3 files changed, 14 insertions, 4 deletions

diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c
index 2ea98187c4..5fd1327aee 100644
--- a/board/cr50/dcrypto/fips.c
+++ b/board/cr50/dcrypto/fips.c
@@ -185,7 +185,7 @@ static bool fips_hmac_sha256_kat(void)
 
 	HMAC_SHA256_hw_init(&ctx, k, sizeof(k));
 	memcpy(in_mem, in, sizeof(in));
-	if (fips_break_cmd == FIPS_BREAK_SHA256)
+	if (fips_break_cmd == FIPS_BREAK_HMAC_SHA256)
 		in_mem[0] ^= 1;
 	HMAC_SHA256_update(&ctx, in_mem, sizeof(in_mem));
 	return DCRYPTO_equals(HMAC_SHA256_hw_final(&ctx), ans,
diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c
index 1b2fc4f17c..f8d4eb997f 100644
--- a/board/cr50/dcrypto/u2f.c
+++ b/board/cr50/dcrypto/u2f.c
@@ -212,7 +212,7 @@ static enum ec_error_list u2f_origin_user_key_pair(
 		 */
 		hmac_drbg_init(&drbg, state->drbg_entropy,
 			       state->drbg_entropy_size, dev_salt, P256_NBYTES,
-			       NULL, 0, HMAC_DRBG_DO_NOT_AUTO_RESEED);
+			       NULL, 0, 16);
 		result = hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed),
 					    key_handle, key_handle_size);
 	} else {
@@ -228,7 +228,7 @@ static enum ec_error_list u2f_origin_user_key_pair(
 		hmac_drbg_init(&drbg, state->drbg_entropy,
 			       state->drbg_entropy_size, key_handle,
 			       key_handle_size, NULL, 0,
-			       HMAC_DRBG_DO_NOT_AUTO_RESEED);
+			       16);
 
 		/**
 		 * Additional data = Device_ID (constant coming from HW).
@@ -563,7 +563,7 @@ static bool g2f_individual_key_pair(const struct u2f_state *state, p256_int *d,
 		hmac_drbg_init(&drbg, state->drbg_entropy,
 			       state->drbg_entropy_size, state->salt,
 			       sizeof(state->salt), NULL, 0,
-			       HMAC_DRBG_DO_NOT_AUTO_RESEED);
+			       16);
 
 		do {
 			/**
diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c
index 5dbe19a291..816e5280d6 100644
--- a/board/cr50/fips_cmd.c
+++ b/board/cr50/fips_cmd.c
@@ -146,6 +146,16 @@ static int cmd_fips_status(int argc, char **argv)
 			fips_break_cmd = FIPS_BREAK_TRNG;
 		else if (!strncmp(argv[1], "sha", 3))
 			fips_break_cmd = FIPS_BREAK_SHA256;
+		else if (!strncmp(argv[1], "hmac", 4))
+			fips_break_cmd = FIPS_BREAK_HMAC_SHA256;
+		else if (!strncmp(argv[1], "drbg", 4))
+			fips_break_cmd = FIPS_BREAK_HMAC_DRBG;
+		else if (!strncmp(argv[1], "ecdsa", 5))
+			fips_break_cmd = FIPS_BREAK_ECDSA;
+		else if (!strncmp(argv[1], "pwct", 4))
+			fips_break_cmd = FIPS_BREAK_ECDSA_PWCT;
+		else if (!strncmp(argv[1], "none", 4))
+			fips_break_cmd = FIPS_NO_BREAK;
 #endif
 	}
 	return 0;