clarify comment
[openssl.git] / fips / fips.c
index a18fd58..a8f0f03 100644 (file)
@@ -96,7 +96,7 @@ static void fips_set_mode(int onoff)
                }
        }
 
-int FIPS_mode(void)
+int FIPS_module_mode(void)
        {
        int ret = 0;
        int owning_thread = fips_is_owning_thread();
@@ -145,6 +145,7 @@ void fips_set_selftest_fail(void)
 extern const void         *FIPS_text_start(),  *FIPS_text_end();
 extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
 unsigned char              FIPS_signature [20] = { 0 };
+__fips_constseg
 static const char          FIPS_hmac_key[]="etaonrishdlcupfm";
 
 unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
@@ -237,10 +238,8 @@ int FIPS_check_incore_fingerprint(void)
     return rv;
     }
 
-int FIPS_mode_set(int onoff)
+int FIPS_module_mode_set(int onoff)
     {
-    int fips_set_owning_thread();
-    int fips_clear_owning_thread();
     int ret = 0;
 
     fips_w_lock();
@@ -254,9 +253,9 @@ int FIPS_mode_set(int onoff)
 
        /* Don't go into FIPS mode twice, just so we can do automagic
           seeding */
-       if(FIPS_mode())
+       if(FIPS_module_mode())
            {
-           FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
+           FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
@@ -265,7 +264,7 @@ int FIPS_mode_set(int onoff)
 #ifdef OPENSSL_IA32_SSE2
        if ((OPENSSL_ia32cap & (1<<25|1<<26)) != (1<<25|1<<26))
            {
-           FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
+           FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
@@ -274,14 +273,14 @@ int FIPS_mode_set(int onoff)
 
        if(fips_signature_witness() != FIPS_signature)
            {
-           FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
+           FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
            }
 
        if(FIPS_selftest())
-           fips_set_mode(1);
+           fips_set_mode(onoff);
        else
            {
            fips_selftest_fail = 1;
@@ -365,6 +364,16 @@ unsigned char *fips_signature_witness(void)
        return FIPS_signature;
        }
 
+unsigned long FIPS_module_version(void)
+       {
+       return FIPS_MODULE_VERSION_NUMBER;
+       }
+
+const char *FIPS_module_version_text(void)
+       {
+       return FIPS_MODULE_VERSION_TEXT;
+       }
+
 #if 0
 /* The purpose of this is to ensure the error code exists and the function
  * name is to keep the error checking script quiet