/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
#define PATH_MAX 1024
#endif
-static int fips_selftest_fail;
-static int fips_mode;
+static int fips_selftest_fail = 0;
+static int fips_mode = 0;
static int fips_started = 0;
-static const void *fips_rand_check;
static int fips_is_owning_thread(void);
static int fips_set_owning_thread(void);
static int fips_clear_owning_thread(void);
static unsigned char *fips_signature_witness(void);
-static void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
-static void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
-static void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
-static void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+#define fips_w_lock() CRYPTO_w_lock(CRYPTO_LOCK_FIPS)
+#define fips_w_unlock() CRYPTO_w_unlock(CRYPTO_LOCK_FIPS)
+#define fips_r_lock() CRYPTO_r_lock(CRYPTO_LOCK_FIPS)
+#define fips_r_unlock() CRYPTO_r_unlock(CRYPTO_LOCK_FIPS)
static void fips_set_mode(int onoff)
{
}
}
-static void fips_set_rand_check(const void *rand_check)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_started)
- {
- if (!owning_thread) fips_w_lock();
- fips_rand_check = rand_check;
- if (!owning_thread) fips_w_unlock();
- }
- }
-
int FIPS_mode(void)
{
int ret = 0;
return ret;
}
-const void *FIPS_rand_check(void)
- {
- const void *ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_started)
- {
- if (!owning_thread) fips_r_lock();
- ret = fips_rand_check;
- if (!owning_thread) fips_r_unlock();
- }
- return ret;
- }
-
int FIPS_selftest_failed(void)
{
int ret = 0;
if(onoff)
{
- unsigned char buf[48];
fips_selftest_fail = 0;
}
/* Perform RNG KAT before seeding */
- if (!FIPS_selftest_rng())
+ if (!FIPS_selftest_x931())
{
fips_selftest_fail = 1;
ret = 0;
goto end;
}
- /* automagically seed PRNG if not already seeded */
- if(!FIPS_rand_status())
- {
- if(RAND_bytes(buf,sizeof buf) <= 0)
- {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
- FIPS_rand_set_key(buf,32);
- FIPS_rand_seed(buf+32,16);
- }
-
- /* now switch into FIPS mode */
- fips_set_rand_check(FIPS_rand_method());
- RAND_set_rand_method(FIPS_rand_method());
if(FIPS_selftest())
fips_set_mode(1);
else
{
CRYPTO_THREADID_current(&fips_thread);
ret = 1;
+ fips_thread_set = 1;
}
CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
}
unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
+ memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
+ memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
return 0;
- FIPS_cipher(ctx, citmp, plaintext, len);
+ if (!FIPS_cipher(ctx, citmp, plaintext, len))
+ return 0;
if (memcmp(citmp, ciphertext, len))
return 0;
if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)