From: Pauli Date: Mon, 7 Sep 2020 03:03:07 +0000 (+1000) Subject: mac: add FIPS error state handling X-Git-Tag: openssl-3.0.0-alpha7~286 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5b104a81f088ae0da6b0d2d2c746237694ab0a2c;p=thirdparty%2Fopenssl.git mac: add FIPS error state handling Check for provider being runnable in new, dup, init and final calls. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12801) --- diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index c2f292f9bb5..f7b6bd3e4f0 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -15,6 +15,7 @@ #include "internal/cryptlib.h" #include "prov/providercommonerr.h" #include "prov/implementations.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -42,8 +43,12 @@ static size_t blake2_mac_size(void *vmacctx); static void *blake2_mac_new(void *unused_provctx) { - struct blake2_mac_data_st *macctx = OPENSSL_zalloc(sizeof(*macctx)); + struct blake2_mac_data_st *macctx; + if (!ossl_prov_is_running()) + return NULL; + + macctx = OPENSSL_zalloc(sizeof(*macctx)); if (macctx != NULL) { BLAKE2_PARAM_INIT(&macctx->params); /* ctx initialization is deferred to BLAKE2b_Init() */ @@ -56,6 +61,9 @@ static void *blake2_mac_dup(void *vsrc) struct blake2_mac_data_st *dst; struct blake2_mac_data_st *src = vsrc; + if (!ossl_prov_is_running()) + return NULL; + dst = OPENSSL_zalloc(sizeof(*dst)); if (dst == NULL) return NULL; @@ -78,6 +86,9 @@ static int blake2_mac_init(void *vmacctx) { struct blake2_mac_data_st *macctx = vmacctx; + if (!ossl_prov_is_running()) + return 0; + /* Check key has been set */ if (macctx->params.key_length == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); @@ -104,6 +115,9 @@ static int blake2_mac_final(void *vmacctx, { struct blake2_mac_data_st *macctx = vmacctx; + if (!ossl_prov_is_running()) + return 0; + *outl = blake2_mac_size(macctx); return BLAKE2_FINAL(out, &macctx->ctx); } diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index df73b0c11b7..61b58e01779 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -23,6 +23,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -52,6 +53,9 @@ static void *cmac_new(void *provctx) { struct cmac_data_st *macctx; + if (!ossl_prov_is_running()) + return NULL; + if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL || (macctx->ctx = CMAC_CTX_new()) == NULL) { OPENSSL_free(macctx); @@ -77,8 +81,12 @@ static void cmac_free(void *vmacctx) static void *cmac_dup(void *vsrc) { struct cmac_data_st *src = vsrc; - struct cmac_data_st *dst = cmac_new(src->provctx); + struct cmac_data_st *dst; + if (!ossl_prov_is_running()) + return NULL; + + dst = cmac_new(src->provctx); if (!CMAC_CTX_copy(dst->ctx, src->ctx) || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) { cmac_free(dst); @@ -97,9 +105,14 @@ static size_t cmac_size(void *vmacctx) static int cmac_init(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; - int rv = CMAC_Init(macctx->ctx, NULL, 0, - ossl_prov_cipher_cipher(&macctx->cipher), - ossl_prov_cipher_engine(&macctx->cipher)); + int rv; + + if (!ossl_prov_is_running()) + return 0; + + rv = CMAC_Init(macctx->ctx, NULL, 0, + ossl_prov_cipher_cipher(&macctx->cipher), + ossl_prov_cipher_engine(&macctx->cipher)); ossl_prov_cipher_reset(&macctx->cipher); return rv; @@ -118,6 +131,9 @@ static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl, { struct cmac_data_st *macctx = vmacctx; + if (!ossl_prov_is_running()) + return 0; + return CMAC_Final(macctx->ctx, out, outl); } diff --git a/providers/implementations/macs/gmac_prov.c b/providers/implementations/macs/gmac_prov.c index c44dea3ec19..1beb7c20b1b 100644 --- a/providers/implementations/macs/gmac_prov.c +++ b/providers/implementations/macs/gmac_prov.c @@ -19,6 +19,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -61,6 +62,9 @@ static void *gmac_new(void *provctx) { struct gmac_data_st *macctx; + if (!ossl_prov_is_running()) + return NULL; + if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL || (macctx->ctx = EVP_CIPHER_CTX_new()) == NULL) { gmac_free(macctx); @@ -74,8 +78,12 @@ static void *gmac_new(void *provctx) static void *gmac_dup(void *vsrc) { struct gmac_data_st *src = vsrc; - struct gmac_data_st *dst = gmac_new(src->provctx); + struct gmac_data_st *dst; + + if (!ossl_prov_is_running()) + return NULL; + dst = gmac_new(src->provctx); if (dst == NULL) return NULL; @@ -89,7 +97,7 @@ static void *gmac_dup(void *vsrc) static int gmac_init(void *vmacctx) { - return 1; + return ossl_prov_is_running(); } static int gmac_update(void *vmacctx, const unsigned char *data, @@ -117,6 +125,9 @@ static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, struct gmac_data_st *macctx = vmacctx; int hlen = 0; + if (!ossl_prov_is_running()) + return 0; + if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen)) return 0; diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index f6cb544f64e..2f99e75a887 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -25,6 +25,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -76,6 +77,9 @@ static void *hmac_new(void *provctx) { struct hmac_data_st *macctx; + if (!ossl_prov_is_running()) + return NULL; + if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL || (macctx->ctx = HMAC_CTX_new()) == NULL) { OPENSSL_free(macctx); @@ -102,9 +106,12 @@ static void hmac_free(void *vmacctx) static void *hmac_dup(void *vsrc) { struct hmac_data_st *src = vsrc; - struct hmac_data_st *dst = hmac_new(src->provctx); + struct hmac_data_st *dst; HMAC_CTX *ctx; + if (!ossl_prov_is_running()) + return NULL; + dst = hmac_new(src->provctx); if (dst == NULL) return NULL; @@ -140,9 +147,13 @@ static size_t hmac_size(void *vmacctx) static int hmac_init(void *vmacctx) { struct hmac_data_st *macctx = vmacctx; - const EVP_MD *digest = ossl_prov_digest_md(&macctx->digest); + const EVP_MD *digest; int rv = 1; + if (!ossl_prov_is_running()) + return 0; + + digest = ossl_prov_digest_md(&macctx->digest); /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ if (macctx->tls_data_size == 0 && digest != NULL) rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest, @@ -191,6 +202,8 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, unsigned int hlen; struct hmac_data_st *macctx = vmacctx; + if (!ossl_prov_is_running()) + return 0; if (macctx->tls_data_size > 0) { if (macctx->tls_mac_out_size == 0) return 0; diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index ce3247baa20..b8c3419e0ac 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -58,6 +58,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -158,6 +159,9 @@ static struct kmac_data_st *kmac_new(void *provctx) { struct kmac_data_st *kctx; + if (!ossl_prov_is_running()) + return NULL; + if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL || (kctx->ctx = EVP_MD_CTX_new()) == NULL) { kmac_free(kctx); @@ -206,8 +210,12 @@ static void *kmac256_new(void *provctx) static void *kmac_dup(void *vsrc) { struct kmac_data_st *src = vsrc; - struct kmac_data_st *dst = kmac_new(src->provctx); + struct kmac_data_st *dst; + + if (!ossl_prov_is_running()) + return NULL; + dst = kmac_new(src->provctx); if (dst == NULL) return NULL; @@ -239,6 +247,8 @@ static int kmac_init(void *vmacctx) unsigned char out[KMAC_MAX_BLOCKSIZE]; int out_len, block_len; + if (!ossl_prov_is_running()) + return 0; /* Check key has been set */ if (kctx->key_len == 0) { @@ -292,6 +302,9 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN]; int ok; + if (!ossl_prov_is_running()) + return 0; + /* KMAC XOF mode sets the encoded length to 0 */ lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8)); diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c index 36546eb95d9..57dba2307e0 100644 --- a/providers/implementations/macs/poly1305_prov.c +++ b/providers/implementations/macs/poly1305_prov.c @@ -17,6 +17,7 @@ #include "prov/providercommonerr.h" #include "prov/implementations.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -43,8 +44,11 @@ static size_t poly1305_size(void); static void *poly1305_new(void *provctx) { - struct poly1305_data_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + struct poly1305_data_st *ctx; + if (!ossl_prov_is_running()) + return NULL; + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ctx->provctx = provctx; return ctx; @@ -58,8 +62,11 @@ static void poly1305_free(void *vmacctx) static void *poly1305_dup(void *vsrc) { struct poly1305_data_st *src = vsrc; - struct poly1305_data_st *dst = poly1305_new(src->provctx); + struct poly1305_data_st *dst; + if (!ossl_prov_is_running()) + return NULL; + dst = poly1305_new(src->provctx); if (dst == NULL) return NULL; @@ -75,7 +82,7 @@ static size_t poly1305_size(void) static int poly1305_init(void *vmacctx) { /* initialize the context in MAC_ctrl function */ - return 1; + return ossl_prov_is_running(); } static int poly1305_update(void *vmacctx, const unsigned char *data, @@ -96,6 +103,8 @@ static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl, { struct poly1305_data_st *ctx = vmacctx; + if (!ossl_prov_is_running()) + return 0; Poly1305_Final(&ctx->poly1305, out); *outl = poly1305_size(); return 1; diff --git a/providers/implementations/macs/siphash_prov.c b/providers/implementations/macs/siphash_prov.c index 1bea7a27877..65674730763 100644 --- a/providers/implementations/macs/siphash_prov.c +++ b/providers/implementations/macs/siphash_prov.c @@ -24,6 +24,7 @@ #include "prov/providercommonerr.h" #include "prov/implementations.h" +#include "prov/providercommon.h" /* * Forward declaration of everything implemented here. This is not strictly @@ -49,8 +50,11 @@ struct siphash_data_st { static void *siphash_new(void *provctx) { - struct siphash_data_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); + struct siphash_data_st *ctx; + if (!ossl_prov_is_running()) + return NULL; + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx != NULL) ctx->provctx = provctx; return ctx; @@ -64,8 +68,11 @@ static void siphash_free(void *vmacctx) static void *siphash_dup(void *vsrc) { struct siphash_data_st *ssrc = vsrc; - struct siphash_data_st *sdst = siphash_new(ssrc->provctx); + struct siphash_data_st *sdst; + if (!ossl_prov_is_running()) + return NULL; + sdst = siphash_new(ssrc->provctx); if (sdst == NULL) return NULL; @@ -83,7 +90,7 @@ static size_t siphash_size(void *vmacctx) static int siphash_init(void *vmacctx) { /* Not much to do here, actual initialization happens through controls */ - return 1; + return ossl_prov_is_running(); } static int siphash_update(void *vmacctx, const unsigned char *data, @@ -104,7 +111,7 @@ static int siphash_final(void *vmacctx, unsigned char *out, size_t *outl, struct siphash_data_st *ctx = vmacctx; size_t hlen = siphash_size(ctx); - if (outsize < hlen) + if (!ossl_prov_is_running() || outsize < hlen) return 0; *outl = hlen;