Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

[thirdparty/openssl.git] / providers / fips / self_test.c

diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index b0df0863e265fa0f6308ce5abbafa725378469f9..4d8e640c386f11584752d2bf68fa10fa6d8fcf15 100644 (file)
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -20,8 +20,8 @@
 /*
  * We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
  * module because all such initialisation should be associated with an
- * individual OPENSSL_CTX. That doesn't work with the self test though because
- * it should be run once regardless of the number of OPENSSL_CTXs we have.
+ * individual OSSL_LIB_CTX. That doesn't work with the self test though because
+ * it should be run once regardless of the number of OSSL_LIB_CTXs we have.
  */
 #define ALLOW_RUN_ONCE_IN_FIPS
 #include <internal/thread_once.h>
@@ -44,6 +44,7 @@
 #define MAC_NAME    "HMAC"
 #define DIGEST_NAME "SHA256"
 
+static int FIPS_conditional_error_check = 1;
 static int FIPS_state = FIPS_STATE_INIT;
 static CRYPTO_RWLOCK *self_test_lock = NULL;
 static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS };
@@ -122,6 +123,22 @@ DEP_DECLARE()
 #elif defined(__GNUC__)
 # define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
 # define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
+
+#elif defined(__TANDEM)
+DEP_DECLARE() /* must be declared before calling init() or cleanup() */
+# define DEP_INIT_ATTRIBUTE
+# define DEP_FINI_ATTRIBUTE
+
+/* Method automatically called by the NonStop OS when the DLL loads */
+void __INIT__init(void) {
+    init();
+}
+
+/* Method automatically called by the NonStop OS prior to unloading the DLL */
+void __TERM__cleanup(void) {
+    cleanup();
+}
+
 #endif
 
 #if defined(DEP_INIT_ATTRIBUTE) && defined(DEP_FINI_ATTRIBUTE)
@@ -143,7 +160,7 @@ DEP_FINI_ATTRIBUTE void cleanup(void)
  */
 static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
                             unsigned char *expected, size_t expected_len,
-                            OPENSSL_CTX *libctx, OSSL_SELF_TEST *ev,
+                            OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
                             const char *event_type)
 {
     int ret = 0, status;
@@ -157,8 +174,10 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
 
     mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
+    if (mac == NULL)
+        goto err;
     ctx = EVP_MAC_CTX_new(mac);
-    if (mac == NULL || ctx == NULL)
+    if (ctx == NULL)
         goto err;
 
     *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME,
@@ -311,16 +330,27 @@ end:
     if (ok)
         FIPS_state = FIPS_STATE_RUNNING;
     else
-        ossl_set_error_state();
+        ossl_set_error_state(OSSL_SELF_TEST_TYPE_NONE);
     CRYPTO_THREAD_unlock(self_test_lock);
 
     return ok;
 }
 
-void ossl_set_error_state(void)
+void SELF_TEST_disable_conditional_error_state(void)
 {
-    FIPS_state = FIPS_STATE_ERROR;
-    ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
+    FIPS_conditional_error_check = 0;
+}
+
+void ossl_set_error_state(const char *type)
+{
+    int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0);
+
+    if (!cond_test || (FIPS_conditional_error_check == 1)) {
+        FIPS_state = FIPS_STATE_ERROR;
+        ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
+    } else {
+        ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR);
+    }
 }
 
 int ossl_prov_is_running(void)