mac: add FIPS error state handling

[openssl.git] / providers / implementations / macs / blake2_mac_impl.c

diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c
index c2f292f9bb50eaf6af7fd0ffe94e619c8a6305b5..f7b6bd3e4f0bf834336de16ef365ab1e41f61e78 100644 (file)
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@@ -15,6 +15,7 @@
 #include "internal/cryptlib.h"
 #include "prov/providercommonerr.h"
 #include "prov/implementations.h"
+#include "prov/providercommon.h"
 
 /*
  * Forward declaration of everything implemented here.  This is not strictly
@@ -42,8 +43,12 @@ static size_t blake2_mac_size(void *vmacctx);
 
 static void *blake2_mac_new(void *unused_provctx)
 {
-    struct blake2_mac_data_st *macctx = OPENSSL_zalloc(sizeof(*macctx));
+    struct blake2_mac_data_st *macctx;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
+    macctx = OPENSSL_zalloc(sizeof(*macctx));
     if (macctx != NULL) {
         BLAKE2_PARAM_INIT(&macctx->params);
         /* ctx initialization is deferred to BLAKE2b_Init() */
@@ -56,6 +61,9 @@ static void *blake2_mac_dup(void *vsrc)
     struct blake2_mac_data_st *dst;
     struct blake2_mac_data_st *src = vsrc;
 
+    if (!ossl_prov_is_running())
+        return NULL;
+
     dst = OPENSSL_zalloc(sizeof(*dst));
     if (dst == NULL)
         return NULL;
@@ -78,6 +86,9 @@ static int blake2_mac_init(void *vmacctx)
 {
     struct blake2_mac_data_st *macctx = vmacctx;
 
+    if (!ossl_prov_is_running())
+        return 0;
+
     /* Check key has been set */
     if (macctx->params.key_length == 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET);
@@ -104,6 +115,9 @@ static int blake2_mac_final(void *vmacctx,
 {
     struct blake2_mac_data_st *macctx = vmacctx;
 
+    if (!ossl_prov_is_running())
+        return 0;
+
     *outl = blake2_mac_size(macctx);
     return BLAKE2_FINAL(out, &macctx->ctx);
 }