Return errors instead of aborting when selftest fails.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c

index 50e8011c833a4afbbd79da434fa2e76f35e0cfa9..6c0c745c8d380eddefd499878c658d69adc64ee3 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -301,7 +301,11 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
  static int dh_init(DH *dh)
         {
  #ifdef OPENSSL_FIPS
  static int dh_init(DH *dh)
         {
  #ifdef OPENSSL_FIPS
-       FIPS_selftest_check();
+       if(FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_DH_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
+               return 0;
+               }
  #endif
         dh->flags |= DH_FLAG_CACHE_MONT_P;
         return(1);
  #endif
         dh->flags |= DH_FLAG_CACHE_MONT_P;
         return(1);
diff --git a/crypto/fips_err.h b/crypto/fips_err.h

index f4f834124ebf7a7aca9ae480ac48c941a68697a4..041bc1567a9519d11ab07945d7c1d94f8f9c75c1 100644 (file)
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@@ -71,6 +71,7 @@
  static ERR_STRING_DATA FIPS_str_functs[]=
         {
  {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),        "DH_BUILTIN_GENPARAMS"},
  static ERR_STRING_DATA FIPS_str_functs[]=
         {
  {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS),        "DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(FIPS_F_DH_INIT),     "DH_INIT"},
  {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),        "DSA_BUILTIN_PARAMGEN"},
  {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2),       "DSA_BUILTIN_PARAMGEN2"},
  {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
  {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN),        "DSA_BUILTIN_PARAMGEN"},
  {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN2),       "DSA_BUILTIN_PARAMGEN2"},
  {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
@@ -113,6 +114,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
  {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931),  "FIPS_selftest_x931"},
  {ERR_FUNC(FIPS_F_HASH_FINAL),  "HASH_FINAL"},
  {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),  "RSA_BUILTIN_KEYGEN"},
  {ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931),  "FIPS_selftest_x931"},
  {ERR_FUNC(FIPS_F_HASH_FINAL),  "HASH_FINAL"},
  {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),  "RSA_BUILTIN_KEYGEN"},
+{ERR_FUNC(FIPS_F_RSA_EAY_INIT),        "RSA_EAY_INIT"},
  {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),     "RSA_EAY_PRIVATE_DECRYPT"},
  {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),     "RSA_EAY_PRIVATE_ENCRYPT"},
  {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),      "RSA_EAY_PUBLIC_DECRYPT"},
  {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),     "RSA_EAY_PRIVATE_DECRYPT"},
  {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT),     "RSA_EAY_PRIVATE_ENCRYPT"},
  {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT),      "RSA_EAY_PUBLIC_DECRYPT"},
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c

index 865fb6a26924e2bc617df541e5f62c9d0a23366b..d47f64e75d0f733116b6436f881e10ae22335134 100644 (file)
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -937,7 +937,11 @@ err:
  static int RSA_eay_init(RSA *rsa)
         {
  #ifdef OPENSSL_FIPS
  static int RSA_eay_init(RSA *rsa)
         {
  #ifdef OPENSSL_FIPS
-       FIPS_selftest_check();
+       if(FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_RSA_EAY_INIT,FIPS_R_FIPS_SELFTEST_FAILED);
+               return 0;
+               }
  #endif
         rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
         return(1);
  #endif
         rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
         return(1);
diff --git a/fips/fips.h b/fips/fips.h

index e84f477cc466490084cdc17044dc6e192cd97651..60cc097bd667471c709fd057e818c6d4695e1ab7 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -233,6 +233,7 @@ void ERR_load_FIPS_strings(void);
  
  /* Function codes. */
  #define FIPS_F_DH_BUILTIN_GENPARAMS                     100
  
  /* Function codes. */
  #define FIPS_F_DH_BUILTIN_GENPARAMS                     100
+#define FIPS_F_DH_INIT                                  148
  #define FIPS_F_DSA_BUILTIN_PARAMGEN                     101
  #define FIPS_F_DSA_BUILTIN_PARAMGEN2                    102
  #define FIPS_F_DSA_DO_SIGN                              103
  #define FIPS_F_DSA_BUILTIN_PARAMGEN                     101
  #define FIPS_F_DSA_BUILTIN_PARAMGEN2                    102
  #define FIPS_F_DSA_DO_SIGN                              103
@@ -275,6 +276,7 @@ void ERR_load_FIPS_strings(void);
  #define FIPS_F_FIPS_SELFTEST_X931                       136
  #define FIPS_F_HASH_FINAL                               137
  #define FIPS_F_RSA_BUILTIN_KEYGEN                       138
  #define FIPS_F_FIPS_SELFTEST_X931                       136
  #define FIPS_F_HASH_FINAL                               137
  #define FIPS_F_RSA_BUILTIN_KEYGEN                       138
+#define FIPS_F_RSA_EAY_INIT                             149
  #define FIPS_F_RSA_EAY_PRIVATE_DECRYPT                  139
  #define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT                  140
  #define FIPS_F_RSA_EAY_PUBLIC_DECRYPT                   141
  #define FIPS_F_RSA_EAY_PRIVATE_DECRYPT                  139
  #define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT                  140
  #define FIPS_F_RSA_EAY_PUBLIC_DECRYPT                   141
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 22 Apr 2011 11:12:56 +0000 (11:12 +0000)
crypto/dh/dh_key.c		patch \| blob \| history
crypto/fips_err.h		patch \| blob \| history
crypto/rsa/rsa_eay.c		patch \| blob \| history
fips/fips.h		patch \| blob \| history