static void fips_set_mode(int onoff)
	{
	int owning_thread = fips_is_owning_thread();

	if (fips_started)
		{
		if (!owning_thread) fips_w_lock();
		fips_mode = onoff;
		if (!owning_thread) fips_w_unlock();
		}
	}
int FIPS_module_mode_set(int onoff, const char *auth)
    {
    int ret = 0;

    fips_w_lock();
    fips_started = 1;
    fips_set_owning_thread();

    if(onoff)
	{

	fips_selftest_fail = 0;
    	if (!fips_check_auth(auth))
	    {
	    fips_auth_fail = 1;
	    fips_selftest_fail = 1;
	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_AUTHENTICATION_FAILURE);
	    return 0;
	    }

	/* Don't go into FIPS mode twice, just so we can do automagic
	   seeding */
	if(FIPS_module_mode())
	    {
	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
	    fips_selftest_fail = 1;
	    ret = 0;
	    goto end;
	    }

#ifdef OPENSSL_IA32_SSE2
	{
	extern unsigned int OPENSSL_ia32cap_P[2];
	if ((OPENSSL_ia32cap_P[0] & (1<<25|1<<26)) != (1<<25|1<<26))
	    {
	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
	    fips_selftest_fail = 1;
	    ret = 0;
	    goto end;
	    }
	OPENSSL_ia32cap_P[0] |= (1<<28);	/* set "shared cache"	*/
	OPENSSL_ia32cap_P[1] &= ~(1<<(60-32));	/* clear AVX		*/
	}
#endif

	if(fips_signature_witness() != FIPS_signature)
	    {
	    FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
	    fips_selftest_fail = 1;
	    ret = 0;
	    goto end;
	    }

	if(FIPS_selftest())
	    fips_set_mode(onoff);
	else
	    {
	    fips_selftest_fail = 1;
	    ret = 0;
	    goto end;
	    }
	ret = 1;
	goto end;
	}
    fips_set_mode(0);
    fips_selftest_fail = 0;
    ret = 1;
end:
    fips_clear_owning_thread();
    fips_w_unlock();
    return ret;
    }
Exemple #3
0
int FIPS_module_mode_set(int onoff, const char *auth)
{
    int ret = 0;

    fips_w_lock();
    fips_started = 1;
    fips_set_owning_thread();

    if (onoff) {

        fips_selftest_fail = 0;

        /* Don't go into FIPS mode twice, just so we can do automagic
           seeding */
        if (FIPS_module_mode()) {
            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
                    FIPS_R_FIPS_MODE_ALREADY_SET);
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
        }
# ifdef OPENSSL_IA32_SSE2
        {
            extern unsigned int OPENSSL_ia32cap_P[2];
            if ((OPENSSL_ia32cap_P[0] & (1 << 25 | 1 << 26)) !=
                    (1 << 25 | 1 << 26)) {
                FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
                        FIPS_R_UNSUPPORTED_PLATFORM);
                fips_selftest_fail = 1;
                ret = 0;
                goto end;
            }
        }
# endif

        if (!FIPS_selftest()) {
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
        }

        if (!verify_checksums()) {
            FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET,
                    FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
            fips_selftest_fail = 1;
            ret = 0;
            goto end;
        }

        fips_set_mode(onoff);
        ret = 1;
        goto end;
    }
    fips_set_mode(0);
    fips_selftest_fail = 0;
    ret = 1;
end:
    fips_clear_owning_thread();
    fips_w_unlock();
    return ret;
}