Cannot access provider context... when initializing provider context …

…with HMAC KATs Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
openssl · Apr 18, 2024 · a18a048 · a18a048
1 parent d4ab0a2
commit a18a048
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 10 deletions.
diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h
@@ -14,7 +14,7 @@ int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation);
 int ossl_ec_check_key(OSSL_LIB_CTX *ctx, const EC_KEY *ec, int protect);
 int ossl_dsa_check_key(OSSL_LIB_CTX *ctx, const DSA *dsa, int sign);
 int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh);
-int ossl_mac_check_key(OSSL_LIB_CTX *ctx, size_t min, size_t requested);
+int ossl_mac_check_key(size_t min, size_t requested);
 
 int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md);
 /* With security check enabled it can return -1 to indicate disallowed md */

diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
@@ -236,14 +236,13 @@ int ossl_dh_check_key(OSSL_LIB_CTX *ctx, const DH *dh)
  * Check for valid MAC key size
  *
  */
-int ossl_mac_check_key(OSSL_LIB_CTX *ctx, size_t min, size_t requested)
+int ossl_mac_check_key(size_t min, size_t requested)
 {
-# if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
-    if (ossl_securitycheck_enabled(ctx)) {
-        return (requested >= 112); /* 112 bits */
-    }
-# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
+#ifndef FIPS_MODULE
     return (requested >= min);
+#else
+    return (requested >= 112);
+# endif
 }
 
 int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,

diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
@@ -290,7 +290,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
             ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
             return 0;
         }
-        if (!ossl_mac_check_key(ctx->provctx, 0, ctx->ki_len * 8)) {
+        if (!ossl_mac_check_key(0, ctx->ki_len * 8)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
             return 0;
         }

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
@@ -147,7 +147,7 @@ static int hmac_setkey(struct hmac_data_st *macctx,
 {
     const EVP_MD *digest;
 
-    if (!ossl_mac_check_key(macctx->provctx, 0, keylen * 8)) {
+    if (!ossl_mac_check_key(0, keylen * 8)) {
         ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
         return 0;
     }

diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
@@ -252,7 +252,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
     const EVP_MD *digest = ossl_prov_digest_md(&kctx->digest);
     int w = EVP_MD_get_block_size(digest);
 
-    if (!ossl_mac_check_key(kctx->provctx, 32, keylen * 8) || keylen > KMAC_MAX_KEY) {
+    if (!ossl_mac_check_key(32, keylen * 8) || keylen > KMAC_MAX_KEY) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
         return 0;
     }