Update copyright year.

[openssl.git] / fips / fips.c

diff --git a/fips/fips.c b/fips/fips.c
index e8d99c50044990abaa1bd0502935a1ed78accf13..7e5b651f97b99d12257fd55a85fe06283cfb3559 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -70,10 +70,9 @@
 #define PATH_MAX 1024
 #endif
 
-static int fips_selftest_fail;
-static int fips_mode;
+static int fips_selftest_fail = 0;
+static int fips_mode = 0;
 static int fips_started = 0;
-static const void *fips_rand_check;
 
 static int fips_is_owning_thread(void);
 static int fips_set_owning_thread(void);
@@ -97,18 +96,6 @@ static void fips_set_mode(int onoff)
                }
        }
 
-static void fips_set_rand_check(const void *rand_check)
-       {
-       int owning_thread = fips_is_owning_thread();
-
-       if (fips_started)
-               {
-               if (!owning_thread) fips_w_lock();
-               fips_rand_check = rand_check;
-               if (!owning_thread) fips_w_unlock();
-               }
-       }
-
 int FIPS_mode(void)
        {
        int ret = 0;
@@ -123,20 +110,6 @@ int FIPS_mode(void)
        return ret;
        }
 
-const void *FIPS_rand_check(void)
-       {
-       const void *ret = 0;
-       int owning_thread = fips_is_owning_thread();
-
-       if (fips_started)
-               {
-               if (!owning_thread) fips_r_lock();
-               ret = fips_rand_check;
-               if (!owning_thread) fips_r_unlock();
-               }
-       return ret;
-       }
-
 int FIPS_selftest_failed(void)
     {
     int ret = 0;
@@ -323,34 +296,13 @@ int FIPS_mode_set(int onoff)
            }
 
        /* Perform RNG KAT before seeding */
-       if (!FIPS_selftest_rng())
+       if (!FIPS_selftest_x931())
            {
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
            }
-#if 0
-       /* automagically seed PRNG if not already seeded */
-       if(!FIPS_rand_status())
-           {
-           unsigned char buf[48];
-           if(RAND_bytes(buf,sizeof buf) <= 0)
-               {
-               fips_selftest_fail = 1;
-               ret = 0;
-               goto end;
-               }
-           FIPS_rand_set_key(buf,32);
-           FIPS_rand_seed(buf+32,16);
-           }
 
-       /* now switch into FIPS mode */
-       fips_set_rand_check(FIPS_rand_method());
-       RAND_set_rand_method(FIPS_rand_method());
-#else
-       fips_set_rand_check(FIPS_drbg_method());
-       RAND_set_rand_method(FIPS_drbg_method());
-#endif
        if(FIPS_selftest())
            fips_set_mode(1);
        else
@@ -559,9 +511,12 @@ int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
        unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
        OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
+       memset(pltmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
+       memset(citmp, 0, FIPS_MAX_CIPHER_TEST_SIZE);
        if (FIPS_cipherinit(ctx, cipher, key, iv, 1) <= 0)
                return 0;
-       FIPS_cipher(ctx, citmp, plaintext, len);
+       if (!FIPS_cipher(ctx, citmp, plaintext, len))
+               return 0;
        if (memcmp(citmp, ciphertext, len))
                return 0;
        if (FIPS_cipherinit(ctx, cipher, key, iv, 0) <= 0)