/*
* We're cheating here. Normally we don't allow RUN_ONCE usage inside the FIPS
* module because all such initialisation should be associated with an
- * individual OPENSSL_CTX. That doesn't work with the self test though because
- * it should be run once regardless of the number of OPENSSL_CTXs we have.
+ * individual OSSL_LIB_CTX. That doesn't work with the self test though because
+ * it should be run once regardless of the number of OSSL_LIB_CTXs we have.
*/
#define ALLOW_RUN_ONCE_IN_FIPS
#include <internal/thread_once.h>
#define MAC_NAME "HMAC"
#define DIGEST_NAME "SHA256"
+static int FIPS_conditional_error_check = 1;
static int FIPS_state = FIPS_STATE_INIT;
static CRYPTO_RWLOCK *self_test_lock = NULL;
static unsigned char fixed_key[32] = { FIPS_KEY_ELEMENTS };
#elif defined(__GNUC__)
# define DEP_INIT_ATTRIBUTE static __attribute__((constructor))
# define DEP_FINI_ATTRIBUTE static __attribute__((destructor))
+
+#elif defined(__TANDEM)
+DEP_DECLARE() /* must be declared before calling init() or cleanup() */
+# define DEP_INIT_ATTRIBUTE
+# define DEP_FINI_ATTRIBUTE
+
+/* Method automatically called by the NonStop OS when the DLL loads */
+void __INIT__init(void) {
+ init();
+}
+
+/* Method automatically called by the NonStop OS prior to unloading the DLL */
+void __TERM__cleanup(void) {
+ cleanup();
+}
+
#endif
#if defined(DEP_INIT_ATTRIBUTE) && defined(DEP_FINI_ATTRIBUTE)
*/
static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
unsigned char *expected, size_t expected_len,
- OPENSSL_CTX *libctx, OSSL_SELF_TEST *ev,
+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
const char *event_type)
{
int ret = 0, status;
OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
+ if (mac == NULL)
+ goto err;
ctx = EVP_MAC_CTX_new(mac);
- if (mac == NULL || ctx == NULL)
+ if (ctx == NULL)
goto err;
*p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME,
if (ok)
FIPS_state = FIPS_STATE_RUNNING;
else
- ossl_set_error_state();
+ ossl_set_error_state(OSSL_SELF_TEST_TYPE_NONE);
CRYPTO_THREAD_unlock(self_test_lock);
return ok;
}
-void ossl_set_error_state(void)
+void SELF_TEST_disable_conditional_error_state(void)
{
- FIPS_state = FIPS_STATE_ERROR;
- ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
+ FIPS_conditional_error_check = 0;
+}
+
+void ossl_set_error_state(const char *type)
+{
+ int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0);
+
+ if (!cond_test || (FIPS_conditional_error_check == 1)) {
+ FIPS_state = FIPS_STATE_ERROR;
+ ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
+ } else {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_CONDITIONAL_ERROR);
+ }
}
int ossl_prov_is_running(void)