static int fips_clear_owning_thread(void);
static unsigned char *fips_signature_witness(void);
-static void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
-static void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
-static void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
-static void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
+#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
+#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
+#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
static void fips_set_mode(int onoff)
{
return FIPS_selftest_sha1()
&& FIPS_selftest_hmac()
+ && FIPS_selftest_cmac()
&& FIPS_selftest_aes()
+ && FIPS_selftest_aes_gcm()
&& FIPS_selftest_des()
&& FIPS_selftest_rsa()
+ && FIPS_selftest_ecdsa()
&& FIPS_selftest_dsa();
}
if(onoff)
{
- unsigned char buf[48];
fips_selftest_fail = 0;
goto end;
}
+ if (!FIPS_selftest_drbg())
+ {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
/* Perform RNG KAT before seeding */
if (!FIPS_selftest_rng())
{
ret = 0;
goto end;
}
-
+#if 0
/* automagically seed PRNG if not already seeded */
if(!FIPS_rand_status())
{
+ unsigned char buf[48];
if(RAND_bytes(buf,sizeof buf) <= 0)
{
fips_selftest_fail = 1;
/* now switch into FIPS mode */
fips_set_rand_check(FIPS_rand_method());
RAND_set_rand_method(FIPS_rand_method());
+#else
+ fips_set_rand_check(FIPS_drbg_method());
+ RAND_set_rand_method(FIPS_drbg_method());
+#endif
if(FIPS_selftest())
fips_set_mode(1);
else
{
CRYPTO_THREADID_current(&fips_thread);
ret = 1;
+ fips_thread_set = 1;
}
CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
}