rev148: Rework FIPS_COMPLIANT

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
2026-01-20 03:12:40 +00:00 · 2018-07-11 12:45:11 -04:00 · 2018-07-11 12:45:11 -04:00 · ec5440b03c
commit ec5440b03c
parent e41d4d453a
4 changed files with 10 additions and 8 deletions
--- a/src/tpm2/PropertyCap.c
+++ b/src/tpm2/PropertyCap.c
@ -1,9 +1,9 @@
 /********************************************************************************/
 /*										*/
-/*			     				*/
+/*		For accessing the TPM_CAP_TPM_PROPERTY values	  		*/
 /*			     Written by Ken Goldman				*/
 /*		       IBM Thomas J. Watson Research Center			*/
-/*            $Id: PropertyCap.c 1047 2017-07-20 18:27:34Z kgoldman $		*/
+/*            $Id: PropertyCap.c 1259 2018-07-10 19:11:09Z kgoldman $		*/
 /*										*/
 /*  Licenses and Notices							*/
 /*										*/
@ -55,7 +55,7 @@
 /*    arising in any way out of use or reliance upon this specification or any 	*/
 /*    information herein.							*/
 /*										*/
-/*  (c) Copyright IBM Corp. and others, 2016, 2017				*/
+/*  (c) Copyright IBM Corp. and others, 2016 - 2018				*/
 /*										*/
 /********************************************************************************/

@ -383,7 +383,7 @@ TPMPropertyIsDefined(
 	    *value = MAX_NV_BUFFER_SIZE;
 	    break;
 	  case TPM_PT_MODES:
-#ifdef FIPS_COMPLIANT
+#if FIPS_COMPLIANT
 	    *value = 1;
 #else
 	    *value = 0;
--- a/src/tpm2/TpmBuildSwitches.h
+++ b/src/tpm2/TpmBuildSwitches.h
@ -83,9 +83,11 @@
 #if !defined LIBRARY_COMPATIBILITY_CHECK && defined SIMULATION
 #   define LIBRARY_COMPATABILITY_CHECK
 #endif
-#ifndef FIPS_COMPLIANT
-//#  define FIPS_COMPLIANT
+#if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES))
+#   undef   FIPS_COMPLIANT
+#   define  FIPS_COMPLIANT      NO     // Default: Either YES or NO
 #endif
+
 // Definition to allow alternate behavior for non-orderly startup. If there is a chance that the TPM
 // could not update failedTries
 #if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES))
--- a/src/tpm2/crypto/openssl/CryptEccMain.c
+++ b/src/tpm2/crypto/openssl/CryptEccMain.c
@ -737,7 +737,7 @@ CryptEccGenerateKey(
 	    BnPointTo2B(&publicArea->unique.ecc, ecQ, E);
 	    BnTo2B(bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size);
 	}
-#if defined FIPS_COMPLIANT || 1
+#if FIPS_COMPLIANT
    // See if PWCT is required
    if(OK && (IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)))	// kgold
 		// if(OK && publicArea->objectAttributes.sign)
--- a/src/tpm2/crypto/openssl/CryptRand.c
+++ b/src/tpm2/crypto/openssl/CryptRand.c
@ -284,7 +284,7 @@ EncryptDRBG(
 	    UINT32              *lastValue      // Points to the last output value
 	    )
 {
-#ifdef FIPS_COMPLIANT
+#if FIPS_COMPLIANT
    // For FIPS compliance, the DRBG has to do a continuous self-test to make sure that
    // no two consecutive values are the same. This overhead is not incurred if the TPM
    // is not required to be FIPS compliant