aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssl/providers/fips/self_test.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssl/providers/fips/self_test.c')
-rw-r--r--crypto/openssl/providers/fips/self_test.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/crypto/openssl/providers/fips/self_test.c b/crypto/openssl/providers/fips/self_test.c
index ef7be26ca722..456efd139e94 100644
--- a/crypto/openssl/providers/fips/self_test.c
+++ b/crypto/openssl/providers/fips/self_test.c
@@ -424,9 +424,18 @@ void SELF_TEST_disable_conditional_error_state(void)
void ossl_set_error_state(const char *type)
{
- int cond_test = (type != NULL && strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0);
+ int cond_test = 0;
+ int import_pct = 0;
- if (!cond_test || (FIPS_conditional_error_check == 1)) {
+ if (type != NULL) {
+ cond_test = strcmp(type, OSSL_SELF_TEST_TYPE_PCT) == 0;
+ import_pct = strcmp(type, OSSL_SELF_TEST_TYPE_PCT_IMPORT) == 0;
+ }
+
+ if (import_pct) {
+ /* Failure to import is transient to avoid a DoS attack */
+ ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR);
+ } else if (!cond_test || (FIPS_conditional_error_check == 1)) {
set_fips_state(FIPS_STATE_ERROR);
ERR_raise(ERR_LIB_PROV, PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE);
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-10 12:49:04 +0000