Loading crypto/rand/rand.h +4 −0 Original line number Diff line number Diff line Loading @@ -120,6 +120,7 @@ int RAND_event(UINT, WPARAM, LPARAM); #endif #ifdef OPENSSL_FIPS void RAND_set_fips_drbg_type(int type, int flags); int RAND_init_fips(void); #endif Loading @@ -133,9 +134,12 @@ void ERR_load_RAND_strings(void); /* Function codes. */ #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_RAND_INIT_FIPS 102 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ #define RAND_R_ERROR_INITIALISING_DRBG 102 #define RAND_R_ERROR_INSTANTIATING_DRBG 103 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 #define RAND_R_PRNG_NOT_SEEDED 100 Loading crypto/rand/rand_err.c +3 −0 Original line number Diff line number Diff line Loading @@ -71,12 +71,15 @@ static ERR_STRING_DATA RAND_str_functs[]= { {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} }; static ERR_STRING_DATA RAND_str_reasons[]= { {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {0,NULL} Loading crypto/rand/rand_lib.c +27 −2 Original line number Diff line number Diff line Loading @@ -245,13 +245,34 @@ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) return 1; } #ifndef OPENSSL_DRBG_DEFAULT_TYPE #define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr #endif #ifndef OPENSSL_DRBG_DEFAULT_FLAGS #define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF #endif static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; void RAND_set_fips_drbg_type(int type, int flags) { fips_drbg_type = type; fips_drbg_flags = flags; } int RAND_init_fips(void) { DRBG_CTX *dctx; size_t plen; unsigned char pers[32], *p; dctx = FIPS_get_default_drbg(); FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); return 0; } FIPS_drbg_set_callbacks(dctx, drbg_get_entropy, drbg_free_entropy, 20, drbg_get_entropy, drbg_free_entropy); Loading @@ -262,7 +283,11 @@ int RAND_init_fips(void) plen = drbg_get_adin(dctx, &p); memcpy(pers + 16, p, plen); FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); return 0; } FIPS_rand_set_method(FIPS_drbg_method()); return 1; } Loading Loading
crypto/rand/rand.h +4 −0 Original line number Diff line number Diff line Loading @@ -120,6 +120,7 @@ int RAND_event(UINT, WPARAM, LPARAM); #endif #ifdef OPENSSL_FIPS void RAND_set_fips_drbg_type(int type, int flags); int RAND_init_fips(void); #endif Loading @@ -133,9 +134,12 @@ void ERR_load_RAND_strings(void); /* Function codes. */ #define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_RAND_INIT_FIPS 102 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ #define RAND_R_ERROR_INITIALISING_DRBG 102 #define RAND_R_ERROR_INSTANTIATING_DRBG 103 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 #define RAND_R_PRNG_NOT_SEEDED 100 Loading
crypto/rand/rand_err.c +3 −0 Original line number Diff line number Diff line Loading @@ -71,12 +71,15 @@ static ERR_STRING_DATA RAND_str_functs[]= { {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {0,NULL} }; static ERR_STRING_DATA RAND_str_reasons[]= { {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"}, {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"}, {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {0,NULL} Loading
crypto/rand/rand_lib.c +27 −2 Original line number Diff line number Diff line Loading @@ -245,13 +245,34 @@ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) return 1; } #ifndef OPENSSL_DRBG_DEFAULT_TYPE #define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr #endif #ifndef OPENSSL_DRBG_DEFAULT_FLAGS #define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF #endif static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; void RAND_set_fips_drbg_type(int type, int flags) { fips_drbg_type = type; fips_drbg_flags = flags; } int RAND_init_fips(void) { DRBG_CTX *dctx; size_t plen; unsigned char pers[32], *p; dctx = FIPS_get_default_drbg(); FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); return 0; } FIPS_drbg_set_callbacks(dctx, drbg_get_entropy, drbg_free_entropy, 20, drbg_get_entropy, drbg_free_entropy); Loading @@ -262,7 +283,11 @@ int RAND_init_fips(void) plen = drbg_get_adin(dctx, &p); memcpy(pers + 16, p, plen); FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); return 0; } FIPS_rand_set_method(FIPS_drbg_method()); return 1; } Loading