diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-12-10 15:40:49 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-12-10 15:42:35 +0100 |
| commit | 8f1df386be18def58f59021ea0ba5ef3b58fc136 (patch) | |
| tree | 370347facd1185831e9f4457338c07c6c3c68501 | |
| parent | 37bad9875c8e44f63e7f0749353a90a9c84d167c (diff) | |
| download | gnutls-8f1df386be18def58f59021ea0ba5ef3b58fc136.tar.gz | |
added the .check function in FIPS140-2 code
| -rw-r--r-- | lib/nettle/rnd-fips.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c index 4f67eafa52..254cb3b83d 100644 --- a/lib/nettle/rnd-fips.c +++ b/lib/nettle/rnd-fips.c @@ -227,6 +227,15 @@ static void _rngfips_deinit(void *_ctx) free(ctx); } +/* This is called when gnutls_global_init() is called for second time. + * It must check whether any resources are still available. + * The particular problem it solves is to verify that the urandom fd is still + * open (for applications that for some reason closed all fds */ +static int _rndfips_check(void **ctx) +{ + return _rnd_system_entropy_check(); +} + static void _rngfips_refresh(void *_ctx) { /* this is predictable RNG. Don't refresh */ @@ -252,6 +261,7 @@ static int selftest_kat(void) gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = { .init = _rngfips_init, + .check = _rndfips_check, .deinit = _rngfips_deinit, .rnd = _rngfips_rnd, .rnd_refresh = _rngfips_refresh, |