Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 422cbcee 编写于 作者: P Pauli
浏览文件
操作

keymgmt: add FIPS error state handling 

The functions that check for the provider being runnable are: new, gen_init,
gen, gen_set_template, load, has, match, validate, import and export.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
上级 f590a5ea
显示空白变更内容
内联 并排
Showing with 155 addition and 42 deletion
providers/implementations/keymgmt/dh_kmgmt.c
浏览文件 @ 422cbcee
......@@ -135,11 +135,13 @@ static void *dh_newdata(void *provctx)
{
DH *dh = NULL;
if (ossl_prov_is_running()) {
dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
if (dh != NULL) {
DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
DH_set_flags(dh, DH_FLAG_TYPE_DH);
}
}
return dh;
}
......@@ -165,7 +167,7 @@ static int dh_has(void *keydata, int selection)
DH *dh = keydata;
int ok = 0;
if (dh != NULL) {
if (ossl_prov_is_running() && dh != NULL) {
if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -185,6 +187,9 @@ static int dh_match(const void *keydata1, const void *keydata2, int selection)
const DH *dh2 = keydata2;
int ok = 1;
if (!ossl_prov_is_running())
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
......@@ -203,7 +208,7 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
DH *dh = keydata;
int ok = 1;
if (dh == NULL)
if (!ossl_prov_is_running() || dh == NULL)
return 0;
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
......@@ -226,7 +231,7 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
OSSL_PARAM *params = NULL;
int ok = 1;
if (dh == NULL)
if (!ossl_prov_is_running() || dh == NULL)
return 0;
tmpl = OSSL_PARAM_BLD_new();
......@@ -402,6 +407,9 @@ static int dh_validate(void *keydata, int selection)
DH *dh = keydata;
int ok = 0;
if (!ossl_prov_is_running())
return 0;
if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -425,6 +433,9 @@ static void *dh_gen_init_base(void *provctx, int selection, int type)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct dh_gen_ctx *gctx = NULL;
if (!ossl_prov_is_running())
return NULL;
if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
return NULL;
......@@ -460,7 +471,7 @@ static int dh_gen_set_template(void *genctx, void *templ)
struct dh_gen_ctx *gctx = genctx;
DH *dh = templ;
if (gctx == NULL || dh == NULL)
if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
return 0;
gctx->ffc_params = dh_get0_params(dh);
return 1;
......@@ -587,7 +598,7 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
BN_GENCB *gencb = NULL;
FFC_PARAMS *ffc;
if (gctx == NULL)
if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
/* For parameter generation - If there is a group name just create it */
......@@ -686,7 +697,7 @@ void *dh_load(const void *reference, size_t reference_sz)
{
DH *dh = NULL;
if (reference_sz == sizeof(dh)) {
if (ossl_prov_is_running() && reference_sz == sizeof(dh)) {
/* The contents of the reference is the address to our object */
dh = *(DH **)reference;
/* We grabbed, so we detach it */
......
providers/implementations/keymgmt/dsa_kmgmt.c
浏览文件 @ 422cbcee
......@@ -111,6 +111,8 @@ static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
static void *dsa_newdata(void *provctx)
{
if (!ossl_prov_is_running())
return NULL;
return dsa_new_with_ctx(PROV_LIBRARY_CONTEXT_OF(provctx));
}
......@@ -124,7 +126,7 @@ static int dsa_has(void *keydata, int selection)
DSA *dsa = keydata;
int ok = 0;
if (dsa != NULL) {
if (ossl_prov_is_running() && dsa != NULL) {
if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -144,6 +146,9 @@ static int dsa_match(const void *keydata1, const void *keydata2, int selection)
const DSA *dsa2 = keydata2;
int ok = 1;
if (!ossl_prov_is_running())
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok
&& BN_cmp(DSA_get0_pub_key(dsa1), DSA_get0_pub_key(dsa2)) == 0;
......@@ -164,7 +169,7 @@ static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
DSA *dsa = keydata;
int ok = 1;
if (dsa == NULL)
if (!ossl_prov_is_running() || dsa == NULL)
return 0;
if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
......@@ -186,7 +191,7 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
OSSL_PARAM *params = NULL;
int ok = 1;
if (dsa == NULL)
if (!ossl_prov_is_running() || dsa == NULL)
goto err;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
......@@ -334,6 +339,9 @@ static int dsa_validate(void *keydata, int selection)
DSA *dsa = keydata;
int ok = 0;
if (!ossl_prov_is_running())
return 0;
if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -358,7 +366,7 @@ static void *dsa_gen_init(void *provctx, int selection)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct dsa_gen_ctx *gctx = NULL;
if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
if (!ossl_prov_is_running() || (selection & DSA_POSSIBLE_SELECTIONS) == 0)
return NULL;
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
......@@ -379,7 +387,7 @@ static int dsa_gen_set_template(void *genctx, void *templ)
struct dsa_gen_ctx *gctx = genctx;
DSA *dsa = templ;
if (gctx == NULL || dsa == NULL)
if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL)
return 0;
gctx->ffc_params = dsa_get0_params(dsa);
return 1;
......@@ -490,7 +498,7 @@ static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
int ret = 0;
FFC_PARAMS *ffc;
if (gctx == NULL)
if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
dsa = dsa_new_with_ctx(gctx->libctx);
if (dsa == NULL)
......@@ -564,7 +572,7 @@ void *dsa_load(const void *reference, size_t reference_sz)
{
DSA *dsa = NULL;
if (reference_sz == sizeof(dsa)) {
if (ossl_prov_is_running() && reference_sz == sizeof(dsa)) {
/* The contents of the reference is the address to our object */
dsa = *(DSA **)reference;
/* We grabbed, so we detach it */
......
providers/implementations/keymgmt/ec_kmgmt.c
浏览文件 @ 422cbcee
......@@ -212,6 +212,8 @@ int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
static
void *ec_newdata(void *provctx)
{
if (!ossl_prov_is_running())
return NULL;
return EC_KEY_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx), NULL);
}
......@@ -227,7 +229,7 @@ int ec_has(void *keydata, int selection)
EC_KEY *ec = keydata;
int ok = 0;
if (ec != NULL) {
if (ossl_prov_is_running() && ec != NULL) {
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -255,6 +257,9 @@ static int ec_match(const void *keydata1, const void *keydata2, int selection)
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(ec1));
int ok = 1;
if (!ossl_prov_is_running())
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && group_a != NULL && group_b != NULL
&& EC_GROUP_cmp(group_a, group_b, ctx) == 0;
......@@ -280,7 +285,7 @@ int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
EC_KEY *ec = keydata;
int ok = 1;
if (ec == NULL)
if (!ossl_prov_is_running() || ec == NULL)
return 0;
/*
......@@ -327,7 +332,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
BN_CTX *bnctx = NULL;
int ok = 1;
if (ec == NULL)
if (!ossl_prov_is_running() || ec == NULL)
return 0;
/*
......@@ -681,7 +686,7 @@ int ec_validate(void *keydata, int selection)
int ok = 0;
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
if (ctx == NULL)
if (!ossl_prov_is_running() || ctx == NULL)
return 0;
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
......@@ -721,7 +726,7 @@ static void *ec_gen_init(void *provctx, int selection)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct ec_gen_ctx *gctx = NULL;
if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0)
if (!ossl_prov_is_running() || (selection & (EC_POSSIBLE_SELECTIONS)) == 0)
return NULL;
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
......@@ -753,7 +758,7 @@ static int ec_gen_set_template(void *genctx, void *templ)
EC_KEY *ec = templ;
const EC_GROUP *ec_group;
if (gctx == NULL || ec == NULL)
if (!ossl_prov_is_running() || gctx == NULL || ec == NULL)
return 0;
if ((ec_group = EC_KEY_get0_group(ec)) == NULL)
return 0;
......@@ -935,7 +940,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
EC_KEY *ec = NULL;
int ret = 0;
if (gctx == NULL
if (!ossl_prov_is_running()
|| gctx == NULL
|| (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL)
return NULL;
......@@ -994,7 +1000,7 @@ void *ec_load(const void *reference, size_t reference_sz)
{
EC_KEY *ec = NULL;
if (reference_sz == sizeof(ec)) {
if (ossl_prov_is_running() && reference_sz == sizeof(ec)) {
/* The contents of the reference is the address to our object */
ec = *(EC_KEY **)reference;
/* We grabbed, so we detach it */
......
providers/implementations/keymgmt/ecx_kmgmt.c
浏览文件 @ 422cbcee
......@@ -82,21 +82,29 @@ static void *s390x_ecd_keygen448(struct ecx_gen_ctx *gctx);
static void *x25519_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X25519, 0);
}
static void *x448_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X448, 0);
}
static void *ed25519_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED25519, 0);
}
static void *ed448_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED448, 0);
}
......@@ -105,7 +113,7 @@ static int ecx_has(void *keydata, int selection)
ECX_KEY *key = keydata;
int ok = 0;
if (key != NULL) {
if (ossl_prov_is_running() && key != NULL) {
/*
* ECX keys always have all the parameters they need (i.e. none).
* Therefore we always return with 1, if asked about parameters.
......@@ -127,6 +135,9 @@ static int ecx_match(const void *keydata1, const void *keydata2, int selection)
const ECX_KEY *key2 = keydata2;
int ok = 1;
if (!ossl_prov_is_running())
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && key1->type == key2->type;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
......@@ -157,7 +168,7 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[])
int ok = 1;
int include_private = 0;
if (key == NULL)
if (!ossl_prov_is_running() || key == NULL)
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
......@@ -197,7 +208,7 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
OSSL_PARAM *params = NULL;
int ret = 0;
if (key == NULL)
if (!ossl_prov_is_running() || key == NULL)
return 0;
tmpl = OSSL_PARAM_BLD_new();
......@@ -409,6 +420,9 @@ static void *ecx_gen_init(void *provctx, int selection, ECX_KEY_TYPE type)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct ecx_gen_ctx *gctx = NULL;
if (!ossl_prov_is_running())
return NULL;
if ((gctx = OPENSSL_malloc(sizeof(*gctx))) != NULL) {
gctx->libctx = libctx;
gctx->type = type;
......@@ -539,6 +553,9 @@ static void *x25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
struct ecx_gen_ctx *gctx = genctx;
if (!ossl_prov_is_running())
return 0;
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519))
return s390x_ecx_keygen25519(gctx);
......@@ -550,6 +567,9 @@ static void *x448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
struct ecx_gen_ctx *gctx = genctx;
if (!ossl_prov_is_running())
return 0;
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448))
return s390x_ecx_keygen448(gctx);
......@@ -560,6 +580,10 @@ static void *x448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
static void *ed25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
struct ecx_gen_ctx *gctx = genctx;
if (!ossl_prov_is_running())
return 0;
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
&& OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
......@@ -574,6 +598,9 @@ static void *ed448_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
struct ecx_gen_ctx *gctx = genctx;
if (!ossl_prov_is_running())
return 0;
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
&& OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448)
......@@ -594,7 +621,7 @@ void *ecx_load(const void *reference, size_t reference_sz)
{
ECX_KEY *key = NULL;
if (reference_sz == sizeof(key)) {
if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
/* The contents of the reference is the address to our object */
key = *(ECX_KEY **)reference;
/* We grabbed, so we detach it */
......
providers/implementations/keymgmt/kdf_legacy_kmgmt.c
浏览文件 @ 422cbcee
......@@ -28,8 +28,12 @@ static OSSL_FUNC_keymgmt_has_fn kdf_has;
KDF_DATA *kdf_data_new(void *provctx)
{
KDF_DATA *kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
KDF_DATA *kdfdata;
if (!ossl_prov_is_running())
return NULL;
kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
if (kdfdata == NULL)
return NULL;
......@@ -63,6 +67,16 @@ int kdf_data_up_ref(KDF_DATA *kdfdata)
{
int ref = 0;
/* This is effectively doing a new operation on the KDF_DATA and should be
* adequately guarded again modules' error states. However, both current
* calls here are guarded propery in exchange/kdf_exch.c. Thus, it
* could be removed here. The concern is that something in the future
* might call this function without adequate guards. It's a cheap call,
* it seems best to leave it even though it is currently redundant.
*/
if (!ossl_prov_is_running())
return 0;
CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
return 1;
}
......
providers/implementations/keymgmt/mac_legacy_kmgmt.c
浏览文件 @ 422cbcee
......@@ -29,6 +29,8 @@ static OSSL_FUNC_keymgmt_free_fn mac_free;
static OSSL_FUNC_keymgmt_gen_init_fn mac_gen_init;
static OSSL_FUNC_keymgmt_gen_fn mac_gen;
static OSSL_FUNC_keymgmt_gen_cleanup_fn mac_gen_cleanup;
static OSSL_FUNC_keymgmt_gen_set_params_fn mac_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn mac_gen_settable_params;
static OSSL_FUNC_keymgmt_get_params_fn mac_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn mac_gettable_params;
static OSSL_FUNC_keymgmt_set_params_fn mac_set_params;
......@@ -40,6 +42,13 @@ static OSSL_FUNC_keymgmt_import_types_fn mac_imexport_types;
static OSSL_FUNC_keymgmt_export_fn mac_export;
static OSSL_FUNC_keymgmt_export_types_fn mac_imexport_types;
static OSSL_FUNC_keymgmt_new_fn mac_new_cmac;
static OSSL_FUNC_keymgmt_gettable_params_fn cmac_gettable_params;
static OSSL_FUNC_keymgmt_import_types_fn cmac_imexport_types;
static OSSL_FUNC_keymgmt_export_types_fn cmac_imexport_types;
static OSSL_FUNC_keymgmt_gen_set_params_fn cmac_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn cmac_gen_settable_params;
struct mac_gen_ctx {
OPENSSL_CTX *libctx;
int selection;
......@@ -50,8 +59,12 @@ struct mac_gen_ctx {
MAC_KEY *mac_key_new(OPENSSL_CTX *libctx, int cmac)
{
MAC_KEY *mackey = OPENSSL_zalloc(sizeof(*mackey));
MAC_KEY *mackey;
if (!ossl_prov_is_running())
return NULL;
mackey = OPENSSL_zalloc(sizeof(*mackey));
if (mackey == NULL)
return NULL;
......@@ -89,6 +102,16 @@ int mac_key_up_ref(MAC_KEY *mackey)
{
int ref = 0;
/* This is effectively doing a new operation on the MAC_KEY and should be
* adequately guarded again modules' error states. However, both current
* calls here are guarded propery in signature/mac_legacy.c. Thus, it
* could be removed here. The concern is that something in the future
* might call this function without adequate guards. It's a cheap call,
* it seems best to leave it even though it is currently redundant.
*/
if (!ossl_prov_is_running())
return 0;
CRYPTO_UP_REF(&mackey->refcnt, &ref, mackey->lock);
return 1;
}
......@@ -113,7 +136,7 @@ static int mac_has(void *keydata, int selection)
MAC_KEY *key = keydata;
int ok = 0;
if (key != NULL) {
if (ossl_prov_is_running() && key != NULL) {
/*
* MAC keys always have all the parameters they need (i.e. none).
* Therefore we always return with 1, if asked about parameters.
......@@ -133,6 +156,9 @@ static int mac_match(const void *keydata1, const void *keydata2, int selection)
const MAC_KEY *key2 = keydata2;
int ok = 1;
if (!ossl_prov_is_running())
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
if ((key1->priv_key == NULL && key2->priv_key != NULL)
|| (key1->priv_key != NULL && key2->priv_key == NULL)
......@@ -201,7 +227,7 @@ static int mac_import(void *keydata, int selection, const OSSL_PARAM params[])
{
MAC_KEY *key = keydata;
if (key == NULL)
if (!ossl_prov_is_running() || key == NULL)
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0)
......@@ -247,7 +273,7 @@ static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
OSSL_PARAM *params = NULL;
int ret = 0;
if (key == NULL)
if (!ossl_prov_is_running() || key == NULL)
return 0;
tmpl = OSSL_PARAM_BLD_new();
......@@ -349,6 +375,9 @@ static void *mac_gen_init(void *provctx, int selection)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct mac_gen_ctx *gctx = NULL;
if (!ossl_prov_is_running())
return NULL;
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
gctx->libctx = libctx;
gctx->selection = selection;
......@@ -422,7 +451,7 @@ static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg)
struct mac_gen_ctx *gctx = genctx;
MAC_KEY *key;
if (gctx == NULL)
if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
if ((key = mac_key_new(gctx->libctx, 0)) == NULL) {
......@@ -511,3 +540,4 @@ const OSSL_DISPATCH cmac_legacy_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup },
{ 0, NULL }
};
providers/implementations/keymgmt/rsa_kmgmt.c
浏览文件 @ 422cbcee
......@@ -74,8 +74,12 @@ static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params,
static void *rsa_newdata(void *provctx)
{
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
RSA *rsa = rsa_new_with_ctx(libctx);
RSA *rsa;
if (!ossl_prov_is_running())
return NULL;
rsa = rsa_new_with_ctx(libctx);
if (rsa != NULL) {
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
......@@ -86,8 +90,12 @@ static void *rsa_newdata(void *provctx)
static void *rsapss_newdata(void *provctx)
{
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
RSA *rsa = rsa_new_with_ctx(libctx);
RSA *rsa;
if (!ossl_prov_is_running())
return NULL;
rsa = rsa_new_with_ctx(libctx);
if (rsa != NULL) {
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
......@@ -105,7 +113,7 @@ static int rsa_has(void *keydata, int selection)
RSA *rsa = keydata;
int ok = 0;
if (rsa != NULL) {
if (rsa != NULL && ossl_prov_is_running()) {
if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -128,6 +136,9 @@ static int rsa_match(const void *keydata1, const void *keydata2, int selection)
const RSA *rsa2 = keydata2;
int ok = 1;
if (!ossl_prov_is_running())
return 0;
/* There is always an |e| */
ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
......@@ -143,7 +154,7 @@ static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[])
int rsa_type;
int ok = 1;
if (rsa == NULL)
if (!ossl_prov_is_running() || rsa == NULL)
return 0;
if ((selection & RSA_POSSIBLE_SELECTIONS) == 0)
......@@ -171,7 +182,7 @@ static int rsa_export(void *keydata, int selection,
OSSL_PARAM *params = NULL;
int ok = 1;
if (rsa == NULL)
if (!ossl_prov_is_running() || rsa == NULL)
return 0;
/* TODO(3.0) OAEP should bring on parameters */
......@@ -351,6 +362,9 @@ static int rsa_validate(void *keydata, int selection)
RSA *rsa = keydata;
int ok = 0;
if (!ossl_prov_is_running())
return 0;
if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
......@@ -404,6 +418,9 @@ static void *gen_init(void *provctx, int selection, int rsa_type)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct rsa_gen_ctx *gctx = NULL;
if (!ossl_prov_is_running())
return NULL;
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
return NULL;
......@@ -507,7 +524,7 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
RSA *rsa = NULL, *rsa_tmp = NULL;
BN_GENCB *gencb = NULL;
if (gctx == NULL)
if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
switch (gctx->rsa_type) {
......@@ -581,7 +598,7 @@ void *rsa_load(const void *reference, size_t reference_sz)
{
RSA *rsa = NULL;
if (reference_sz == sizeof(rsa)) {
if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) {
/* The contents of the reference is the address to our object */
rsa = *(RSA **)reference;
/* We grabbed, so we detach it */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册