @@ -43,8 +48,12 @@ static void *des_newctx(void *provctx, size_t kbits, size_t blkbits, static void *des_dupctx(void *ctx) { PROV_DES_CTX *in = (PROV_DES_CTX *)ctx; - PROV_DES_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_DES_CTX *ret; + + if (!ossl_prov_is_running()) + return NULL; + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -67,6 +76,9 @@ static int des_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->num = 0; ctx->bufsz = 0; ctx->enc = enc; diff --git a/providers/implementations/ciphers/cipher_idea.c b/providers/implementations/ciphers/cipher_idea.c index 7fc5d8403d..07a6d4b997 100644 --- a/providers/implementations/ciphers/cipher_idea.c +++ b/providers/implementations/ciphers/cipher_idea.c @@ -18,6 +18,7 @@ #include "cipher_idea.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn idea_freectx; static OSSL_FUNC_cipher_dupctx_fn idea_dupctx; @@ -33,8 +34,12 @@ static void idea_freectx(void *vctx) static void *idea_dupctx(void *ctx) { PROV_IDEA_CTX *in = (PROV_IDEA_CTX *)ctx; - PROV_IDEA_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_IDEA_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_null.c b/providers/implementations/ciphers/cipher_null.c index 3cf64c2271..c29fdd4b32 100644 --- a/providers/implementations/ciphers/cipher_null.c +++ b/providers/implementations/ciphers/cipher_null.c @@ -12,6 +12,7 @@ #include #include "prov/implementations.h" #include "prov/ciphercommon.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" typedef struct prov_cipher_null_ctx_st { @@ -23,6 +24,9 @@ typedef struct prov_cipher_null_ctx_st { static OSSL_FUNC_cipher_newctx_fn null_newctx; static void *null_newctx(void *provctx) { + if (!ossl_prov_is_running()) + return NULL; + return OPENSSL_zalloc(sizeof(PROV_CIPHER_NULL_CTX)); } @@ -38,6 +42,9 @@ static int null_einit(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = 1; return 1; } @@ -46,6 +53,9 @@ static OSSL_FUNC_cipher_decrypt_init_fn null_dinit; static int null_dinit(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen) { + if (!ossl_prov_is_running()) + return 0; + return 1; } @@ -55,6 +65,9 @@ static int null_cipher(void *vctx, unsigned char *out, size_t *outl, { PROV_CIPHER_NULL_CTX *ctx = (PROV_CIPHER_NULL_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (!ctx->enc && ctx->tlsmacsize > 0) { /* * TLS NULL cipher as per: @@ -77,6 +90,9 @@ static OSSL_FUNC_cipher_final_fn null_final; static int null_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + if (!ossl_prov_is_running()) + return 0; + *outl = 0; return 1; } diff --git a/providers/implementations/ciphers/cipher_rc2.c b/providers/implementations/ciphers/cipher_rc2.c index d1558be002..85151718ee 100644 --- a/providers/implementations/ciphers/cipher_rc2.c +++ b/providers/implementations/ciphers/cipher_rc2.c @@ -17,6 +17,7 @@ #include "cipher_rc2.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #define RC2_40_MAGIC 0xa0 @@ -39,8 +40,12 @@ static void rc2_freectx(void *vctx) static void *rc2_dupctx(void *ctx) { PROV_RC2_CTX *in = (PROV_RC2_CTX *)ctx; - PROV_RC2_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_RC2_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -198,7 +203,10 @@ static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ { \ - PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + PROV_##UCALG##_CTX *ctx; \ + if (!ossl_prov_is_running()) \ + return NULL; \ + ctx = OPENSSL_zalloc(sizeof(*ctx)); \ if (ctx != NULL) { \ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ EVP_CIPH_##UCMODE##_MODE, flags, \ diff --git a/providers/implementations/ciphers/cipher_rc4.c b/providers/implementations/ciphers/cipher_rc4.c index 4660185d45..02fff58acd 100644 --- a/providers/implementations/ciphers/cipher_rc4.c +++ b/providers/implementations/ciphers/cipher_rc4.c @@ -17,6 +17,7 @@ #include "cipher_rc4.h" #include "prov/implementations.h" +#include "prov/providercommon.h" /* TODO (3.0) Figure out what flags are required */ #define RC4_FLAGS EVP_CIPH_FLAG_DEFAULT_ASN1 @@ -35,8 +36,12 @@ static void rc4_freectx(void *vctx) static void *rc4_dupctx(void *ctx) { PROV_RC4_CTX *in = (PROV_RC4_CTX *)ctx; - PROV_RC4_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_RC4_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -56,7 +61,10 @@ static int alg##_##kbits##_get_params(OSSL_PARAM params[]) \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_newctx; \ static void * alg##_##kbits##_newctx(void *provctx) \ { \ - PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + PROV_##UCALG##_CTX *ctx; \ + if (!ossl_prov_is_running()) \ + return NULL; \ + ctx = OPENSSL_zalloc(sizeof(*ctx)); \ if (ctx != NULL) { \ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, 0, flags, \ PROV_CIPHER_HW_##alg(kbits), NULL); \ diff --git a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c index 736857ec13..18886ee16c 100644 --- a/providers/implementations/ciphers/cipher_rc4_hmac_md5.c +++ b/providers/implementations/ciphers/cipher_rc4_hmac_md5.c @@ -17,6 +17,7 @@ #include "cipher_rc4_hmac_md5.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /* TODO(3.0) Figure out what flags are required */ @@ -46,8 +47,12 @@ static OSSL_FUNC_cipher_get_params_fn rc4_hmac_md5_get_params; static void *rc4_hmac_md5_newctx(void *provctx) { - PROV_RC4_HMAC_MD5_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + PROV_RC4_HMAC_MD5_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) cipher_generic_initkey(ctx, RC4_HMAC_MD5_KEY_BITS, RC4_HMAC_MD5_BLOCK_BITS, diff --git a/providers/implementations/ciphers/cipher_rc5.c b/providers/implementations/ciphers/cipher_rc5.c index 68ce6fdd91..848b80d2a7 100644 --- a/providers/implementations/ciphers/cipher_rc5.c +++ b/providers/implementations/ciphers/cipher_rc5.c @@ -17,6 +17,7 @@ #include "cipher_rc5.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" static OSSL_FUNC_cipher_freectx_fn rc5_freectx; @@ -35,8 +36,12 @@ static void rc5_freectx(void *vctx) static void *rc5_dupctx(void *ctx) { PROV_RC5_CTX *in = (PROV_RC5_CTX *)ctx; - PROV_RC5_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_RC5_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -109,7 +114,10 @@ static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ { \ - PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + PROV_##UCALG##_CTX *ctx; \ + if (!ossl_prov_is_running()) \ + return NULL; \ + ctx = OPENSSL_zalloc(sizeof(*ctx)); \ if (ctx != NULL) { \ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ EVP_CIPH_##UCMODE##_MODE, flags, \ diff --git a/providers/implementations/ciphers/cipher_seed.c b/providers/implementations/ciphers/cipher_seed.c index 53520b3c4d..92cdbf4a43 100644 --- a/providers/implementations/ciphers/cipher_seed.c +++ b/providers/implementations/ciphers/cipher_seed.c @@ -17,6 +17,7 @@ #include "cipher_seed.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn seed_freectx; static OSSL_FUNC_cipher_dupctx_fn seed_dupctx; @@ -32,8 +33,12 @@ static void seed_freectx(void *vctx) static void *seed_dupctx(void *ctx) { PROV_SEED_CTX *in = (PROV_SEED_CTX *)ctx; - PROV_SEED_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_SEED_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_sm4.c b/providers/implementations/ciphers/cipher_sm4.c index a5920562fc..a917e8e29a 100644 --- a/providers/implementations/ciphers/cipher_sm4.c +++ b/providers/implementations/ciphers/cipher_sm4.c @@ -11,6 +11,7 @@ #include "cipher_sm4.h" #include "prov/implementations.h" +#include "prov/providercommon.h" static OSSL_FUNC_cipher_freectx_fn sm4_freectx; static OSSL_FUNC_cipher_dupctx_fn sm4_dupctx; @@ -26,8 +27,12 @@ static void sm4_freectx(void *vctx) static void *sm4_dupctx(void *ctx) { PROV_SM4_CTX *in = (PROV_SM4_CTX *)ctx; - PROV_SM4_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_SM4_CTX *ret; + if (!ossl_prov_is_running()) + return NULL; + + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/providers/implementations/ciphers/cipher_tdes_common.c b/providers/implementations/ciphers/cipher_tdes_common.c index a226e2aac4..1340c6034b 100644 --- a/providers/implementations/ciphers/cipher_tdes_common.c +++ b/providers/implementations/ciphers/cipher_tdes_common.c @@ -17,13 +17,18 @@ #include "cipher_tdes.h" #include #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits, size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw) { - PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx)); + PROV_TDES_CTX *tctx; + if (!ossl_prov_is_running()) + return NULL; + + tctx = OPENSSL_zalloc(sizeof(*tctx)); if (tctx != NULL) cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw, provctx); @@ -33,8 +38,12 @@ void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits, void *tdes_dupctx(void *ctx) { PROV_TDES_CTX *in = (PROV_TDES_CTX *)ctx; - PROV_TDES_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + PROV_TDES_CTX *ret; + + if (!ossl_prov_is_running()) + return NULL; + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return NULL; @@ -57,6 +66,9 @@ static int tdes_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->num = 0; ctx->bufsz = 0; ctx->enc = enc; diff --git a/providers/implementations/ciphers/cipher_tdes_wrap.c b/providers/implementations/ciphers/cipher_tdes_wrap.c index 73d00a58d5..8fc086c343 100644 --- a/providers/implementations/ciphers/cipher_tdes_wrap.c +++ b/providers/implementations/ciphers/cipher_tdes_wrap.c @@ -18,6 +18,7 @@ #include "cipher_tdes_default.h" #include "crypto/evp.h" #include "prov/implementations.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /* TODO (3.0) Figure out what flags are required */ @@ -133,6 +134,9 @@ static int tdes_wrap_cipher(void *vctx, int ret; *outl = 0; + if (!ossl_prov_is_running()) + return 0; + if (outsize < inl) { PROVerr(0, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c index b49f27f29d..08693080bd 100644 --- a/providers/implementations/ciphers/ciphercommon.c +++ b/providers/implementations/ciphers/ciphercommon.c @@ -15,6 +15,7 @@ #include #include "ciphercommon_local.h" #include "prov/provider_ctx.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" /*- @@ -155,6 +156,9 @@ static int cipher_generic_init_internal(PROV_CIPHER_CTX *ctx, ctx->updated = 0; ctx->enc = enc ? 1 : 0; + if (!ossl_prov_is_running()) + return 0; + if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { if (!cipher_generic_initiv(ctx, iv, ivlen)) return 0; @@ -334,6 +338,9 @@ int cipher_generic_block_final(void *vctx, unsigned char *out, size_t *outl, PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; size_t blksz = ctx->blocksize; + if (!ossl_prov_is_running()) + return 0; + if (ctx->tlsversion > 0) { /* We never finalize TLS, so this is an error */ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); @@ -433,6 +440,9 @@ int cipher_generic_stream_update(void *vctx, unsigned char *out, size_t *outl, int cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + if (!ossl_prov_is_running()) + return 0; + *outl = 0; return 1; } @@ -443,6 +453,9 @@ int cipher_generic_cipher(void *vctx, { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; diff --git a/providers/implementations/ciphers/ciphercommon_ccm.c b/providers/implementations/ciphers/ciphercommon_ccm.c index bdbfa74d40..b7f21b3df6 100644 --- a/providers/implementations/ciphers/ciphercommon_ccm.c +++ b/providers/implementations/ciphers/ciphercommon_ccm.c @@ -11,6 +11,7 @@ #include "prov/ciphercommon.h" #include "prov/ciphercommon_ccm.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" static int ccm_cipher_internal(PROV_CCM_CTX *ctx, unsigned char *out, @@ -21,7 +22,7 @@ static int ccm_tls_init(PROV_CCM_CTX *ctx, unsigned char *aad, size_t alen) { size_t len; - if (alen != EVP_AEAD_TLS1_AAD_LEN) + if (!ossl_prov_is_running() || alen != EVP_AEAD_TLS1_AAD_LEN) return 0; /* Save the aad for later use. */ @@ -220,6 +221,9 @@ static int ccm_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; if (iv != NULL) { @@ -276,6 +280,9 @@ int ccm_stream_final(void *vctx, unsigned char *out, size_t *outl, PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; int i; + if (!ossl_prov_is_running()) + return 0; + i = ccm_cipher_internal(ctx, out, outl, NULL, 0); if (i <= 0) return 0; @@ -290,6 +297,9 @@ int ccm_cipher(void *vctx, { PROV_CCM_CTX *ctx = (PROV_CCM_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; @@ -320,6 +330,9 @@ static int ccm_tls_cipher(PROV_CCM_CTX *ctx, int rv = 0; size_t olen = 0; + if (!ossl_prov_is_running()) + goto err; + /* Encrypt/decrypt must be performed in place */ if (in == NULL || out != in || len < EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->m) goto err; diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index 06649b3dc3..abe2e9ace0 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -11,6 +11,7 @@ #include "prov/ciphercommon.h" #include "prov/ciphercommon_gcm.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include #include "prov/provider_ctx.h" @@ -43,6 +44,9 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + ctx->enc = enc; if (iv != NULL) { @@ -311,6 +315,9 @@ int gcm_stream_final(void *vctx, unsigned char *out, size_t *outl, PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; int i; + if (!ossl_prov_is_running()) + return 0; + i = gcm_cipher_internal(ctx, out, outl, NULL, 0); if (i <= 0) return 0; @@ -325,6 +332,9 @@ int gcm_cipher(void *vctx, { PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; @@ -424,7 +434,7 @@ static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len) unsigned char *buf; size_t len; - if (aad_len != EVP_AEAD_TLS1_AAD_LEN) + if (!ossl_prov_is_running() || aad_len != EVP_AEAD_TLS1_AAD_LEN) return 0; /* Save the aad for later use. */ @@ -489,7 +499,7 @@ static int gcm_tls_cipher(PROV_GCM_CTX *ctx, unsigned char *out, size_t *padlen, size_t plen = 0; unsigned char *tag = NULL; - if (!ctx->key_set) + if (!ossl_prov_is_running() || !ctx->key_set) goto err; /* Encrypt/decrypt must be performed in place */ diff --git a/providers/implementations/include/prov/ciphercommon.h b/providers/implementations/include/prov/ciphercommon.h index 90f6d39d39..3789f4c00d 100644 --- a/providers/implementations/include/prov/ciphercommon.h +++ b/providers/implementations/include/prov/ciphercommon.h @@ -181,7 +181,8 @@ static int alg##_##kbits##_##lcmode##_get_params(OSSL_PARAM params[]) \ static OSSL_FUNC_cipher_newctx_fn alg##_##kbits##_##lcmode##_newctx; \ static void * alg##_##kbits##_##lcmode##_newctx(void *provctx) \ { \ - PROV_##UCALG##_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); \ + PROV_##UCALG##_CTX *ctx = ossl_prov_is_running() ? OPENSSL_zalloc(sizeof(*ctx))\ + : NULL; \ if (ctx != NULL) { \ cipher_generic_initkey(ctx, kbits, blkbits, ivbits, \ EVP_CIPH_##UCMODE##_MODE, flags, \ -- cgit v1.2.3