c262cc0c04
After rudimentary analysis, it appears the below functions can potentially produce output, whilst the provider is in error state. These functions were detected using this method: ``` CFLAGS='-save-temps' ./Configure enable-fips --debug make -j10 find . -name '*.i' | xargs git add -f git grep --cached -p ossl_prov_is_running | grep libfips-lib > ossl_prov_is_running.txt git grep --cached -p 'return' | grep libfips-lib > return.txt grep '\.i=' return.txt > func-with_return.txt grep '\.i=' ossl_prov_is_running.txt > func-with-ossl_prov_is_running.txt grep --fixed-strings --line-regexp --file=func-with-ossl_prov_is_running.txt return.txt > func-without-ossl_prov_is_running.txt grep -e newctx -e initctx -e dupctx func-without-ossl_prov_is_running.txt | grep -v ossl_prov_is_running ``` And from there doing manual inspection, as the list was short at that point. As in compile with keeping pre-processed source code; and use `git grep --cached -p` to find these preprocessed files, and scan for calls to return or opssl_prov_is_running, with function name printed. And then exclude one from the other, to hopefully get a list of all the functions that do not check for ossl_prov_is_running. As number of functions without "func-without-ossl_prov_is_running" check is large, I do wonder which other functions are "interesting" to check for. I think I'm not scanning for _update functions correctly. Any tips on improving above analysis will help with maintaining such checks going forward. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25580)
72 lines
2 KiB
C
72 lines
2 KiB
C
/*
|
|
* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
/*
|
|
* AES low level APIs are deprecated for public use, but still ok for internal
|
|
* use where we're using them to implement the higher level EVP interface, as is
|
|
* the case here.
|
|
*/
|
|
#include "internal/deprecated.h"
|
|
|
|
/* Dispatch functions for AES CCM mode */
|
|
|
|
#include "cipher_aes_ccm.h"
|
|
#include "prov/implementations.h"
|
|
#include "prov/providercommon.h"
|
|
|
|
static void *aes_ccm_newctx(void *provctx, size_t keybits)
|
|
{
|
|
PROV_AES_CCM_CTX *ctx;
|
|
|
|
if (!ossl_prov_is_running())
|
|
return NULL;
|
|
|
|
ctx = OPENSSL_zalloc(sizeof(*ctx));
|
|
if (ctx != NULL)
|
|
ossl_ccm_initctx(&ctx->base, keybits, ossl_prov_aes_hw_ccm(keybits));
|
|
return ctx;
|
|
}
|
|
|
|
static void *aes_ccm_dupctx(void *provctx)
|
|
{
|
|
PROV_AES_CCM_CTX *ctx = provctx;
|
|
PROV_AES_CCM_CTX *dupctx = NULL;
|
|
|
|
if (!ossl_prov_is_running())
|
|
return NULL;
|
|
|
|
if (ctx == NULL)
|
|
return NULL;
|
|
dupctx = OPENSSL_memdup(provctx, sizeof(*ctx));
|
|
if (dupctx == NULL)
|
|
return NULL;
|
|
/*
|
|
* ossl_cm_initctx, via the ossl_prov_aes_hw_ccm functions assign a
|
|
* provctx->ccm.ks.ks to the ccm context key so we need to point it to
|
|
* the memduped copy
|
|
*/
|
|
dupctx->base.ccm_ctx.key = &dupctx->ccm.ks.ks;
|
|
|
|
return dupctx;
|
|
}
|
|
|
|
static OSSL_FUNC_cipher_freectx_fn aes_ccm_freectx;
|
|
static void aes_ccm_freectx(void *vctx)
|
|
{
|
|
PROV_AES_CCM_CTX *ctx = (PROV_AES_CCM_CTX *)vctx;
|
|
|
|
OPENSSL_clear_free(ctx, sizeof(*ctx));
|
|
}
|
|
|
|
/* ossl_aes128ccm_functions */
|
|
IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 128, 8, 96);
|
|
/* ossl_aes192ccm_functions */
|
|
IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 192, 8, 96);
|
|
/* ossl_aes256ccm_functions */
|
|
IMPLEMENT_aead_cipher(aes, ccm, CCM, AEAD_FLAGS, 256, 8, 96);
|