Extensive reorganisation of PRNG handling in FIPS module: all calls

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies

     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also

     performs algorithm blocking for unapproved PRNG types. Also do not

     set PRNG type in FIPS_mode_set(): leave this to the application.

     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with

     the standard OpenSSL PRNG.

     [Steve Henson]

  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.

  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.

     This shouldn't present any incompatibility problems because applications

     This shouldn't present any incompatibility problems because applications

     shouldn't be using these directly and any that are will need to rethink

     shouldn't be using these directly and any that are will need to rethink

 * [including the GNU Public Licence.]

 * [including the GNU Public Licence.]

 */

 */

#define OPENSSL_FIPSAPI

#include <stdio.h>

#include <stdio.h>

#include "cryptlib.h"

#include "cryptlib.h"

#ifndef OPENSSL_NO_DES

#ifndef OPENSSL_NO_DES

{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),	"FIPS_DSA_CHECK"},

{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),	"FIPS_DSA_CHECK"},

{ERR_FUNC(FIPS_F_FIPS_MODE_SET),	"FIPS_mode_set"},

{ERR_FUNC(FIPS_F_FIPS_MODE_SET),	"FIPS_mode_set"},

{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),	"fips_pkey_signature_test"},

{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),	"fips_pkey_signature_test"},

{ERR_FUNC(FIPS_F_FIPS_RAND_ADD),	"FIPS_rand_add"},

{ERR_FUNC(FIPS_F_FIPS_RAND_BYTES),	"FIPS_rand_bytes"},

{ERR_FUNC(FIPS_F_FIPS_RAND_PSEUDO_BYTES),	"FIPS_rand_pseudo_bytes"},

{ERR_FUNC(FIPS_F_FIPS_RAND_SEED),	"FIPS_rand_seed"},

{ERR_FUNC(FIPS_F_FIPS_RAND_SET_METHOD),	"FIPS_rand_set_method"},

{ERR_FUNC(FIPS_F_FIPS_RAND_STATUS),	"FIPS_rand_status"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),	"FIPS_selftest_aes"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),	"FIPS_selftest_aes"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM),	"FIPS_selftest_aes_gcm"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM),	"FIPS_selftest_aes_gcm"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC),	"FIPS_selftest_cmac"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC),	"FIPS_selftest_cmac"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),	"FIPS_selftest_hmac"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC),	"FIPS_selftest_hmac"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG),	"FIPS_selftest_rng"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),	"FIPS_selftest_sha1"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1),	"FIPS_selftest_sha1"},

{ERR_FUNC(FIPS_F_FIPS_SELFTEST_X931),	"FIPS_selftest_x931"},

{ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},

{ERR_FUNC(FIPS_F_HASH_FINAL),	"HASH_FINAL"},

{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},

{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},

{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},

{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},

#include <openssl/err.h>

#include <openssl/err.h>

#ifdef OPENSSL_FIPS

#ifdef OPENSSL_FIPS

#include <openssl/fips.h>

#include <openssl/fips.h>

#include <openssl/rand.h>

#endif

#endif

#if defined(__GNUC__) && __GNUC__>=2

#if defined(__GNUC__) && __GNUC__>=2

	FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);

	FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);

	FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);

	FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);

	FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);

	FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);

	RAND_init_fips();

#endif

#endif

#if 0

#if 0

	fprintf(stderr, "Called OPENSSL_init\n");

	fprintf(stderr, "Called OPENSSL_init\n");

int RAND_set_rand_method(const RAND_METHOD *meth);

int RAND_set_rand_method(const RAND_METHOD *meth);

const RAND_METHOD *RAND_get_rand_method(void);

const RAND_METHOD *RAND_get_rand_method(void);

#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_FIPS)

#ifndef OPENSSL_NO_ENGINE

int RAND_set_rand_engine(ENGINE *engine);

int RAND_set_rand_engine(ENGINE *engine);

#endif

#endif

RAND_METHOD *RAND_SSLeay(void);

RAND_METHOD *RAND_SSLeay(void);

#endif

#endif

#ifdef OPENSSL_FIPS

int RAND_init_fips(void);

#endif

/* BEGIN ERROR CODES */

/* BEGIN ERROR CODES */

/* The following lines are auto generated by the script mkerr.pl. Any changes

/* The following lines are auto generated by the script mkerr.pl. Any changes

 * made after this point may be overwritten when the script is next run.

 * made after this point may be overwritten when the script is next run.

#define RAND_F_FIPS_RAND_SET_DT				 103

#define RAND_F_FIPS_RAND_SET_DT				 103

#define RAND_F_FIPS_SET_PRNG_SEED			 104

#define RAND_F_FIPS_SET_PRNG_SEED			 104

#define RAND_F_FIPS_SET_TEST_MODE			 105

#define RAND_F_FIPS_SET_TEST_MODE			 105

#define RAND_F_FIPS_X931_SET_DT				 106

#define RAND_F_RAND_GET_RAND_METHOD			 101

#define RAND_F_RAND_GET_RAND_METHOD			 101

#define RAND_F_SSLEAY_RAND_BYTES			 100

#define RAND_F_SSLEAY_RAND_BYTES			 100