From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 10 Dec 2014 14:40:49 +0000 (+0100)
Subject: added the .check function in FIPS140-2 code
X-Git-Tag: gnutls_3_4_0~485
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=06aa6eded3702e0f7348f34362c33bb6caabd90f;p=thirdparty%2Fgnutls.git

added the .check function in FIPS140-2 code
---

diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
index 32fc141f4f..7bb5dcaca1 100644
--- a/lib/nettle/rnd-fips.c
+++ b/lib/nettle/rnd-fips.c
@@ -218,6 +218,15 @@ static void _rngfips_deinit(void *_ctx)
 	free(ctx);
 }
 
+/* This is called when gnutls_global_init() is called for second time.
+ * It must check whether any resources are still available.
+ * The particular problem it solves is to verify that the urandom fd is still
+ * open (for applications that for some reason closed all fds */
+static int _rndfips_check(void **ctx)
+{
+	return _rnd_system_entropy_check();
+}
+
 static void _rngfips_refresh(void *_ctx)
 {
 	/* this is predictable RNG. Don't refresh */
@@ -243,6 +252,7 @@ static int selftest_kat(void)
 
 gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = {
 	.init = _rngfips_init,
+	.check = _rndfips_check,
 	.deinit = _rngfips_deinit,
 	.rnd = _rngfips_rnd,
 	.rnd_refresh = _rngfips_refresh,