Change FIPS locking functions to macros so we get useful line information.

[openssl.git] / fips / fips.c

diff --git a/fips/fips.c b/fips/fips.c
index 6b5e4d4ccb46df39628425582a012c93608cc4be..e8d99c50044990abaa1bd0502935a1ed78accf13 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -80,10 +80,10 @@ static int fips_set_owning_thread(void);
 static int fips_clear_owning_thread(void);
 static unsigned char *fips_signature_witness(void);
 
-static void fips_w_lock(void)  { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
-static void fips_w_unlock(void)        { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
-static void fips_r_lock(void)  { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
-static void fips_r_unlock(void)        { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+#define fips_w_lock()  CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
+#define fips_w_unlock()        CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
+#define fips_r_lock()  CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
+#define fips_r_unlock()        CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
 
 static void fips_set_mode(int onoff)
        {
@@ -174,9 +174,12 @@ int FIPS_selftest(void)
 
     return FIPS_selftest_sha1()
        && FIPS_selftest_hmac()
+       && FIPS_selftest_cmac()
        && FIPS_selftest_aes()
+       && FIPS_selftest_aes_gcm()
        && FIPS_selftest_des()
        && FIPS_selftest_rsa()
+       && FIPS_selftest_ecdsa()
        && FIPS_selftest_dsa();
     }
 
@@ -274,7 +277,6 @@ int FIPS_mode_set(int onoff)
 
     if(onoff)
        {
-       unsigned char buf[48];
 
        fips_selftest_fail = 0;
 
@@ -313,6 +315,13 @@ int FIPS_mode_set(int onoff)
            goto end;
            }
 
+       if (!FIPS_selftest_drbg())
+           {
+           fips_selftest_fail = 1;
+           ret = 0;
+           goto end;
+           }
+
        /* Perform RNG KAT before seeding */
        if (!FIPS_selftest_rng())
            {
@@ -320,10 +329,11 @@ int FIPS_mode_set(int onoff)
            ret = 0;
            goto end;
            }
-
+#if 0
        /* automagically seed PRNG if not already seeded */
        if(!FIPS_rand_status())
            {
+           unsigned char buf[48];
            if(RAND_bytes(buf,sizeof buf) <= 0)
                {
                fips_selftest_fail = 1;
@@ -337,6 +347,10 @@ int FIPS_mode_set(int onoff)
        /* now switch into FIPS mode */
        fips_set_rand_check(FIPS_rand_method());
        RAND_set_rand_method(FIPS_rand_method());
+#else
+       fips_set_rand_check(FIPS_drbg_method());
+       RAND_set_rand_method(FIPS_drbg_method());
+#endif
        if(FIPS_selftest())
            fips_set_mode(1);
        else
@@ -390,6 +404,7 @@ int fips_set_owning_thread(void)
                        {
                        CRYPTO_THREADID_current(&fips_thread);
                        ret = 1;
+                       fips_thread_set = 1;
                        }
                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
                }