Commit 4ead4e52 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

FIPS mode changes to make RNG compile (this will need updating later as we 

need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE
parent 1ab2f7f1

crypto/rand/md_rand.c

+15 −16
Original line number Diff line number Diff line
@@ -109,6 +109,8 @@ 
 *

 */



#define OPENSSL_FIPSEVP



#ifdef MD_RAND_DEBUG

# ifndef NDEBUG

#   define NDEBUG
@@ -157,13 +159,14 @@ const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT; 
static void ssleay_rand_cleanup(void);

static int ssleay_rand_seed(const void *buf, int num);

static int ssleay_rand_add(const void *buf, int num, double add_entropy);

static int ssleay_rand_bytes(unsigned char *buf, int num);

static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);

static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);

static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);

static int ssleay_rand_status(void);



RAND_METHOD rand_ssleay_meth={

	ssleay_rand_seed,

	ssleay_rand_bytes,

	ssleay_rand_nopseudo_bytes,

	ssleay_rand_cleanup,

	ssleay_rand_add,

	ssleay_rand_pseudo_bytes,
@@ -340,7 +343,7 @@ static int ssleay_rand_seed(const void *buf, int num) 
	return ssleay_rand_add(buf, num, (double)num);

	}



static int ssleay_rand_bytes(unsigned char *buf, int num)

static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)

	{

	static volatile int stirred_pool = 0;

	int i,j,k,st_num,st_idx;
@@ -542,6 +545,8 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) 
	EVP_MD_CTX_cleanup(&m);

	if (ok)

		return(1);

	else if (pseudo)

		return 0;

	else 

		{

		RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
@@ -556,22 +561,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) 


	}



static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)

	{

	return ssleay_rand_bytes(buf, num, 0);

	}



/* pseudo-random bytes that are guaranteed to be unique but not

   unpredictable */

static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 

	{

	int ret;

	unsigned long err;



	ret = RAND_bytes(buf, num);

	if (ret == 0)

		{

		err = ERR_peek_error();

		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&

		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)

			ERR_clear_error();

		}

	return (ret);

	return ssleay_rand_bytes(buf, num, 1);

	}



static int ssleay_rand_status(void)

crypto/rand/rand_lib.c

+6 −0
Original line number Diff line number Diff line
@@ -60,6 +60,12 @@ 
#include <time.h>

#include "cryptlib.h"

#include <openssl/rand.h>



#ifdef OPENSSL_FIPSCANISTER

#define OPENSSL_NO_ENGINE

#include <openssl/fips.h>

#endif



#ifndef OPENSSL_NO_ENGINE

#include <openssl/engine.h>

#endif