diff options
author | Pauli <paul.dale@oracle.com> | 2020-09-07 13:13:10 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-09-12 16:46:20 +1000 |
commit | 2b9e4e956b37ee49b29a73c7782f525ac8c58cc5 (patch) | |
tree | 31c29b78c8c07e474207bf72748385f3086f8191 /providers/implementations/kdfs/kbkdf.c | |
parent | 5b104a81f088ae0da6b0d2d2c746237694ab0a2c (diff) |
kdf: add FIPS error state handling
Check for provider being disabled on new and derive.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
Diffstat (limited to 'providers/implementations/kdfs/kbkdf.c')
-rw-r--r-- | providers/implementations/kdfs/kbkdf.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c index f3122ac1bd..c8b5cdf8c6 100644 --- a/providers/implementations/kdfs/kbkdf.c +++ b/providers/implementations/kdfs/kbkdf.c @@ -41,6 +41,7 @@ #include "prov/implementations.h" #include "prov/provider_ctx.h" #include "prov/provider_util.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "e_os.h" @@ -99,6 +100,9 @@ static void *kbkdf_new(void *provctx) { KBKDF *ctx; + if (!ossl_prov_is_running()) + return NULL; + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); @@ -192,6 +196,9 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen) uint32_t l = be32(keylen * 8); size_t h = 0; + if (!ossl_prov_is_running()) + return 0; + /* label, context, and iv are permitted to be empty. Check everything * else. */ if (ctx->ctx_init == NULL) { |