Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for

test applications.
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-01 14:46:07 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-01 14:46:07 +0000
commit: 011c865640fb6edd3e810326a2c331b29759e87d (patch)
tree: 4dc22c08f18a08a00e52d4a6afe0a9bf57f5dc7d /fips/fips.c
parent: 212a08080ccbf6bc11c6deb9e1bd4d491d2c4806 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/fips/fips.c b/fips/fips.c
index 5ea4be1e08..2b66160bb5 100644
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -277,7 +277,6 @@ int FIPS_mode_set(int onoff)
 
     if(onoff)
 	{
-	unsigned char buf[48];
 
 	fips_selftest_fail = 0;
 
@@ -330,10 +329,11 @@ int FIPS_mode_set(int onoff)
 	    ret = 0;
 	    goto end;
 	    }
-
+#if 0
 	/* automagically seed PRNG if not already seeded */
 	if(!FIPS_rand_status())
 	    {
+	    unsigned char buf[48];
 	    if(RAND_bytes(buf,sizeof buf) <= 0)
 		{
 		fips_selftest_fail = 1;
@@ -347,6 +347,10 @@ int FIPS_mode_set(int onoff)
 	/* now switch into FIPS mode */
 	fips_set_rand_check(FIPS_rand_method());
 	RAND_set_rand_method(FIPS_rand_method());
+#else
+	fips_set_rand_check(FIPS_drbg_method());
+	RAND_set_rand_method(FIPS_drbg_method());
+#endif
 	if(FIPS_selftest())
 	    fips_set_mode(1);
 	else
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-01 14:46:07 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-01 14:46:07 +0000
commit	011c865640fb6edd3e810326a2c331b29759e87d (patch)
tree	4dc22c08f18a08a00e52d4a6afe0a9bf57f5dc7d /fips/fips.c
parent	212a08080ccbf6bc11c6deb9e1bd4d491d2c4806 (diff)