Return errors instead of aborting when selftest fails.

2011-04-22 11:12:56 +00:00 · 2011-04-22 11:12:56 +00:00 · 74fac927b0
commit 74fac927b0
parent da9ead8db2
4 changed files with 14 additions and 2 deletions
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@ -301,7 +301,11 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 static int dh_init(DH *dh)
 	{
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
+		return 0;
+		}
 #endif
 	dh->flags |= DH_FLAG_CACHE_MONT_P;
 	return(1);
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@ -71,6 +71,7 @@
 static ERR_STRING_DATA FIPS_str_functs[]=
 	{
 {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(FIPS_F_DH_INIT),	"DH_INIT"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},
 {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2),	"DSA_BUILTIN_PARAMGEN2"},
 {ERR_FUNC(FIPS_F_DSA_DO_SIGN),	"DSA_do_sign"},
@ -113,6 +114,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931),	"FIPS_selftest_x931"},
 {ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},
 {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(FIPS_F_RSA_EAY_INIT),	"RSA_EAY_INIT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),	"RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@ -937,7 +937,11 @@ err:
 static int RSA_eay_init(RSA *rsa)
 	{
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+	if(FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_RSA_EAY_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
+		return 0;
+		}
 #endif
 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
 	return(1);
--- a/fips/fips.h
+++ b/fips/fips.h
@ -233,6 +233,7 @@ void ERR_load_FIPS_strings(void);

 /* Function codes. */
 #define FIPS_F_DH_BUILTIN_GENPARAMS			 100
+#define FIPS_F_DH_INIT					 148
 #define FIPS_F_DSA_BUILTIN_PARAMGEN			 101
 #define FIPS_F_DSA_BUILTIN_PARAMGEN2			 102
 #define FIPS_F_DSA_DO_SIGN				 103
@ -275,6 +276,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_SELFTEST_X931			 136
 #define FIPS_F_HASH_FINAL				 137
 #define FIPS_F_RSA_BUILTIN_KEYGEN			 138
+#define FIPS_F_RSA_EAY_INIT				 149
 #define FIPS_F_RSA_EAY_PRIVATE_DECRYPT			 139
 #define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT			 140
 #define FIPS_F_RSA_EAY_PUBLIC_DECRYPT			 141