kdf: add FIPS error state handling

[openssl.git] / providers / implementations / kdfs / tls1_prf.c

diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
index 191041db5bfae8cd272ce6905db6781b21cd82f6..ca6c605351ce4c97809f106850f8bbdf80fb7537 100644 (file)
--- a/providers/implementations/kdfs/tls1_prf.c
+++ b/providers/implementations/kdfs/tls1_prf.c
@@ -56,6 +56,7 @@
 #include "internal/numbers.h"
 #include "crypto/evp.h"
 #include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
 #include "prov/providercommonerr.h"
 #include "prov/implementations.h"
 #include "prov/provider_util.h"
@@ -98,6 +99,9 @@ static void *kdf_tls1_prf_new(void *provctx)
 {
     TLS1_PRF *ctx;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
     if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
     ctx->provctx = provctx;
@@ -132,6 +136,9 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key,
 {
     TLS1_PRF *ctx = (TLS1_PRF *)vctx;
 
+    if (!ossl_prov_is_running())
+        return 0;
+
     if (ctx->P_hash == NULL) {
         ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST);
         return 0;