FIPS mode ERR changes. Redirect errors to tiny FIPS callbacks to avoid ERR

library dependencies.

3 files changed, 18 insertions, 0 deletions

diff --git a/crypto/err/err.c b/crypto/err/err.c
index fcdb244008..b586004166 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -109,6 +109,8 @@
  *
  */
 
+#define OPENSSL_NO_FIPS_ERR
+
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
diff --git a/crypto/err/err.h b/crypto/err/err.h
index 974cc9cc6f..37aee6f485 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -137,6 +137,17 @@ extern "C" {
 #define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
 #endif
 
+#if defined(OPENSSL_FIPSCANISTER) && !defined(OPENSSL_NO_FIPS_ERR)
+#define ERR_put_error FIPS_put_error
+#define ERR_add_error_data FIPS_add_error_data
+#endif
+
+#ifdef OPENSSL_FIPS
+void FIPS_set_error_callbacks(
+	void (*put_cb)(int lib, int func,int reason,const char *file,int line),
+	void (*add_cb)(int num, va_list args) );
+#endif
+
 #include <errno.h>
 
 #define ERR_TXT_MALLOCED	0x01
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index fc049e8e88..3544e8fecd 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -56,6 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
+#define OPENSSL_NO_FIPS_ERR
+
 #include <stdio.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
@@ -106,6 +108,9 @@
 
 void ERR_load_crypto_strings(void)
 	{
+#ifdef OPENSSL_FIPS
+	FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
+#endif
 #ifndef OPENSSL_NO_ERR
 	ERR_load_ERR_strings(); /* include error strings for SYSerr */
 	ERR_load_BN_strings();