diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 002cdec1f9b655f007b6368f95d8a84cd23083e5..b198f117d14225cf0b7f18bc4df990c91a66e777 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -135,10 +135,12 @@ static void *dh_newdata(void *provctx) { DH *dh = NULL; - dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx)); - if (dh != NULL) { - DH_clear_flags(dh, DH_FLAG_TYPE_MASK); - DH_set_flags(dh, DH_FLAG_TYPE_DH); + if (ossl_prov_is_running()) { + dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx)); + if (dh != NULL) { + DH_clear_flags(dh, DH_FLAG_TYPE_MASK); + DH_set_flags(dh, DH_FLAG_TYPE_DH); + } } return dh; } @@ -165,7 +167,7 @@ static int dh_has(void *keydata, int selection) DH *dh = keydata; int ok = 0; - if (dh != NULL) { + if (ossl_prov_is_running() && dh != NULL) { if ((selection & DH_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -185,6 +187,9 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection) const DH *dh2 = keydata2; int ok = 1; + if (!ossl_prov_is_running()) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) @@ -203,7 +208,7 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[]) DH *dh = keydata; int ok = 1; - if (dh == NULL) + if (!ossl_prov_is_running() || dh == NULL) return 0; if ((selection & DH_POSSIBLE_SELECTIONS) == 0) @@ -226,7 +231,7 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, OSSL_PARAM *params = NULL; int ok = 1; - if (dh == NULL) + if (!ossl_prov_is_running() || dh == NULL) return 0; tmpl = OSSL_PARAM_BLD_new(); @@ -402,6 +407,9 @@ static int dh_validate(void *keydata, int selection) DH *dh = keydata; int ok = 0; + if (!ossl_prov_is_running()) + return 0; + if ((selection & DH_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -425,6 +433,9 @@ static void *dh_gen_init_base(void *provctx, int selection, int type) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct dh_gen_ctx *gctx = NULL; + if (!ossl_prov_is_running()) + return NULL; + if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) return NULL; @@ -460,7 +471,7 @@ static int dh_gen_set_template(void *genctx, void *templ) struct dh_gen_ctx *gctx = genctx; DH *dh = templ; - if (gctx == NULL || dh == NULL) + if (!ossl_prov_is_running() || gctx == NULL || dh == NULL) return 0; gctx->ffc_params = dh_get0_params(dh); return 1; @@ -587,7 +598,7 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) BN_GENCB *gencb = NULL; FFC_PARAMS *ffc; - if (gctx == NULL) + if (!ossl_prov_is_running() || gctx == NULL) return NULL; /* For parameter generation - If there is a group name just create it */ @@ -686,7 +697,7 @@ void *dh_load(const void *reference, size_t reference_sz) { DH *dh = NULL; - if (reference_sz == sizeof(dh)) { + if (ossl_prov_is_running() && reference_sz == sizeof(dh)) { /* The contents of the reference is the address to our object */ dh = *(DH **)reference; /* We grabbed, so we detach it */ diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 855fa18c38256b0dc3b7e8de0737ba6f53e5e288..8e63d1380d9912dd1d20588b7fabc528077fce7b 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -111,6 +111,8 @@ static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) static void *dsa_newdata(void *provctx) { + if (!ossl_prov_is_running()) + return NULL; return dsa_new_with_ctx(PROV_LIBRARY_CONTEXT_OF(provctx)); } @@ -124,7 +126,7 @@ static int dsa_has(void *keydata, int selection) DSA *dsa = keydata; int ok = 0; - if (dsa != NULL) { + if (ossl_prov_is_running() && dsa != NULL) { if ((selection & DSA_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -144,6 +146,9 @@ static int dsa_match(const void *keydata1, const void *keydata2, int selection) const DSA *dsa2 = keydata2; int ok = 1; + if (!ossl_prov_is_running()) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && BN_cmp(DSA_get0_pub_key(dsa1), DSA_get0_pub_key(dsa2)) == 0; @@ -164,7 +169,7 @@ static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[]) DSA *dsa = keydata; int ok = 1; - if (dsa == NULL) + if (!ossl_prov_is_running() || dsa == NULL) return 0; if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) @@ -186,7 +191,7 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, OSSL_PARAM *params = NULL; int ok = 1; - if (dsa == NULL) + if (!ossl_prov_is_running() || dsa == NULL) goto err; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) @@ -334,6 +339,9 @@ static int dsa_validate(void *keydata, int selection) DSA *dsa = keydata; int ok = 0; + if (!ossl_prov_is_running()) + return 0; + if ((selection & DSA_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -358,7 +366,7 @@ static void *dsa_gen_init(void *provctx, int selection) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct dsa_gen_ctx *gctx = NULL; - if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) + if (!ossl_prov_is_running() || (selection & DSA_POSSIBLE_SELECTIONS) == 0) return NULL; if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { @@ -379,7 +387,7 @@ static int dsa_gen_set_template(void *genctx, void *templ) struct dsa_gen_ctx *gctx = genctx; DSA *dsa = templ; - if (gctx == NULL || dsa == NULL) + if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL) return 0; gctx->ffc_params = dsa_get0_params(dsa); return 1; @@ -490,7 +498,7 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) int ret = 0; FFC_PARAMS *ffc; - if (gctx == NULL) + if (!ossl_prov_is_running() || gctx == NULL) return NULL; dsa = dsa_new_with_ctx(gctx->libctx); if (dsa == NULL) @@ -564,7 +572,7 @@ void *dsa_load(const void *reference, size_t reference_sz) { DSA *dsa = NULL; - if (reference_sz == sizeof(dsa)) { + if (ossl_prov_is_running() && reference_sz == sizeof(dsa)) { /* The contents of the reference is the address to our object */ dsa = *(DSA **)reference; /* We grabbed, so we detach it */ diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 9c2e627e37b05657544851b9049617df65085357..6e493caa3be33fb94b6fc423297827012169e62a 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -212,6 +212,8 @@ int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, static void *ec_newdata(void *provctx) { + if (!ossl_prov_is_running()) + return NULL; return EC_KEY_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx), NULL); } @@ -227,7 +229,7 @@ int ec_has(void *keydata, int selection) EC_KEY *ec = keydata; int ok = 0; - if (ec != NULL) { + if (ossl_prov_is_running() && ec != NULL) { if ((selection & EC_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -255,6 +257,9 @@ static int ec_match(const void *keydata1, const void *keydata2, int selection) BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(ec1)); int ok = 1; + if (!ossl_prov_is_running()) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) ok = ok && group_a != NULL && group_b != NULL && EC_GROUP_cmp(group_a, group_b, ctx) == 0; @@ -280,7 +285,7 @@ int ec_import(void *keydata, int selection, const OSSL_PARAM params[]) EC_KEY *ec = keydata; int ok = 1; - if (ec == NULL) + if (!ossl_prov_is_running() || ec == NULL) return 0; /* @@ -327,7 +332,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, BN_CTX *bnctx = NULL; int ok = 1; - if (ec == NULL) + if (!ossl_prov_is_running() || ec == NULL) return 0; /* @@ -681,7 +686,7 @@ int ec_validate(void *keydata, int selection) int ok = 0; BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck)); - if (ctx == NULL) + if (!ossl_prov_is_running() || ctx == NULL) return 0; if ((selection & EC_POSSIBLE_SELECTIONS) != 0) @@ -721,7 +726,7 @@ static void *ec_gen_init(void *provctx, int selection) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct ec_gen_ctx *gctx = NULL; - if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0) + if (!ossl_prov_is_running() || (selection & (EC_POSSIBLE_SELECTIONS)) == 0) return NULL; if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { @@ -753,7 +758,7 @@ static int ec_gen_set_template(void *genctx, void *templ) EC_KEY *ec = templ; const EC_GROUP *ec_group; - if (gctx == NULL || ec == NULL) + if (!ossl_prov_is_running() || gctx == NULL || ec == NULL) return 0; if ((ec_group = EC_KEY_get0_group(ec)) == NULL) return 0; @@ -935,7 +940,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) EC_KEY *ec = NULL; int ret = 0; - if (gctx == NULL + if (!ossl_prov_is_running() + || gctx == NULL || (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL) return NULL; @@ -994,7 +1000,7 @@ void *ec_load(const void *reference, size_t reference_sz) { EC_KEY *ec = NULL; - if (reference_sz == sizeof(ec)) { + if (ossl_prov_is_running() && reference_sz == sizeof(ec)) { /* The contents of the reference is the address to our object */ ec = *(EC_KEY **)reference; /* We grabbed, so we detach it */ diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index fff50ef0bf6ceae9d9d183fb5e6b9b878a9a8d53..6e1a2c91c8144be1dbe31908e4e3ba880f127765 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -82,21 +82,29 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx); static void *x25519_new_key(void *provctx) { + if (!ossl_prov_is_running()) + return 0; return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X25519, 0); } static void *x448_new_key(void *provctx) { + if (!ossl_prov_is_running()) + return 0; return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X448, 0); } static void *ed25519_new_key(void *provctx) { + if (!ossl_prov_is_running()) + return 0; return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED25519, 0); } static void *ed448_new_key(void *provctx) { + if (!ossl_prov_is_running()) + return 0; return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED448, 0); } @@ -105,7 +113,7 @@ static int ecx_has(void *keydata, int selection) ECX_KEY *key = keydata; int ok = 0; - if (key != NULL) { + if (ossl_prov_is_running() && key != NULL) { /* * ECX keys always have all the parameters they need (i.e. none). * Therefore we always return with 1, if asked about parameters. @@ -127,6 +135,9 @@ static int ecx_match(const void *keydata1, const void *keydata2, int selection) const ECX_KEY *key2 = keydata2; int ok = 1; + if (!ossl_prov_is_running()) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) ok = ok && key1->type == key2->type; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { @@ -157,7 +168,7 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) int ok = 1; int include_private = 0; - if (key == NULL) + if (!ossl_prov_is_running() || key == NULL) return 0; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) @@ -197,7 +208,7 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, OSSL_PARAM *params = NULL; int ret = 0; - if (key == NULL) + if (!ossl_prov_is_running() || key == NULL) return 0; tmpl = OSSL_PARAM_BLD_new(); @@ -409,6 +420,9 @@ static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct ecx_gen_ctx *gctx = NULL; + if (!ossl_prov_is_running()) + return NULL; + if ((gctx = OPENSSL_malloc(sizeof(*gctx))) != NULL) { gctx->libctx = libctx; gctx->type = type; @@ -539,6 +553,9 @@ static void *x25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { struct ecx_gen_ctx *gctx = genctx; + if (!ossl_prov_is_running()) + return 0; + #ifdef S390X_EC_ASM if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) return s390x_ecx_keygen25519(gctx); @@ -550,6 +567,9 @@ static void *x448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { struct ecx_gen_ctx *gctx = genctx; + if (!ossl_prov_is_running()) + return 0; + #ifdef S390X_EC_ASM if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) return s390x_ecx_keygen448(gctx); @@ -560,6 +580,10 @@ static void *x448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) static void *ed25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { struct ecx_gen_ctx *gctx = genctx; + + if (!ossl_prov_is_running()) + return 0; + #ifdef S390X_EC_ASM if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) @@ -574,6 +598,9 @@ static void *ed448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) { struct ecx_gen_ctx *gctx = genctx; + if (!ossl_prov_is_running()) + return 0; + #ifdef S390X_EC_ASM if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448) @@ -594,7 +621,7 @@ void *ecx_load(const void *reference, size_t reference_sz) { ECX_KEY *key = NULL; - if (reference_sz == sizeof(key)) { + if (ossl_prov_is_running() && reference_sz == sizeof(key)) { /* The contents of the reference is the address to our object */ key = *(ECX_KEY **)reference; /* We grabbed, so we detach it */ diff --git a/providers/implementations/keymgmt/kdf_legacy_kmgmt.c b/providers/implementations/keymgmt/kdf_legacy_kmgmt.c index 33cf87e350147fa369826bf9496fc6d2d7a521b0..f721184ab4e150e433031425f911ff30cdb2dee9 100644 --- a/providers/implementations/keymgmt/kdf_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/kdf_legacy_kmgmt.c @@ -28,8 +28,12 @@ static OSSL_FUNC_keymgmt_has_fn kdf_has; KDF_DATA *kdf_data_new(void *provctx) { - KDF_DATA *kdfdata = OPENSSL_zalloc(sizeof(*kdfdata)); + KDF_DATA *kdfdata; + if (!ossl_prov_is_running()) + return NULL; + + kdfdata = OPENSSL_zalloc(sizeof(*kdfdata)); if (kdfdata == NULL) return NULL; @@ -63,6 +67,16 @@ int kdf_data_up_ref(KDF_DATA *kdfdata) { int ref = 0; + /* This is effectively doing a new operation on the KDF_DATA and should be + * adequately guarded again modules' error states. However, both current + * calls here are guarded propery in exchange/kdf_exch.c. Thus, it + * could be removed here. The concern is that something in the future + * might call this function without adequate guards. It's a cheap call, + * it seems best to leave it even though it is currently redundant. + */ + if (!ossl_prov_is_running()) + return 0; + CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock); return 1; } diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index dd18eecf12e539fb74c258bc7d2d07d320541758..a0ae3add90063374fa9ce7b3817f59209a11ef4e 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -29,6 +29,8 @@ static OSSL_FUNC_keymgmt_free_fn mac_free; static OSSL_FUNC_keymgmt_gen_init_fn mac_gen_init; static OSSL_FUNC_keymgmt_gen_fn mac_gen; static OSSL_FUNC_keymgmt_gen_cleanup_fn mac_gen_cleanup; +static OSSL_FUNC_keymgmt_gen_set_params_fn mac_gen_set_params; +static OSSL_FUNC_keymgmt_gen_settable_params_fn mac_gen_settable_params; static OSSL_FUNC_keymgmt_get_params_fn mac_get_params; static OSSL_FUNC_keymgmt_gettable_params_fn mac_gettable_params; static OSSL_FUNC_keymgmt_set_params_fn mac_set_params; @@ -40,6 +42,13 @@ static OSSL_FUNC_keymgmt_import_types_fn mac_imexport_types; static OSSL_FUNC_keymgmt_export_fn mac_export; static OSSL_FUNC_keymgmt_export_types_fn mac_imexport_types; +static OSSL_FUNC_keymgmt_new_fn mac_new_cmac; +static OSSL_FUNC_keymgmt_gettable_params_fn cmac_gettable_params; +static OSSL_FUNC_keymgmt_import_types_fn cmac_imexport_types; +static OSSL_FUNC_keymgmt_export_types_fn cmac_imexport_types; +static OSSL_FUNC_keymgmt_gen_set_params_fn cmac_gen_set_params; +static OSSL_FUNC_keymgmt_gen_settable_params_fn cmac_gen_settable_params; + struct mac_gen_ctx { OPENSSL_CTX *libctx; int selection; @@ -50,8 +59,12 @@ struct mac_gen_ctx { MAC_KEY *mac_key_new(OPENSSL_CTX *libctx, int cmac) { - MAC_KEY *mackey = OPENSSL_zalloc(sizeof(*mackey)); + MAC_KEY *mackey; + + if (!ossl_prov_is_running()) + return NULL; + mackey = OPENSSL_zalloc(sizeof(*mackey)); if (mackey == NULL) return NULL; @@ -89,6 +102,16 @@ int mac_key_up_ref(MAC_KEY *mackey) { int ref = 0; + /* This is effectively doing a new operation on the MAC_KEY and should be + * adequately guarded again modules' error states. However, both current + * calls here are guarded propery in signature/mac_legacy.c. Thus, it + * could be removed here. The concern is that something in the future + * might call this function without adequate guards. It's a cheap call, + * it seems best to leave it even though it is currently redundant. + */ + if (!ossl_prov_is_running()) + return 0; + CRYPTO_UP_REF(&mackey->refcnt, &ref, mackey->lock); return 1; } @@ -113,7 +136,7 @@ static int mac_has(void *keydata, int selection) MAC_KEY *key = keydata; int ok = 0; - if (key != NULL) { + if (ossl_prov_is_running() && key != NULL) { /* * MAC keys always have all the parameters they need (i.e. none). * Therefore we always return with 1, if asked about parameters. @@ -133,6 +156,9 @@ static int mac_match(const void *keydata1, const void *keydata2, int selection) const MAC_KEY *key2 = keydata2; int ok = 1; + if (!ossl_prov_is_running()) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if ((key1->priv_key == NULL && key2->priv_key != NULL) || (key1->priv_key != NULL && key2->priv_key == NULL) @@ -201,7 +227,7 @@ static int mac_import(void *keydata, int selection, const OSSL_PARAM params[]) { MAC_KEY *key = keydata; - if (key == NULL) + if (!ossl_prov_is_running() || key == NULL) return 0; if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) @@ -247,7 +273,7 @@ static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, OSSL_PARAM *params = NULL; int ret = 0; - if (key == NULL) + if (!ossl_prov_is_running() || key == NULL) return 0; tmpl = OSSL_PARAM_BLD_new(); @@ -349,6 +375,9 @@ static void *mac_gen_init(void *provctx, int selection) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct mac_gen_ctx *gctx = NULL; + if (!ossl_prov_is_running()) + return NULL; + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { gctx->libctx = libctx; gctx->selection = selection; @@ -422,7 +451,7 @@ static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg) struct mac_gen_ctx *gctx = genctx; MAC_KEY *key; - if (gctx == NULL) + if (!ossl_prov_is_running() || gctx == NULL) return NULL; if ((key = mac_key_new(gctx->libctx, 0)) == NULL) { @@ -511,3 +540,4 @@ const OSSL_DISPATCH cmac_legacy_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, { 0, NULL } }; + diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index ab2325d4bd3a027b2cd584ab86ae959331342185..5a8da35d60f01fd2609e49bb9b522b14a20b05c5 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -74,8 +74,12 @@ static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, static void *rsa_newdata(void *provctx) { OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); - RSA *rsa = rsa_new_with_ctx(libctx); + RSA *rsa; + if (!ossl_prov_is_running()) + return NULL; + + rsa = rsa_new_with_ctx(libctx); if (rsa != NULL) { RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); @@ -86,8 +90,12 @@ static void *rsa_newdata(void *provctx) static void *rsapss_newdata(void *provctx) { OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); - RSA *rsa = rsa_new_with_ctx(libctx); + RSA *rsa; + + if (!ossl_prov_is_running()) + return NULL; + rsa = rsa_new_with_ctx(libctx); if (rsa != NULL) { RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); @@ -105,7 +113,7 @@ static int rsa_has(void *keydata, int selection) RSA *rsa = keydata; int ok = 0; - if (rsa != NULL) { + if (rsa != NULL && ossl_prov_is_running()) { if ((selection & RSA_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -128,6 +136,9 @@ static int rsa_match(const void *keydata1, const void *keydata2, int selection) const RSA *rsa2 = keydata2; int ok = 1; + if (!ossl_prov_is_running()) + return 0; + /* There is always an |e| */ ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) @@ -143,7 +154,7 @@ static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) int rsa_type; int ok = 1; - if (rsa == NULL) + if (!ossl_prov_is_running() || rsa == NULL) return 0; if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) @@ -171,7 +182,7 @@ static int rsa_export(void *keydata, int selection, OSSL_PARAM *params = NULL; int ok = 1; - if (rsa == NULL) + if (!ossl_prov_is_running() || rsa == NULL) return 0; /* TODO(3.0) OAEP should bring on parameters */ @@ -351,6 +362,9 @@ static int rsa_validate(void *keydata, int selection) RSA *rsa = keydata; int ok = 0; + if (!ossl_prov_is_running()) + return 0; + if ((selection & RSA_POSSIBLE_SELECTIONS) != 0) ok = 1; @@ -404,6 +418,9 @@ static void *gen_init(void *provctx, int selection, int rsa_type) OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); struct rsa_gen_ctx *gctx = NULL; + if (!ossl_prov_is_running()) + return NULL; + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) return NULL; @@ -507,7 +524,7 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) RSA *rsa = NULL, *rsa_tmp = NULL; BN_GENCB *gencb = NULL; - if (gctx == NULL) + if (!ossl_prov_is_running() || gctx == NULL) return NULL; switch (gctx->rsa_type) { @@ -581,7 +598,7 @@ void *rsa_load(const void *reference, size_t reference_sz) { RSA *rsa = NULL; - if (reference_sz == sizeof(rsa)) { + if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { /* The contents of the reference is the address to our object */ rsa = *(RSA **)reference; /* We grabbed, so we detach it */