From d4611a82da79d8e6472b394bfe68c5d9c267593a Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 21 Feb 2017 10:56:44 +0100
Subject: pk: always use _gnutls_switch_lib_state

This avoids relying on abort() for RNG errors in PK wrappers.
We use instead the library state originally added for FIPS140-2
support, and if the state indicates failure the operation will
fail.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/fips.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/fips.h')

diff --git a/lib/fips.h b/lib/fips.h
index 23c3c9e2bc..637bcd7c27 100644
--- a/lib/fips.h
+++ b/lib/fips.h
@@ -63,10 +63,10 @@ unsigned _gnutls_fips_mode_enabled(void);
 # define _gnutls_fips_mode_enabled() 0
 #endif
 
+# define HAVE_LIB_ERROR() unlikely(_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && _gnutls_get_lib_state() != LIB_STATE_SELFTEST)
+
 # define FAIL_IF_LIB_ERROR \
-	if (_gnutls_get_lib_state() != LIB_STATE_OPERATIONAL && \
-	  _gnutls_get_lib_state() != LIB_STATE_SELFTEST) \
-	return GNUTLS_E_LIB_IN_ERROR_STATE
+	if (HAVE_LIB_ERROR()) return GNUTLS_E_LIB_IN_ERROR_STATE
 
 void _gnutls_switch_lib_state(gnutls_lib_state_t state);
 
-- 
cgit v1.2.1