doc: explicitly state that rng self_test mustn't require rng initialization

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Mon, 24 Oct 2016 06:30:06 +0000 (08:30 +0200)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 4 Nov 2016 01:56:25 +0000 (02:56 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 24 Oct 2016 06:30:06 +0000 (08:30 +0200)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 4 Nov 2016 01:56:25 +0000 (02:56 +0100)
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h

index 6f4b743b881334a6bb9b2b22801a68636febadbc..1619bf0fa5c3f14cf8f1f4770e0178cb589bb400 100644 (file)
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -77,7 +77,7 @@ typedef struct gnutls_crypto_rnd {
         int (*rnd) (void *ctx, int level, void *data, size_t datasize);
         void (*rnd_refresh) (void *ctx);
         void (*deinit) (void *ctx);
-       int (*self_test) (void);
+       int (*self_test) (void); /* this should not require rng initialization */
  } gnutls_crypto_rnd_st;
  
  typedef void *bigint_t;
diff --git a/lib/fips.c b/lib/fips.c

index 8a0ada34bcbe971036b1d18ed86d9e23a1536af8..677c047b7b54b33152ab554ce274c337327073f4 100644 (file)
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -350,7 +350,8 @@ int _gnutls_fips_perform_self_checks2(void)
                 gnutls_assert();
                 goto error;
         }
-       
+
+       /* this does not require rng initialization */
         ret = _gnutls_rnd_ops.self_test();
         if (ret < 0) {
                 gnutls_assert();
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Mon, 24 Oct 2016 06:30:06 +0000 (08:30 +0200)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 4 Nov 2016 01:56:25 +0000 (02:56 +0100)
lib/crypto-backend.h		patch \| blob \| blame \| history
lib/fips.c		patch \| blob \| blame \| history