Check for provider being disabled on new and derive.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
#include "internal/numbers.h"
#include "crypto/evp.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
{
KDF_HKDF *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
else
static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen)
{
KDF_HKDF *ctx = (KDF_HKDF *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
+
+ if (!ossl_prov_is_running())
+ return 0;
+ md = ossl_prov_digest_md(&ctx->digest);
if (md == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
return 0;
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/provider_util.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "e_os.h"
{
KBKDF *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
uint32_t l = be32(keylen * 8);
size_t h = 0;
+ if (!ossl_prov_is_running())
+ return 0;
+
/* label, context, and iv are permitted to be empty. Check everything
* else. */
if (ctx->ctx_init == NULL) {
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/provider_util.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
/* KRB5 KDF defined in RFC 3961, Section 5.1 */
{
KRB5KDF_CTX *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ctx->provctx = provctx;
size_t keylen)
{
KRB5KDF_CTX *ctx = (KRB5KDF_CTX *)vctx;
- const EVP_CIPHER *cipher = ossl_prov_cipher_cipher(&ctx->cipher);
- ENGINE *engine = ossl_prov_cipher_engine(&ctx->cipher);
+ const EVP_CIPHER *cipher;
+ ENGINE *engine;
+ if (!ossl_prov_is_running())
+ return 0;
+
+ cipher = ossl_prov_cipher_cipher(&ctx->cipher);
if (cipher == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER);
return 0;
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONSTANT);
return 0;
}
+ engine = ossl_prov_cipher_engine(&ctx->cipher);
return KRB5KDF(cipher, engine, ctx->key, ctx->key_len,
ctx->constant, ctx->constant_len,
key, keylen);
#include "internal/numbers.h"
#include "crypto/evp.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
{
KDF_PBKDF2 *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
size_t keylen)
{
KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
+
+ if (!ossl_prov_is_running())
+ return 0;
if (ctx->pass == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS);
return 0;
}
+ md = ossl_prov_digest_md(&ctx->digest);
return pbkdf2_derive((char *)ctx->pass, ctx->pass_len,
ctx->salt, ctx->salt_len, ctx->iter,
md, key, keylen, ctx->lower_bound_checks);
#include "internal/numbers.h"
#include "crypto/evp.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
{
KDF_PKCS12 *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
size_t keylen)
{
KDF_PKCS12 *ctx = (KDF_PKCS12 *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
+
+ if (!ossl_prov_is_running())
+ return 0;
if (ctx->pass == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS);
return 0;
}
+ md = ossl_prov_digest_md(&ctx->digest);
return pkcs12kdf_derive(ctx->pass, ctx->pass_len, ctx->salt, ctx->salt_len,
ctx->id, ctx->iter, md, key, keylen);
}
#include "internal/numbers.h"
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
{
KDF_SCRYPT *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
{
KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx;
+ if (!ossl_prov_is_running())
+ return 0;
+
if (ctx->pass == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS);
return 0;
#include "internal/numbers.h"
#include "crypto/evp.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
-# include "prov/provider_util.h"
+#include "prov/provider_util.h"
/* See RFC 4253, Section 7.2 */
static OSSL_FUNC_kdf_newctx_fn kdf_sshkdf_new;
{
KDF_SSHKDF *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ctx->provctx = provctx;
size_t keylen)
{
KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
+
+ if (!ossl_prov_is_running())
+ return 0;
+ md = ossl_prov_digest_md(&ctx->digest);
if (md == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
return 0;
#include "internal/numbers.h"
#include "crypto/evp.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
{
KDF_SSKDF *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ctx->provctx = provctx;
static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen)
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
+ if (!ossl_prov_is_running())
+ return 0;
if (ctx->secret == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET);
return 0;
}
+ md = ossl_prov_digest_md(&ctx->digest);
if (ctx->macctx != NULL) {
/* H(x) = KMAC or H(x) = HMAC */
static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen)
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
+
+ if (!ossl_prov_is_running())
+ return 0;
if (ctx->secret == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET);
}
/* H(x) = hash */
+ md = ossl_prov_digest_md(&ctx->digest);
if (md == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
return 0;
#include "internal/numbers.h"
#include "crypto/evp.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
{
TLS1_PRF *ctx;
+ if (!ossl_prov_is_running())
+ return NULL;
+
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ctx->provctx = provctx;
{
TLS1_PRF *ctx = (TLS1_PRF *)vctx;
+ if (!ossl_prov_is_running())
+ return 0;
+
if (ctx->P_hash == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
return 0;
#include "internal/packet.h"
#include "internal/der.h"
#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
#include "prov/providercommonerr.h"
#include "prov/implementations.h"
#include "prov/provider_util.h"
{
KDF_X942 *ctx;
+ if (!ossl_prov_is_running())
+ return 0;
+
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ctx->provctx = provctx;
static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen)
{
KDF_X942 *ctx = (KDF_X942 *)vctx;
- const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
+ const EVP_MD *md;
int ret = 0;
unsigned char *ctr;
unsigned char *der = NULL;
size_t der_len = 0;
+ if (!ossl_prov_is_running())
+ return 0;
+
if (ctx->secret == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET);
return 0;
}
+ md = ossl_prov_digest_md(&ctx->digest);
if (md == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
return 0;