From 49663961687dbf3beda19d875f91730b719e9f6f Mon Sep 17 00:00:00 2001 From: Doug Hogan Date: Thu, 20 Dec 2018 02:14:19 -0800 Subject: Move most FIPS functionality to a new file --- lib/crypto/c_src/Makefile.in | 1 + lib/crypto/c_src/crypto.c | 34 +--------------------------------- lib/crypto/c_src/fips.c | 32 ++++++++++++++++++++++++++++++++ lib/crypto/c_src/fips.h | 9 +++++++++ 4 files changed, 43 insertions(+), 33 deletions(-) create mode 100644 lib/crypto/c_src/fips.c create mode 100644 lib/crypto/c_src/fips.h (limited to 'lib/crypto') diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in index 4d2f490f37..8a2d0ed471 100644 --- a/lib/crypto/c_src/Makefile.in +++ b/lib/crypto/c_src/Makefile.in @@ -88,6 +88,7 @@ CRYPTO_OBJS = $(OBJDIR)/crypto$(TYPEMARKER).o \ $(OBJDIR)/eddsa$(TYPEMARKER).o \ $(OBJDIR)/engine$(TYPEMARKER).o \ $(OBJDIR)/evp$(TYPEMARKER).o \ + $(OBJDIR)/fips$(TYPEMARKER).o \ $(OBJDIR)/hash$(TYPEMARKER).o \ $(OBJDIR)/hmac$(TYPEMARKER).o \ $(OBJDIR)/info$(TYPEMARKER).o \ diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index b8525ee617..25dbb74e60 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -40,6 +40,7 @@ #include "eddsa.h" #include "engine.h" #include "evp.h" +#include "fips.h" #include "hash.h" #include "hmac.h" #include "info.h" @@ -57,8 +58,6 @@ static int upgrade(ErlNifEnv* env, void** priv_data, void** old_priv_data, ERL_N static void unload(ErlNifEnv* env, void* priv_data); /* The NIFs: */ -static ERL_NIF_TERM info_fips(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); -static ERL_NIF_TERM enable_fips_mode(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); /* helpers */ @@ -623,34 +622,3 @@ static ERL_NIF_TERM algorithms(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv enif_make_list_from_array(env, algo_rsa_opts, rsa_opts_cnt) ); } - -static ERL_NIF_TERM info_fips(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) -{ -#ifdef FIPS_SUPPORT - return FIPS_mode() ? atom_enabled : atom_not_enabled; -#else - return atom_not_supported; -#endif -} - -static ERL_NIF_TERM enable_fips_mode(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) -{/* (Boolean) */ - if (argv[0] == atom_true) { -#ifdef FIPS_SUPPORT - if (FIPS_mode_set(1)) { - return atom_true; - } -#endif - PRINTF_ERR0("CRYPTO: Could not setup FIPS mode"); - return atom_false; - } else if (argv[0] == atom_false) { -#ifdef FIPS_SUPPORT - if (!FIPS_mode_set(0)) { - return atom_false; - } -#endif - return atom_true; - } else { - return enif_make_badarg(env); - } -} diff --git a/lib/crypto/c_src/fips.c b/lib/crypto/c_src/fips.c new file mode 100644 index 0000000000..5d6adb730c --- /dev/null +++ b/lib/crypto/c_src/fips.c @@ -0,0 +1,32 @@ +#include "fips.h" + +ERL_NIF_TERM info_fips(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +{ +#ifdef FIPS_SUPPORT + return FIPS_mode() ? atom_enabled : atom_not_enabled; +#else + return atom_not_supported; +#endif +} + +ERL_NIF_TERM enable_fips_mode(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +{/* (Boolean) */ + if (argv[0] == atom_true) { +#ifdef FIPS_SUPPORT + if (FIPS_mode_set(1)) { + return atom_true; + } +#endif + PRINTF_ERR0("CRYPTO: Could not setup FIPS mode"); + return atom_false; + } else if (argv[0] == atom_false) { +#ifdef FIPS_SUPPORT + if (!FIPS_mode_set(0)) { + return atom_false; + } +#endif + return atom_true; + } else { + return enif_make_badarg(env); + } +} diff --git a/lib/crypto/c_src/fips.h b/lib/crypto/c_src/fips.h new file mode 100644 index 0000000000..60ffe396c4 --- /dev/null +++ b/lib/crypto/c_src/fips.h @@ -0,0 +1,9 @@ +#ifndef E_FIPS_H__ +#define E_FIPS_H__ 1 + +#include "common.h" + +ERL_NIF_TERM info_fips(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); +ERL_NIF_TERM enable_fips_mode(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); + +#endif /* E_FIPS_H__ */ -- cgit v1.2.3