From d8cb1d16682dde80b142db49f791b09fc72471fc Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 15 May 2009 17:44:02 +0200 Subject: [PATCH] abort pluto if crypto self-test fails --- src/pluto/crypto.c | 18 ++++++++++++------ src/pluto/ike_alg.c | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index b60c685e05..7da967c52a 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -144,7 +144,10 @@ void init_crypto(void) exit_log("mpz_init_set_str() failed in init_crypto()"); } #ifdef SELF_TEST - ike_alg_test(); + if (!ike_alg_test()) + { + exit_log("pluto cannot run due to failed crypto self-test"); + } #endif } @@ -189,12 +192,9 @@ const struct oakley_group_desc *lookup_group(u_int16_t group) return NULL; } -/* Encryption Routines - * - * Each uses and updates the state object's st_new_iv. - * This must already be initialized. +/** + * Converts IKEv1 encryption algorithm name to crypter name */ - encryption_algorithm_t oakley_to_encryption_algorithm(int alg) { switch (alg) @@ -223,6 +223,9 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg) } } +/** + * Converts IKEv1 hash algorithm name to hasher name + */ hash_algorithm_t oakley_to_hash_algorithm(int alg) { switch (alg) @@ -242,6 +245,9 @@ hash_algorithm_t oakley_to_hash_algorithm(int alg) } } +/** + * Converts IKEv1 hash algorithm name to IKEv2 prf name + */ pseudo_random_function_t oakley_to_prf(int alg) { switch (alg) diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 5e4a431ec3..3b9cf84642 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -575,7 +575,7 @@ bool ike_alg_test(void) bool all_results = TRUE; struct ike_alg *a; - plog("Testing registered IKE encryption algorithms:"); + plog("Testing registered IKE crypto algorithms:"); for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next) {