From 74fac927b0b7d89aa6cdb88b12669e1cd8f4e841 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 22 Apr 2011 11:12:56 +0000 Subject: [PATCH] Return errors instead of aborting when selftest fails. --- crypto/dh/dh_key.c | 6 +++++- crypto/fips_err.h | 2 ++ crypto/rsa/rsa_eay.c | 6 +++++- fips/fips.h | 2 ++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 50e8011c83..6c0c745c8d 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -301,7 +301,11 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { #ifdef OPENSSL_FIPS - FIPS_selftest_check(); + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED); + return 0; + } #endif dh->flags |= DH_FLAG_CACHE_MONT_P; return(1); diff --git a/crypto/fips_err.h b/crypto/fips_err.h index f4f834124e..041bc1567a 100644 --- a/crypto/fips_err.h +++ b/crypto/fips_err.h @@ -71,6 +71,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= { {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, +{ERR_FUNC(FIPS_F_DH_INIT), "DH_INIT"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"}, {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2), "DSA_BUILTIN_PARAMGEN2"}, {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"}, @@ -113,6 +114,7 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931), "FIPS_selftest_x931"}, {ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"}, {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, +{ERR_FUNC(FIPS_F_RSA_EAY_INIT), "RSA_EAY_INIT"}, {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 865fb6a269..d47f64e75d 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -937,7 +937,11 @@ err: static int RSA_eay_init(RSA *rsa) { #ifdef OPENSSL_FIPS - FIPS_selftest_check(); + if(FIPS_selftest_failed()) + { + FIPSerr(FIPS_F_RSA_EAY_INIT,FIPS_R_FIPS_SELFTEST_FAILED); + return 0; + } #endif rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); diff --git a/fips/fips.h b/fips/fips.h index e84f477cc4..60cc097bd6 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -233,6 +233,7 @@ void ERR_load_FIPS_strings(void); /* Function codes. */ #define FIPS_F_DH_BUILTIN_GENPARAMS 100 +#define FIPS_F_DH_INIT 148 #define FIPS_F_DSA_BUILTIN_PARAMGEN 101 #define FIPS_F_DSA_BUILTIN_PARAMGEN2 102 #define FIPS_F_DSA_DO_SIGN 103 @@ -275,6 +276,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_SELFTEST_X931 136 #define FIPS_F_HASH_FINAL 137 #define FIPS_F_RSA_BUILTIN_KEYGEN 138 +#define FIPS_F_RSA_EAY_INIT 149 #define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 139 #define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 140 #define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 141 -- 2.34.1