exchange: add FIPS error state handling

[openssl.git] / providers / implementations / exchange / kdf_exch.c

diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c
index 80164e10c60a068f570adfea2b0fa467408fa3e5..4d549e832db1b11ba5048f3bde4644adc961bf82 100644 (file)
--- a/providers/implementations/exchange/kdf_exch.c
+++ b/providers/implementations/exchange/kdf_exch.c
@@ -15,6 +15,7 @@
 #include "prov/implementations.h"
 #include "prov/provider_ctx.h"
 #include "prov/kdfexchange.h"
+#include "prov/providercommon.h"
 
 static OSSL_FUNC_keyexch_newctx_fn kdf_tls1_prf_newctx;
 static OSSL_FUNC_keyexch_newctx_fn kdf_hkdf_newctx;
@@ -36,9 +37,13 @@ typedef struct {
 
 static void *kdf_newctx(const char *kdfname, void *provctx)
 {
-    PROV_KDF_CTX *kdfctx = OPENSSL_zalloc(sizeof(PROV_KDF_CTX));
+    PROV_KDF_CTX *kdfctx;
     EVP_KDF *kdf = NULL;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
+    kdfctx = OPENSSL_zalloc(sizeof(PROV_KDF_CTX));
     if (kdfctx == NULL)
         return NULL;
 
@@ -73,7 +78,10 @@ static int kdf_init(void *vpkdfctx, void *vkdf)
 {
     PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx;
 
-    if (pkdfctx == NULL || vkdf == NULL || !kdf_data_up_ref(vkdf))
+    if (!ossl_prov_is_running()
+            || pkdfctx == NULL
+            || vkdf == NULL
+            || !kdf_data_up_ref(vkdf))
         return 0;
     pkdfctx->kdfdata = vkdf;
 
@@ -85,6 +93,8 @@ static int kdf_derive(void *vpkdfctx, unsigned char *secret, size_t *secretlen,
 {
     PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx;
 
+    if (!ossl_prov_is_running())
+        return 0;
     return EVP_KDF_derive(pkdfctx->kdfctx, secret, *secretlen);
 }
 
@@ -103,6 +113,9 @@ static void *kdf_dupctx(void *vpkdfctx)
     PROV_KDF_CTX *srcctx = (PROV_KDF_CTX *)vpkdfctx;
     PROV_KDF_CTX *dstctx;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
     dstctx = OPENSSL_zalloc(sizeof(*srcctx));
     if (dstctx == NULL)
         return NULL;