From a3f4c7e3f8cf4bb7be0267dd96d363ff69114162 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 10 Dec 2014 15:40:49 +0100 Subject: [PATCH] added the .check function in FIPS140-2 code --- lib/nettle/rnd-fips.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c index 32fc141..7bb5dca 100644 --- a/lib/nettle/rnd-fips.c +++ b/lib/nettle/rnd-fips.c @@ -218,6 +218,15 @@ static void _rngfips_deinit(void *_ctx) free(ctx); } +/* This is called when gnutls_global_init() is called for second time. + * It must check whether any resources are still available. + * The particular problem it solves is to verify that the urandom fd is still + * open (for applications that for some reason closed all fds */ +static int _rndfips_check(void **ctx) +{ + return _rnd_system_entropy_check(); +} + static void _rngfips_refresh(void *_ctx) { /* this is predictable RNG. Don't refresh */ @@ -243,6 +252,7 @@ static int selftest_kat(void) gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = { .init = _rngfips_init, + .check = _rndfips_check, .deinit = _rngfips_deinit, .rnd = _rngfips_rnd, .rnd_refresh = _rngfips_refresh, -- 1.9.3