int CryptoService::initialize() {
- int mode = 0;
- int rc = 0;
- int hw_rand_ret = 0, u_rand_ret = 0;
+ int hw_rand_ret = 0;
+ int u_rand_ret = 0;
// try to initialize using ERR_load_crypto_strings and OpenSSL_add_all_algorithms
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
- // turn on FIPS_mode
- mode = FIPS_mode();
-
- if(mode == 0) {
- rc = FIPS_mode_set(1);
-
- if(rc == 0) {
- LogError("Error in FIPS_mode_set function");
- }
- }
-
// initialize entropy
std::ifstream ifile(DEV_HW_RANDOM_FILE);
if(ifile.is_open()) {
RawBuffer CKMLogic::setCCModeStatus(CCModeState mode_status) {
int retCode = CKM_API_SUCCESS;
+ int fipsModeStatus = 0;
+ int rc = 0;
if((mode_status != CCModeState:: CC_MODE_OFF) && (mode_status != CCModeState:: CC_MODE_ON)) {
retCode = CKM_API_ERROR_INPUT_PARAM;
}
cc_mode_status = mode_status;
+ fipsModeStatus = FIPS_mode();
+
+ if(cc_mode_status == CCModeState:: CC_MODE_ON) {
+ if(fipsModeStatus == 0) { // If FIPS mode off
+ rc = FIPS_mode_set(1); // Change FIPS_mode from off to on
+ if(rc == 0) {
+ LogError("Error in FIPS_mode_set function");
+ }
+ }
+ } else {
+ if(fipsModeStatus == 1) { // If FIPS mode on
+ rc = FIPS_mode_set(0); // Change FIPS_mode from on to off
+ if(rc == 0) {
+ LogError("Error in FIPS_mode_set function");
+ }
+ }
+ }
MessageBuffer response;
Serialization::Serialize(response, retCode);