pk: always use _gnutls_switch_lib_state

This avoids relying on abort() for RNG errors in PK wrappers. We use instead the library state originally added for FIPS140-2 support, and if the state indicates failure the operation will fail. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-02-21 10:56:44 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-03-06 22:24:33 +0100
commit: d4611a82da79d8e6472b394bfe68c5d9c267593a (patch)
tree: 767c0e994c4b80f5d64ac024aa1ca1361d55f999 /lib/fips.h
parent: 35c36f6b3421cd051f713a0087354bfad1d26e6f (diff)
download: gnutls-d4611a82da79d8e6472b394bfe68c5d9c267593a.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/fips.h b/lib/fips.h
index 23c3c9e2bc..637bcd7c27 100644
--- a/lib/fips.h
+++ b/lib/fips.h
@@ -63,10 +63,10 @@ unsigned _gnutls_fips_mode_enabled(void);
 # define _gnutls_fips_mode_enabled() 0
 #endif
 
+# define HAVE_LIB_ERROR() unlikely(_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && _gnutls_get_lib_state() != LIB_STATE_SELFTEST)
+
 # define FAIL_IF_LIB_ERROR \
-	if (_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && \
-	  _gnutls_get_lib_state() != LIB_STATE_SELFTEST) \
-	return GNUTLS_E_LIB_IN_ERROR_STATE
+	if (HAVE_LIB_ERROR()) return GNUTLS_E_LIB_IN_ERROR_STATE
 
 void _gnutls_switch_lib_state(gnutls_lib_state_t state);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-02-21 10:56:44 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-03-06 22:24:33 +0100
commit	d4611a82da79d8e6472b394bfe68c5d9c267593a (patch)
tree	767c0e994c4b80f5d64ac024aa1ca1361d55f999 /lib/fips.h
parent	35c36f6b3421cd051f713a0087354bfad1d26e6f (diff)
download	gnutls-d4611a82da79d8e6472b394bfe68c5d9c267593a.tar.gz