kdf: add FIPS error state handling

Check for provider being disabled on new and derive. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12801)
author: Pauli <paul.dale@oracle.com> 2020-09-07 13:13:10 +1000
committer: Pauli <paul.dale@oracle.com> 2020-09-12 16:46:20 +1000
commit: 2b9e4e956b37ee49b29a73c7782f525ac8c58cc5 (patch)
tree: 31c29b78c8c07e474207bf72748385f3086f8191 /providers/implementations/kdfs/kbkdf.c
parent: 5b104a81f088ae0da6b0d2d2c746237694ab0a2c (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index f3122ac1bd..c8b5cdf8c6 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -41,6 +41,7 @@
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
+#include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 
 #include "e_os.h"
@@ -99,6 +100,9 @@ static void *kbkdf_new(void *provctx)
 {
     KBKDF *ctx;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
     ctx = OPENSSL_zalloc(sizeof(*ctx));
     if (ctx == NULL) {
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
@@ -192,6 +196,9 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen)
     uint32_t l = be32(keylen * 8);
     size_t h = 0;
 
+    if (!ossl_prov_is_running())
+        return 0;
+
     /* label, context, and iv are permitted to be empty.  Check everything
      * else. */
     if (ctx->ctx_init == NULL) {
author	Pauli <paul.dale@oracle.com>	2020-09-07 13:13:10 +1000
committer	Pauli <paul.dale@oracle.com>	2020-09-12 16:46:20 +1000
commit	2b9e4e956b37ee49b29a73c7782f525ac8c58cc5 (patch)
tree	31c29b78c8c07e474207bf72748385f3086f8191 /providers/implementations/kdfs/kbkdf.c
parent	5b104a81f088ae0da6b0d2d2c746237694ab0a2c (diff)