FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR
authorDr. Stephen Henson <steve@openssl.org>
Wed, 26 Jan 2011 15:53:07 +0000 (15:53 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 26 Jan 2011 15:53:07 +0000 (15:53 +0000)
library dependencies.

crypto/err/err.c
crypto/err/err.h
crypto/err/err_all.c

index fcdb244008f66d0f8ca10e2947092307b82e2003..b586004166a9e3182dc00a5b04a9ac5f5978c76b 100644 (file)
  *
  */
 
+#define OPENSSL_NO_FIPS_ERR
+
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
index 974cc9cc6f903129936edccff2d8ea78cdf5638b..37aee6f485bd444aca246e2f4c305ad2e4022d58 100644 (file)
@@ -137,6 +137,17 @@ extern "C" {
 #define ERR_PUT_error(a,b,c,d,e)       ERR_put_error(a,b,c,NULL,0)
 #endif
 
+#if defined(OPENSSL_FIPSCANISTER) && !defined(OPENSSL_NO_FIPS_ERR)
+#define ERR_put_error FIPS_put_error
+#define ERR_add_error_data FIPS_add_error_data
+#endif
+
+#ifdef OPENSSL_FIPS
+void FIPS_set_error_callbacks(
+       void (*put_cb)(int lib, int func,int reason,const char *file,int line),
+       void (*add_cb)(int num, va_list args) );
+#endif
+
 #include <errno.h>
 
 #define ERR_TXT_MALLOCED       0x01
index fc049e8e88bcaf4a0feb7176f57c1953a2232fa6..3544e8fecd06198914b9e932505dc8161ffec434 100644 (file)
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_NO_FIPS_ERR
+
 #include <stdio.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 
 void ERR_load_crypto_strings(void)
        {
+#ifdef OPENSSL_FIPS
+       FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
+#endif
 #ifndef OPENSSL_NO_ERR
        ERR_load_ERR_strings(); /* include error strings for SYSerr */
        ERR_load_BN_strings();