diff options
| author | Matt Caswell <matt@openssl.org> | 2019-07-04 15:41:17 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-07-15 11:03:44 +0100 |
| commit | 2934be91349b365f1350fe9c30e4263be653c0f6 (patch) | |
| tree | 926db8537c403e61baf0c228800fb88bcec37005 /crypto/bn/bn_rand.c | |
| parent | 753149d97f8474ff8745a66175b8e4a19fe50743 (diff) | |
Make sure all BIGNUM operations work within the FIPS provider
The FIPS provider does not have a default OPENSSL_CTX so, where
necessary, we need to ensure we can always access an explicit
OPENSSL_CTX. We remove functions from the FIPS provider that use
the default OPENSSL_CTX, and fixup some places which were using
those removed functions.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9310)
Diffstat (limited to 'crypto/bn/bn_rand.c')
| -rw-r--r-- | crypto/bn/bn_rand.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index a71e7d49d1..d1743ddf7a 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -103,6 +103,7 @@ int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) { return bnrand(NORMAL, rnd, bits, top, bottom, ctx); } +#ifndef FIPS_MODE int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(NORMAL, rnd, bits, top, bottom, NULL); @@ -112,16 +113,19 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(TESTING, rnd, bits, top, bottom, NULL); } +#endif int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) { return bnrand(PRIVATE, rnd, bits, top, bottom, ctx); } +#ifndef FIPS_MODE int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) { return bnrand(PRIVATE, rnd, bits, top, bottom, NULL); } +#endif /* random number r: 0 <= r < range */ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, @@ -195,16 +199,19 @@ int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) return bnrand_range(NORMAL, r, range, ctx); } +#ifndef FIPS_MODE int BN_rand_range(BIGNUM *r, const BIGNUM *range) { return bnrand_range(NORMAL, r, range, NULL); } +#endif int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) { return bnrand_range(PRIVATE, r, range, ctx); } +#ifndef FIPS_MODE int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) { return bnrand_range(PRIVATE, r, range, NULL); @@ -219,6 +226,7 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) { return BN_rand_range(r, range); } +#endif /* * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike |