abort pluto if crypto self-test fails
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 May 2009 15:44:02 +0000 (17:44 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 15 May 2009 15:44:02 +0000 (17:44 +0200)
src/pluto/crypto.c
src/pluto/ike_alg.c

index b60c685..7da967c 100644 (file)
@@ -144,7 +144,10 @@ void init_crypto(void)
                exit_log("mpz_init_set_str() failed in init_crypto()");
        }
 #ifdef SELF_TEST
-       ike_alg_test();
+       if (!ike_alg_test())
+       {
+               exit_log("pluto cannot run due to failed crypto self-test");
+       }
 #endif
 }
 
@@ -189,12 +192,9 @@ const struct oakley_group_desc *lookup_group(u_int16_t group)
        return NULL;
 }
 
-/* Encryption Routines
- *
- * Each uses and updates the state object's st_new_iv.
- * This must already be initialized.
+/**
+ * Converts IKEv1 encryption algorithm name to crypter name
  */
-
 encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
 {
        switch (alg)
@@ -223,6 +223,9 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
        }
 }
 
+/**
+ * Converts IKEv1 hash algorithm name to hasher name
+ */
 hash_algorithm_t oakley_to_hash_algorithm(int alg)
 {
        switch (alg)
@@ -242,6 +245,9 @@ hash_algorithm_t oakley_to_hash_algorithm(int alg)
        }
 }
 
+/**
+ * Converts IKEv1 hash algorithm name to IKEv2 prf name
+ */
 pseudo_random_function_t oakley_to_prf(int alg)
 {
        switch (alg)
index 5e4a431..3b9cf84 100644 (file)
@@ -575,7 +575,7 @@ bool ike_alg_test(void)
        bool all_results = TRUE;
        struct ike_alg *a;
        
-       plog("Testing registered IKE encryption algorithms:");
+       plog("Testing registered IKE crypto algorithms:");
 
        for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
        {