ciphers: add FIPS error state handling

The functions that check for the provider being runnable are: new, init, final
and dupctx.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)

1 files changed, 11 insertions, 4 deletions

diff --git a/providers/implementations/ciphers/cipher_chacha20.c b/providers/implementations/ciphers/cipher_chacha20.c
index 4e02ce9493..56bc1b95af 100644
--- a/providers/implementations/ciphers/cipher_chacha20.c
+++ b/providers/implementations/ciphers/cipher_chacha20.c
@@ -11,6 +11,7 @@
 
 #include "cipher_chacha20.h"
 #include "prov/implementations.h"
+#include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
 #define CHACHA20_KEYLEN (CHACHA_KEY_SIZE)
@@ -43,11 +44,15 @@ void chacha20_initctx(PROV_CHACHA20_CTX *ctx)
 
 static void *chacha20_newctx(void *provctx)
 {
-     PROV_CHACHA20_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+    PROV_CHACHA20_CTX *ctx;
 
-     if (ctx != NULL)
-         chacha20_initctx(ctx);
-     return ctx;
+    if (!ossl_prov_is_running())
+        return NULL;
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx != NULL)
+        chacha20_initctx(ctx);
+    return ctx;
 }
 
 static void chacha20_freectx(void *vctx)
@@ -141,6 +146,7 @@ int chacha20_einit(void *vctx, const unsigned char *key, size_t keylen,
 {
     int ret;
 
+    /* The generic function checks for ossl_prov_is_running() */
     ret= cipher_generic_einit(vctx, key, keylen, iv, ivlen);
     if (ret && iv != NULL) {
         PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
@@ -156,6 +162,7 @@ int chacha20_dinit(void *vctx, const unsigned char *key, size_t keylen,
 {
     int ret;
 
+    /* The generic function checks for ossl_prov_is_running() */
     ret= cipher_generic_dinit(vctx, key, keylen, iv, ivlen);
     if (ret && iv != NULL) {
         PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;