swtpm: Rename disable_fips_mode() and move into tpmlib_start()

Rename disable_fips_mode() to fips_mode_disable() amd move into
tpmlib_start() after TPMLIB_MainInit(). Clean up the duplicate
prototype.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

diff --git a/src/swtpm/cuse_tpm.c b/src/swtpm/cuse_tpm.c
index e69500b2691783a6f015c674c646f7d08bb2fddf..e73b413cca8016cef5e70e2ec28701efcfa32059 100644 (file)
--- a/src/swtpm/cuse_tpm.c
+++ b/src/swtpm/cuse_tpm.c
@@ -1722,11 +1722,6 @@ int swtpm_cuse_main(int argc, char **argv, const char *prgname, const char *ifac
         goto exit;
     }
 
-    if (disable_fips_mode() < 0) {
-        ret = -1;
-        goto exit;
-    }
-
     if (tpmlib_register_callbacks(&cbs) != TPM_SUCCESS) {
         ret = -1;
         goto exit;

diff --git a/src/swtpm/fips.c b/src/swtpm/fips.c
index eeb2a0ca41875b85721d0d238a8b8bcefc5c2399..0ae2845fd6069b6a574d656cccbe41db8201f5bd 100644 (file)
--- a/src/swtpm/fips.c
+++ b/src/swtpm/fips.c
@@ -63,7 +63,7 @@ extern int FIPS_mode_set(int);
  * Returns < 0 on error, 0 otherwise.
  */
 #if defined(HAVE_OPENSSL_FIPS_H) || defined(HAVE_OPENSSL_FIPS_MODE_SET_API)
-int disable_fips_mode(void)
+int fips_mode_disable(void)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
     int mode = EVP_default_properties_is_fips_enabled(NULL);
@@ -93,7 +93,7 @@ int disable_fips_mode(void)
 }
 #else
 /* OpenBSD & DragonFlyBSD case */
-int disable_fips_mode(void)
+int fips_mode_disable(void)
 {
     return 0;
 }

diff --git a/src/swtpm/fips.h b/src/swtpm/fips.h
index 14d4e9fe926d3028be5cab0b0e86b2028bd32c26..40cda4db57909f5cd724e9de0f367fa7c335c353 100644 (file)
--- a/src/swtpm/fips.h
+++ b/src/swtpm/fips.h
@@ -35,9 +35,9 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef _SWTPM_UTILS_H_
-#define _SWTPM_UTILS_H_
+#ifndef _SWTPM_FIPS_H_
+#define _SWTPM_FIPS_H_
 
-int disable_fips_mode(void);
+int fips_mode_disable(void);
 
-#endif /* _SWTPM_UTILS_H_ */
+#endif /* _SWTPM_FIPS_H_ */

diff --git a/src/swtpm/swtpm.c b/src/swtpm/swtpm.c
index 0714d9de9907e355dc94f2662309329fd8fa89a3..b8bf8d97bb2d4c0daff65ea9b25731ffd05c66db 100644 (file)
--- a/src/swtpm/swtpm.c
+++ b/src/swtpm/swtpm.c
@@ -520,9 +520,6 @@ int swtpm_main(int argc, char **argv, const char *prgname, const char *iface)
         daemonize_finish();
     }
 
-    if (disable_fips_mode() < 0)
-        goto error_seccomp_profile;
-
     rc = mainLoop(&mlp, notify_fd[0]);
 
 error_seccomp_profile:

diff --git a/src/swtpm/swtpm_chardev.c b/src/swtpm/swtpm_chardev.c
index be92e7cab0f847a287e65a4f1cd2d6c53c9e49ab..6c9ef13d797597cd95a926f5b088e17ca9b32eea 100644 (file)
--- a/src/swtpm/swtpm_chardev.c
+++ b/src/swtpm/swtpm_chardev.c
@@ -572,9 +572,6 @@ int swtpm_chardev_main(int argc, char **argv, const char *prgname, const char *i
         daemonize_finish();
     }
 
-    if (disable_fips_mode() < 0)
-        goto error_seccomp_profile;
-
     rc = mainLoop(&mlp, notify_fd[0]);
 
 error_seccomp_profile:

diff --git a/src/swtpm/tpmlib.c b/src/swtpm/tpmlib.c
index 569b968eda9a8f933a130544a75260ab4d7d68f2..fa1a3f6cceea83498106fbeeb8fd63782d4aca97 100644 (file)
--- a/src/swtpm/tpmlib.c
+++ b/src/swtpm/tpmlib.c
@@ -59,6 +59,7 @@
 #include "utils.h"
 #include "compiler_dependencies.h"
 #include "swtpm_utils.h"
+#include "fips.h"
 
 /*
  * convert the blobtype integer into a string that libtpms
@@ -130,6 +131,10 @@ TPM_RESULT tpmlib_start(uint32_t flags, TPMLIB_TPMVersion tpmversion)
             goto error_terminate;
         }
     }
+
+    if (fips_mode_disable() < 0)
+        goto error_terminate;
+
     return TPM_SUCCESS;
 
 error_terminate:

diff --git a/src/swtpm/utils.h b/src/swtpm/utils.h
index b8acd895a2ac84f51b0ef9ece8a0318a3cf1cc82..75024425d4b07e9dcebe677ef4ee25c96eccf0fc 100644 (file)
--- a/src/swtpm/utils.h
+++ b/src/swtpm/utils.h
@@ -71,6 +71,4 @@ ssize_t writev_full(int fd, const struct iovec *iov, int iovcnt);
 
 ssize_t read_eintr(int fd, void *buffer, size_t buflen);
 
-int disable_fips_mode(void);
-
 #endif /* _SWTPM_UTILS_H_ */