added the .check function in FIPS140-2 code

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Wed, 10 Dec 2014 14:40:49 +0000 (15:40 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Wed, 10 Dec 2014 14:55:15 +0000 (15:55 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 10 Dec 2014 14:40:49 +0000 (15:40 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Wed, 10 Dec 2014 14:55:15 +0000 (15:55 +0100)
diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c

index 32fc141f4fe7994ff0d6ae6d1a71da63463e82a2..7bb5dcaca1001bd8332c9786fa043fde4b6e26f2 100644 (file)
--- a/lib/nettle/rnd-fips.c
+++ b/lib/nettle/rnd-fips.c
@@ -218,6 +218,15 @@ static void _rngfips_deinit(void *_ctx)
         free(ctx);
  }
  
+/* This is called when gnutls_global_init() is called for second time.
+ * It must check whether any resources are still available.
+ * The particular problem it solves is to verify that the urandom fd is still
+ * open (for applications that for some reason closed all fds */
+static int _rndfips_check(void **ctx)
+{
+       return _rnd_system_entropy_check();
+}
+
  static void _rngfips_refresh(void *_ctx)
  {
         /* this is predictable RNG. Don't refresh */
@@ -243,6 +252,7 @@ static int selftest_kat(void)
  
  gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = {
         .init = _rngfips_init,
+       .check = _rndfips_check,
         .deinit = _rngfips_deinit,
         .rnd = _rngfips_rnd,
         .rnd_refresh = _rngfips_refresh,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Wed, 10 Dec 2014 14:40:49 +0000 (15:40 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Wed, 10 Dec 2014 14:55:15 +0000 (15:55 +0100)