mac: add FIPS error state handling

Check for provider being runnable in new, dup, init and final calls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
2025-03-19 19:50:42 +08:00 · 2020-09-07 13:03:07 +10:00 · 2020-09-07 13:03:07 +10:00 · 5b104a81f0
commit 5b104a81f0
parent aef30ad0b6
7 changed files with 100 additions and 17 deletions
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@ -15,6 +15,7 @@
 #include "internal/cryptlib.h"
 #include "prov/providercommonerr.h"
 #include "prov/implementations.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -42,8 +43,12 @@ static size_t blake2_mac_size(void *vmacctx);

 static void *blake2_mac_new(void *unused_provctx)
 {
-    struct blake2_mac_data_st *macctx = OPENSSL_zalloc(sizeof(*macctx));
+    struct blake2_mac_data_st *macctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+
+    macctx = OPENSSL_zalloc(sizeof(*macctx));
    if (macctx != NULL) {
        BLAKE2_PARAM_INIT(&macctx->params);
        /* ctx initialization is deferred to BLAKE2b_Init() */
@ -56,6 +61,9 @@ static void *blake2_mac_dup(void *vsrc)
    struct blake2_mac_data_st *dst;
    struct blake2_mac_data_st *src = vsrc;

+    if (!ossl_prov_is_running())
+        return NULL;
+
    dst = OPENSSL_zalloc(sizeof(*dst));
    if (dst == NULL)
        return NULL;
@ -78,6 +86,9 @@ static int blake2_mac_init(void *vmacctx)
 {
    struct blake2_mac_data_st *macctx = vmacctx;

+    if (!ossl_prov_is_running())
+        return 0;
+
    /* Check key has been set */
    if (macctx->params.key_length == 0) {
        ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
@ -104,6 +115,9 @@ static int blake2_mac_final(void *vmacctx,
 {
    struct blake2_mac_data_st *macctx = vmacctx;

+    if (!ossl_prov_is_running())
+        return 0;
+
    *outl = blake2_mac_size(macctx);
    return BLAKE2_FINAL(out, &macctx->ctx);
 }
--- a/providers/implementations/macs/cmac_prov.c
+++ b/providers/implementations/macs/cmac_prov.c
@ -23,6 +23,7 @@
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -52,6 +53,9 @@ static void *cmac_new(void *provctx)
 {
    struct cmac_data_st *macctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+
    if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL
        || (macctx->ctx = CMAC_CTX_new()) == NULL) {
        OPENSSL_free(macctx);
@ -77,8 +81,12 @@ static void cmac_free(void *vmacctx)
 static void *cmac_dup(void *vsrc)
 {
    struct cmac_data_st *src = vsrc;
-    struct cmac_data_st *dst = cmac_new(src->provctx);
+    struct cmac_data_st *dst;

+    if (!ossl_prov_is_running())
+        return NULL;
+
+    dst = cmac_new(src->provctx);
    if (!CMAC_CTX_copy(dst->ctx, src->ctx)
        || !ossl_prov_cipher_copy(&dst->cipher, &src->cipher)) {
        cmac_free(dst);
@ -97,9 +105,14 @@ static size_t cmac_size(void *vmacctx)
 static int cmac_init(void *vmacctx)
 {
    struct cmac_data_st *macctx = vmacctx;
-    int rv = CMAC_Init(macctx->ctx, NULL, 0,
-                       ossl_prov_cipher_cipher(&macctx->cipher),
-                       ossl_prov_cipher_engine(&macctx->cipher));
+    int rv;
+
+    if (!ossl_prov_is_running())
+        return 0;
+
+    rv = CMAC_Init(macctx->ctx, NULL, 0,
+                   ossl_prov_cipher_cipher(&macctx->cipher),
+                   ossl_prov_cipher_engine(&macctx->cipher));

    ossl_prov_cipher_reset(&macctx->cipher);
    return rv;
@ -118,6 +131,9 @@ static int cmac_final(void *vmacctx, unsigned char *out, size_t *outl,
 {
    struct cmac_data_st *macctx = vmacctx;

+    if (!ossl_prov_is_running())
+        return 0;
+
    return CMAC_Final(macctx->ctx, out, outl);
 }

--- a/providers/implementations/macs/gmac_prov.c
+++ b/providers/implementations/macs/gmac_prov.c
@ -19,6 +19,7 @@
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -61,6 +62,9 @@ static void *gmac_new(void *provctx)
 {
    struct gmac_data_st *macctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+
    if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL
        || (macctx->ctx = EVP_CIPHER_CTX_new()) == NULL) {
        gmac_free(macctx);
@ -74,8 +78,12 @@ static void *gmac_new(void *provctx)
 static void *gmac_dup(void *vsrc)
 {
    struct gmac_data_st *src = vsrc;
-    struct gmac_data_st *dst = gmac_new(src->provctx);
+    struct gmac_data_st *dst;

+    if (!ossl_prov_is_running())
+        return NULL;
+
+    dst = gmac_new(src->provctx);
    if (dst == NULL)
        return NULL;

@ -89,7 +97,7 @@ static void *gmac_dup(void *vsrc)

 static int gmac_init(void *vmacctx)
 {
-    return 1;
+    return ossl_prov_is_running();
 }

 static int gmac_update(void *vmacctx, const unsigned char *data,
@ -117,6 +125,9 @@ static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl,
    struct gmac_data_st *macctx = vmacctx;
    int hlen = 0;

+    if (!ossl_prov_is_running())
+        return 0;
+
    if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen))
        return 0;

--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@ -25,6 +25,7 @@
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -76,6 +77,9 @@ static void *hmac_new(void *provctx)
 {
    struct hmac_data_st *macctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+
    if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL
        || (macctx->ctx = HMAC_CTX_new()) == NULL) {
        OPENSSL_free(macctx);
@ -102,9 +106,12 @@ static void hmac_free(void *vmacctx)
 static void *hmac_dup(void *vsrc)
 {
    struct hmac_data_st *src = vsrc;
-    struct hmac_data_st *dst = hmac_new(src->provctx);
+    struct hmac_data_st *dst;
    HMAC_CTX *ctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+    dst = hmac_new(src->provctx);
    if (dst == NULL)
        return NULL;

@ -140,9 +147,13 @@ static size_t hmac_size(void *vmacctx)
 static int hmac_init(void *vmacctx)
 {
    struct hmac_data_st *macctx = vmacctx;
-    const EVP_MD *digest = ossl_prov_digest_md(&macctx->digest);
+    const EVP_MD *digest;
    int rv = 1;

+    if (!ossl_prov_is_running())
+        return 0;
+
+    digest = ossl_prov_digest_md(&macctx->digest);
    /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */
    if (macctx->tls_data_size == 0 && digest != NULL)
        rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest,
@ -191,6 +202,8 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
    unsigned int hlen;
    struct hmac_data_st *macctx = vmacctx;

+    if (!ossl_prov_is_running())
+        return 0;
    if (macctx->tls_data_size > 0) {
        if (macctx->tls_mac_out_size == 0)
            return 0;
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@ -58,6 +58,7 @@
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -158,6 +159,9 @@ static struct kmac_data_st *kmac_new(void *provctx)
 {
    struct kmac_data_st *kctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+
    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL
            || (kctx->ctx = EVP_MD_CTX_new()) == NULL) {
        kmac_free(kctx);
@ -206,8 +210,12 @@ static void *kmac256_new(void *provctx)
 static void *kmac_dup(void *vsrc)
 {
    struct kmac_data_st *src = vsrc;
-    struct kmac_data_st *dst = kmac_new(src->provctx);
+    struct kmac_data_st *dst;

+    if (!ossl_prov_is_running())
+        return NULL;
+
+    dst = kmac_new(src->provctx);
    if (dst == NULL)
        return NULL;

@ -239,6 +247,8 @@ static int kmac_init(void *vmacctx)
    unsigned char out[KMAC_MAX_BLOCKSIZE];
    int out_len, block_len;

+    if (!ossl_prov_is_running())
+        return 0;

    /* Check key has been set */
    if (kctx->key_len == 0) {
@ -292,6 +302,9 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
    unsigned char encoded_outlen[KMAC_MAX_ENCODED_HEADER_LEN];
    int ok;

+    if (!ossl_prov_is_running())
+        return 0;
+
    /* KMAC XOF mode sets the encoded length to 0 */
    lbits = (kctx->xof_mode ? 0 : (kctx->out_len * 8));

--- a/providers/implementations/macs/poly1305_prov.c
+++ b/providers/implementations/macs/poly1305_prov.c
@ -17,6 +17,7 @@

 #include "prov/providercommonerr.h"
 #include "prov/implementations.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -43,8 +44,11 @@ static size_t poly1305_size(void);

 static void *poly1305_new(void *provctx)
 {
-    struct poly1305_data_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
+    struct poly1305_data_st *ctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
    if (ctx != NULL)
        ctx->provctx = provctx;
    return ctx;
@ -58,8 +62,11 @@ static void poly1305_free(void *vmacctx)
 static void *poly1305_dup(void *vsrc)
 {
    struct poly1305_data_st *src = vsrc;
-    struct poly1305_data_st *dst = poly1305_new(src->provctx);
+    struct poly1305_data_st *dst;

+    if (!ossl_prov_is_running())
+        return NULL;
+    dst = poly1305_new(src->provctx);
    if (dst == NULL)
        return NULL;

@ -75,7 +82,7 @@ static size_t poly1305_size(void)
 static int poly1305_init(void *vmacctx)
 {
    /* initialize the context in MAC_ctrl function */
-    return 1;
+    return ossl_prov_is_running();
 }

 static int poly1305_update(void *vmacctx, const unsigned char *data,
@ -96,6 +103,8 @@ static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl,
 {
    struct poly1305_data_st *ctx = vmacctx;

+    if (!ossl_prov_is_running())
+        return 0;
    Poly1305_Final(&ctx->poly1305, out);
    *outl = poly1305_size();
    return 1;
--- a/providers/implementations/macs/siphash_prov.c
+++ b/providers/implementations/macs/siphash_prov.c
@ -24,6 +24,7 @@

 #include "prov/providercommonerr.h"
 #include "prov/implementations.h"
+#include "prov/providercommon.h"

 /*
 * Forward declaration of everything implemented here.  This is not strictly
@ -49,8 +50,11 @@ struct siphash_data_st {

 static void *siphash_new(void *provctx)
 {
-    struct siphash_data_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
+    struct siphash_data_st *ctx;

+    if (!ossl_prov_is_running())
+        return NULL;
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
    if (ctx != NULL)
        ctx->provctx = provctx;
    return ctx;
@ -64,8 +68,11 @@ static void siphash_free(void *vmacctx)
 static void *siphash_dup(void *vsrc)
 {
    struct siphash_data_st *ssrc = vsrc;
-    struct siphash_data_st *sdst = siphash_new(ssrc->provctx);
+    struct siphash_data_st *sdst;

+    if (!ossl_prov_is_running())
+        return NULL;
+    sdst = siphash_new(ssrc->provctx);
    if (sdst == NULL)
        return NULL;

@ -83,7 +90,7 @@ static size_t siphash_size(void *vmacctx)
 static int siphash_init(void *vmacctx)
 {
    /* Not much to do here, actual initialization happens through controls */
-    return 1;
+    return ossl_prov_is_running();
 }

 static int siphash_update(void *vmacctx, const unsigned char *data,
@ -104,7 +111,7 @@ static int siphash_final(void *vmacctx, unsigned char *out, size_t *outl,
    struct siphash_data_st *ctx = vmacctx;
    size_t hlen = siphash_size(ctx);

-    if (outsize < hlen)
+    if (!ossl_prov_is_running() || outsize < hlen)
        return 0;

    *outl = hlen;