{
DH *dh = NULL;
- dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
- if (dh != NULL) {
- DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
- DH_set_flags(dh, DH_FLAG_TYPE_DH);
+ if (ossl_prov_is_running()) {
+ dh = dh_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx));
+ if (dh != NULL) {
+ DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
+ DH_set_flags(dh, DH_FLAG_TYPE_DH);
+ }
}
return dh;
}
DH *dh = keydata;
int ok = 0;
- if (dh != NULL) {
+ if (ossl_prov_is_running() && dh != NULL) {
if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
ok = 1;
const DH *dh2 = keydata2;
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
DH *dh = keydata;
int ok = 1;
- if (dh == NULL)
+ if (!ossl_prov_is_running() || dh == NULL)
return 0;
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
OSSL_PARAM *params = NULL;
int ok = 1;
- if (dh == NULL)
+ if (!ossl_prov_is_running() || dh == NULL)
return 0;
tmpl = OSSL_PARAM_BLD_new();
DH *dh = keydata;
int ok = 0;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
ok = 1;
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct dh_gen_ctx *gctx = NULL;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
return NULL;
struct dh_gen_ctx *gctx = genctx;
DH *dh = templ;
- if (gctx == NULL || dh == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL || dh == NULL)
return 0;
gctx->ffc_params = dh_get0_params(dh);
return 1;
BN_GENCB *gencb = NULL;
FFC_PARAMS *ffc;
- if (gctx == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
/* For parameter generation - If there is a group name just create it */
{
DH *dh = NULL;
- if (reference_sz == sizeof(dh)) {
+ if (ossl_prov_is_running() && reference_sz == sizeof(dh)) {
/* The contents of the reference is the address to our object */
dh = *(DH **)reference;
/* We grabbed, so we detach it */
static void *dsa_newdata(void *provctx)
{
+ if (!ossl_prov_is_running())
+ return NULL;
return dsa_new_with_ctx(PROV_LIBRARY_CONTEXT_OF(provctx));
}
DSA *dsa = keydata;
int ok = 0;
- if (dsa != NULL) {
+ if (ossl_prov_is_running() && dsa != NULL) {
if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
const DSA *dsa2 = keydata2;
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok
&& BN_cmp(DSA_get0_pub_key(dsa1), DSA_get0_pub_key(dsa2)) == 0;
DSA *dsa = keydata;
int ok = 1;
- if (dsa == NULL)
+ if (!ossl_prov_is_running() || dsa == NULL)
return 0;
if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
OSSL_PARAM *params = NULL;
int ok = 1;
- if (dsa == NULL)
+ if (!ossl_prov_is_running() || dsa == NULL)
goto err;
if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
DSA *dsa = keydata;
int ok = 0;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct dsa_gen_ctx *gctx = NULL;
- if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
+ if (!ossl_prov_is_running() || (selection & DSA_POSSIBLE_SELECTIONS) == 0)
return NULL;
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
struct dsa_gen_ctx *gctx = genctx;
DSA *dsa = templ;
- if (gctx == NULL || dsa == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL)
return 0;
gctx->ffc_params = dsa_get0_params(dsa);
return 1;
int ret = 0;
FFC_PARAMS *ffc;
- if (gctx == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
dsa = dsa_new_with_ctx(gctx->libctx);
if (dsa == NULL)
{
DSA *dsa = NULL;
- if (reference_sz == sizeof(dsa)) {
+ if (ossl_prov_is_running() && reference_sz == sizeof(dsa)) {
/* The contents of the reference is the address to our object */
dsa = *(DSA **)reference;
/* We grabbed, so we detach it */
static
void *ec_newdata(void *provctx)
{
+ if (!ossl_prov_is_running())
+ return NULL;
return EC_KEY_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx), NULL);
}
EC_KEY *ec = keydata;
int ok = 0;
- if (ec != NULL) {
+ if (ossl_prov_is_running() && ec != NULL) {
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
ok = 1;
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(ec1));
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && group_a != NULL && group_b != NULL
&& EC_GROUP_cmp(group_a, group_b, ctx) == 0;
EC_KEY *ec = keydata;
int ok = 1;
- if (ec == NULL)
+ if (!ossl_prov_is_running() || ec == NULL)
return 0;
/*
BN_CTX *bnctx = NULL;
int ok = 1;
- if (ec == NULL)
+ if (!ossl_prov_is_running() || ec == NULL)
return 0;
/*
int ok = 0;
BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
- if (ctx == NULL)
+ if (!ossl_prov_is_running() || ctx == NULL)
return 0;
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct ec_gen_ctx *gctx = NULL;
- if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0)
+ if (!ossl_prov_is_running() || (selection & (EC_POSSIBLE_SELECTIONS)) == 0)
return NULL;
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
EC_KEY *ec = templ;
const EC_GROUP *ec_group;
- if (gctx == NULL || ec == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL || ec == NULL)
return 0;
if ((ec_group = EC_KEY_get0_group(ec)) == NULL)
return 0;
EC_KEY *ec = NULL;
int ret = 0;
- if (gctx == NULL
+ if (!ossl_prov_is_running()
+ || gctx == NULL
|| (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL)
return NULL;
{
EC_KEY *ec = NULL;
- if (reference_sz == sizeof(ec)) {
+ if (ossl_prov_is_running() && reference_sz == sizeof(ec)) {
/* The contents of the reference is the address to our object */
ec = *(EC_KEY **)reference;
/* We grabbed, so we detach it */
static void *x25519_new_key(void *provctx)
{
+ if (!ossl_prov_is_running())
+ return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X25519, 0);
}
static void *x448_new_key(void *provctx)
{
+ if (!ossl_prov_is_running())
+ return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X448, 0);
}
static void *ed25519_new_key(void *provctx)
{
+ if (!ossl_prov_is_running())
+ return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED25519, 0);
}
static void *ed448_new_key(void *provctx)
{
+ if (!ossl_prov_is_running())
+ return 0;
return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED448, 0);
}
ECX_KEY *key = keydata;
int ok = 0;
- if (key != NULL) {
+ if (ossl_prov_is_running() && key != NULL) {
/*
* ECX keys always have all the parameters they need (i.e. none).
* Therefore we always return with 1, if asked about parameters.
const ECX_KEY *key2 = keydata2;
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && key1->type == key2->type;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
int ok = 1;
int include_private = 0;
- if (key == NULL)
+ if (!ossl_prov_is_running() || key == NULL)
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
OSSL_PARAM *params = NULL;
int ret = 0;
- if (key == NULL)
+ if (!ossl_prov_is_running() || key == NULL)
return 0;
tmpl = OSSL_PARAM_BLD_new();
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct ecx_gen_ctx *gctx = NULL;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((gctx = OPENSSL_malloc(sizeof(*gctx))) != NULL) {
gctx->libctx = libctx;
gctx->type = type;
{
struct ecx_gen_ctx *gctx = genctx;
+ if (!ossl_prov_is_running())
+ return 0;
+
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519))
return s390x_ecx_keygen25519(gctx);
{
struct ecx_gen_ctx *gctx = genctx;
+ if (!ossl_prov_is_running())
+ return 0;
+
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448))
return s390x_ecx_keygen448(gctx);
static void *ed25519_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
struct ecx_gen_ctx *gctx = genctx;
+
+ if (!ossl_prov_is_running())
+ return 0;
+
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519)
&& OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519)
{
struct ecx_gen_ctx *gctx = genctx;
+ if (!ossl_prov_is_running())
+ return 0;
+
#ifdef S390X_EC_ASM
if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448)
&& OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448)
{
ECX_KEY *key = NULL;
- if (reference_sz == sizeof(key)) {
+ if (ossl_prov_is_running() && reference_sz == sizeof(key)) {
/* The contents of the reference is the address to our object */
key = *(ECX_KEY **)reference;
/* We grabbed, so we detach it */
KDF_DATA *kdf_data_new(void *provctx)
{
- KDF_DATA *kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
+ KDF_DATA *kdfdata;
+ if (!ossl_prov_is_running())
+ return NULL;
+
+ kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
if (kdfdata == NULL)
return NULL;
{
int ref = 0;
+ /* This is effectively doing a new operation on the KDF_DATA and should be
+ * adequately guarded again modules' error states. However, both current
+ * calls here are guarded propery in exchange/kdf_exch.c. Thus, it
+ * could be removed here. The concern is that something in the future
+ * might call this function without adequate guards. It's a cheap call,
+ * it seems best to leave it even though it is currently redundant.
+ */
+ if (!ossl_prov_is_running())
+ return 0;
+
CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
return 1;
}
static OSSL_FUNC_keymgmt_gen_init_fn mac_gen_init;
static OSSL_FUNC_keymgmt_gen_fn mac_gen;
static OSSL_FUNC_keymgmt_gen_cleanup_fn mac_gen_cleanup;
+static OSSL_FUNC_keymgmt_gen_set_params_fn mac_gen_set_params;
+static OSSL_FUNC_keymgmt_gen_settable_params_fn mac_gen_settable_params;
static OSSL_FUNC_keymgmt_get_params_fn mac_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn mac_gettable_params;
static OSSL_FUNC_keymgmt_set_params_fn mac_set_params;
static OSSL_FUNC_keymgmt_export_fn mac_export;
static OSSL_FUNC_keymgmt_export_types_fn mac_imexport_types;
+static OSSL_FUNC_keymgmt_new_fn mac_new_cmac;
+static OSSL_FUNC_keymgmt_gettable_params_fn cmac_gettable_params;
+static OSSL_FUNC_keymgmt_import_types_fn cmac_imexport_types;
+static OSSL_FUNC_keymgmt_export_types_fn cmac_imexport_types;
+static OSSL_FUNC_keymgmt_gen_set_params_fn cmac_gen_set_params;
+static OSSL_FUNC_keymgmt_gen_settable_params_fn cmac_gen_settable_params;
+
struct mac_gen_ctx {
OPENSSL_CTX *libctx;
int selection;
MAC_KEY *mac_key_new(OPENSSL_CTX *libctx, int cmac)
{
- MAC_KEY *mackey = OPENSSL_zalloc(sizeof(*mackey));
+ MAC_KEY *mackey;
+
+ if (!ossl_prov_is_running())
+ return NULL;
+ mackey = OPENSSL_zalloc(sizeof(*mackey));
if (mackey == NULL)
return NULL;
{
int ref = 0;
+ /* This is effectively doing a new operation on the MAC_KEY and should be
+ * adequately guarded again modules' error states. However, both current
+ * calls here are guarded propery in signature/mac_legacy.c. Thus, it
+ * could be removed here. The concern is that something in the future
+ * might call this function without adequate guards. It's a cheap call,
+ * it seems best to leave it even though it is currently redundant.
+ */
+ if (!ossl_prov_is_running())
+ return 0;
+
CRYPTO_UP_REF(&mackey->refcnt, &ref, mackey->lock);
return 1;
}
MAC_KEY *key = keydata;
int ok = 0;
- if (key != NULL) {
+ if (ossl_prov_is_running() && key != NULL) {
/*
* MAC keys always have all the parameters they need (i.e. none).
* Therefore we always return with 1, if asked about parameters.
const MAC_KEY *key2 = keydata2;
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
if ((key1->priv_key == NULL && key2->priv_key != NULL)
|| (key1->priv_key != NULL && key2->priv_key == NULL)
{
MAC_KEY *key = keydata;
- if (key == NULL)
+ if (!ossl_prov_is_running() || key == NULL)
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0)
OSSL_PARAM *params = NULL;
int ret = 0;
- if (key == NULL)
+ if (!ossl_prov_is_running() || key == NULL)
return 0;
tmpl = OSSL_PARAM_BLD_new();
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct mac_gen_ctx *gctx = NULL;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
gctx->libctx = libctx;
gctx->selection = selection;
struct mac_gen_ctx *gctx = genctx;
MAC_KEY *key;
- if (gctx == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
if ((key = mac_key_new(gctx->libctx, 0)) == NULL) {
{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup },
{ 0, NULL }
};
+
static void *rsa_newdata(void *provctx)
{
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
- RSA *rsa = rsa_new_with_ctx(libctx);
+ RSA *rsa;
+ if (!ossl_prov_is_running())
+ return NULL;
+
+ rsa = rsa_new_with_ctx(libctx);
if (rsa != NULL) {
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
static void *rsapss_newdata(void *provctx)
{
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
- RSA *rsa = rsa_new_with_ctx(libctx);
+ RSA *rsa;
+
+ if (!ossl_prov_is_running())
+ return NULL;
+ rsa = rsa_new_with_ctx(libctx);
if (rsa != NULL) {
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
RSA *rsa = keydata;
int ok = 0;
- if (rsa != NULL) {
+ if (rsa != NULL && ossl_prov_is_running()) {
if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
const RSA *rsa2 = keydata2;
int ok = 1;
+ if (!ossl_prov_is_running())
+ return 0;
+
/* There is always an |e| */
ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
int rsa_type;
int ok = 1;
- if (rsa == NULL)
+ if (!ossl_prov_is_running() || rsa == NULL)
return 0;
if ((selection & RSA_POSSIBLE_SELECTIONS) == 0)
OSSL_PARAM *params = NULL;
int ok = 1;
- if (rsa == NULL)
+ if (!ossl_prov_is_running() || rsa == NULL)
return 0;
/* TODO(3.0) OAEP should bring on parameters */
RSA *rsa = keydata;
int ok = 0;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
ok = 1;
OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
struct rsa_gen_ctx *gctx = NULL;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
return NULL;
RSA *rsa = NULL, *rsa_tmp = NULL;
BN_GENCB *gencb = NULL;
- if (gctx == NULL)
+ if (!ossl_prov_is_running() || gctx == NULL)
return NULL;
switch (gctx->rsa_type) {
{
RSA *rsa = NULL;
- if (reference_sz == sizeof(rsa)) {
+ if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) {
/* The contents of the reference is the address to our object */
rsa = *(RSA **)reference;
/* We grabbed, so we detach it */