|
 |
873a72 |
From a3f4c7e3f8cf4bb7be0267dd96d363ff69114162 Mon Sep 17 00:00:00 2001
|
|
|
873a72 |
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
873a72 |
Date: Wed, 10 Dec 2014 15:40:49 +0100
|
|
|
873a72 |
Subject: [PATCH] added the .check function in FIPS140-2 code
|
|
|
873a72 |
|
|
|
873a72 |
---
|
|
|
873a72 |
lib/nettle/rnd-fips.c | 10 ++++++++++
|
|
|
873a72 |
1 file changed, 10 insertions(+)
|
|
|
873a72 |
|
|
|
873a72 |
diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
|
|
|
873a72 |
index 32fc141..7bb5dca 100644
|
|
|
873a72 |
--- a/lib/nettle/rnd-fips.c
|
|
|
873a72 |
+++ b/lib/nettle/rnd-fips.c
|
|
|
873a72 |
@@ -218,6 +218,15 @@ static void _rngfips_deinit(void *_ctx)
|
|
|
873a72 |
free(ctx);
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
+/* This is called when gnutls_global_init() is called for second time.
|
|
|
873a72 |
+ * It must check whether any resources are still available.
|
|
|
873a72 |
+ * The particular problem it solves is to verify that the urandom fd is still
|
|
|
873a72 |
+ * open (for applications that for some reason closed all fds */
|
|
|
873a72 |
+static int _rndfips_check(void **ctx)
|
|
|
873a72 |
+{
|
|
|
873a72 |
+ return _rnd_system_entropy_check();
|
|
|
873a72 |
+}
|
|
|
873a72 |
+
|
|
|
873a72 |
static void _rngfips_refresh(void *_ctx)
|
|
|
873a72 |
{
|
|
|
873a72 |
/* this is predictable RNG. Don't refresh */
|
|
|
873a72 |
@@ -243,6 +252,7 @@ static int selftest_kat(void)
|
|
|
873a72 |
|
|
|
873a72 |
gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = {
|
|
|
873a72 |
.init = _rngfips_init,
|
|
|
873a72 |
+ .check = _rndfips_check,
|
|
|
873a72 |
.deinit = _rngfips_deinit,
|
|
|
873a72 |
.rnd = _rngfips_rnd,
|
|
|
873a72 |
.rnd_refresh = _rngfips_refresh,
|
|
|
873a72 |
--
|
|
|
873a72 |
1.9.3
|
|
|
873a72 |
|