diff options
author | Pauli <paul.dale@oracle.com> | 2020-09-07 13:13:10 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-09-12 16:46:20 +1000 |
commit | 2b9e4e956b37ee49b29a73c7782f525ac8c58cc5 (patch) | |
tree | 31c29b78c8c07e474207bf72748385f3086f8191 /providers/implementations/kdfs/scrypt.c | |
parent | 5b104a81f088ae0da6b0d2d2c746237694ab0a2c (diff) |
kdf: add FIPS error state handling
Check for provider being disabled on new and derive.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12801)
Diffstat (limited to 'providers/implementations/kdfs/scrypt.c')
-rw-r--r-- | providers/implementations/kdfs/scrypt.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c index 76b0a58e1f..f412f1f8db 100644 --- a/providers/implementations/kdfs/scrypt.c +++ b/providers/implementations/kdfs/scrypt.c @@ -18,6 +18,7 @@ #include "internal/numbers.h" #include "prov/implementations.h" #include "prov/provider_ctx.h" +#include "prov/providercommon.h" #include "prov/providercommonerr.h" #include "prov/implementations.h" @@ -56,6 +57,9 @@ static void *kdf_scrypt_new(void *provctx) { KDF_SCRYPT *ctx; + if (!ossl_prov_is_running()) + return NULL; + ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); @@ -127,6 +131,9 @@ static int kdf_scrypt_derive(void *vctx, unsigned char *key, { KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx; + if (!ossl_prov_is_running()) + return 0; + if (ctx->pass == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_PASS); return 0; |