FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
authorDr. Stephen Henson <steve@openssl.org>
Wed, 26 Jan 2011 15:53:07 +0000 (15:53 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 26 Jan 2011 15:53:07 +0000 (15:53 +0000)
library dependencies.

crypto/err/err.c
crypto/err/err.h
crypto/err/err_all.c

index fcdb244..b586004 100644 (file)
  *
  */
 
+#define OPENSSL_NO_FIPS_ERR
+
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
index 974cc9c..37aee6f 100644 (file)
@@ -137,6 +137,17 @@ extern "C" {
 #define ERR_PUT_error(a,b,c,d,e)       ERR_put_error(a,b,c,NULL,0)
 #endif
 
+#if defined(OPENSSL_FIPSCANISTER) && !defined(OPENSSL_NO_FIPS_ERR)
+#define ERR_put_error FIPS_put_error
+#define ERR_add_error_data FIPS_add_error_data
+#endif
+
+#ifdef OPENSSL_FIPS
+void FIPS_set_error_callbacks(
+       void (*put_cb)(int lib, int func,int reason,const char *file,int line),
+       void (*add_cb)(int num, va_list args) );
+#endif
+
 #include <errno.h>
 
 #define ERR_TXT_MALLOCED       0x01
index fc049e8..3544e8f 100644 (file)
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_NO_FIPS_ERR
+
 #include <stdio.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 
 void ERR_load_crypto_strings(void)
        {
+#ifdef OPENSSL_FIPS
+       FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
+#endif
 #ifndef OPENSSL_NO_ERR
        ERR_load_ERR_strings(); /* include error strings for SYSerr */
        ERR_load_BN_strings();