diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-13 20:40:52 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-13 20:40:52 +0000 |
| commit | 0ede2af7a0d7f3c9a43f50c529ad9aae480150fb (patch) | |
| tree | 61493202f9b7835c38902614b82cf9f04ff9a708 /crypto/rand | |
| parent | e8d23f7811db9a4edaac93344bb3c606522f7ee7 (diff) | |
Redirect RAND to FIPS module in FIPS mode.
Diffstat (limited to 'crypto/rand')
| -rw-r--r-- | crypto/rand/rand.h | 1 | ||||
| -rw-r--r-- | crypto/rand/rand_err.c | 3 | ||||
| -rw-r--r-- | crypto/rand/rand_lib.c | 17 |
3 files changed, 15 insertions, 6 deletions
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 24aa7c0cb4..315b5cc016 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -136,6 +136,7 @@ void ERR_load_RAND_strings(void); #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 #define RAND_R_PRNG_NOT_SEEDED 100 #ifdef __cplusplus diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 03cda4dd92..672c333133 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -77,6 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {0,NULL} }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 655101e0ec..187fe1ef09 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -61,11 +61,6 @@ #include "cryptlib.h" #include <openssl/rand.h> -#ifdef OPENSSL_FIPSCANISTER -#define OPENSSL_NO_ENGINE -#include <openssl/fips.h> -#endif - #ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> #endif @@ -117,6 +112,18 @@ const RAND_METHOD *RAND_get_rand_method(void) funct_ref = e; else #endif +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + default_RAND_meth = FIPS_rand_get_method(); + if (default_RAND_meth == NULL) + { + RANDerr(RAND_F_RAND_GET_RAND_METHOD, + RAND_R_NO_FIPS_RANDOM_METHOD_SET); + } + } + else +#endif default_RAND_meth = RAND_SSLeay(); } return default_RAND_meth; |