diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-21 10:56:44 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-03-06 22:24:33 +0100 |
commit | d4611a82da79d8e6472b394bfe68c5d9c267593a (patch) | |
tree | 767c0e994c4b80f5d64ac024aa1ca1361d55f999 /lib/fips.h | |
parent | 35c36f6b3421cd051f713a0087354bfad1d26e6f (diff) | |
download | gnutls-d4611a82da79d8e6472b394bfe68c5d9c267593a.tar.gz |
pk: always use _gnutls_switch_lib_state
This avoids relying on abort() for RNG errors in PK wrappers.
We use instead the library state originally added for FIPS140-2
support, and if the state indicates failure the operation will
fail.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/fips.h')
-rw-r--r-- | lib/fips.h | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/fips.h b/lib/fips.h index 23c3c9e2bc..637bcd7c27 100644 --- a/lib/fips.h +++ b/lib/fips.h @@ -63,10 +63,10 @@ unsigned _gnutls_fips_mode_enabled(void); # define _gnutls_fips_mode_enabled() 0 #endif +# define HAVE_LIB_ERROR() unlikely(_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && _gnutls_get_lib_state() != LIB_STATE_SELFTEST) + # define FAIL_IF_LIB_ERROR \ - if (_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && \ - _gnutls_get_lib_state() != LIB_STATE_SELFTEST) \ - return GNUTLS_E_LIB_IN_ERROR_STATE + if (HAVE_LIB_ERROR()) return GNUTLS_E_LIB_IN_ERROR_STATE void _gnutls_switch_lib_state(gnutls_lib_state_t state); |