diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-05 15:24:10 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-05 15:24:10 +0000 |
| commit | 05e24c87dd1428809d6eaebf754b472a6cb4bb50 (patch) | |
| tree | db17782a6020c7f4962f8bf9c1666f6f19356e1a /fips/fips.c | |
| parent | cab0595c1426b2f70d88b824028c6d1ef4a4476e (diff) | |
Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
Diffstat (limited to 'fips/fips.c')
| -rw-r--r-- | fips/fips.c | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/fips/fips.c b/fips/fips.c index 42f4003119..7ca24924dd 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -73,7 +73,6 @@ static int fips_selftest_fail; static int fips_mode; static int fips_started = 0; -static const void *fips_rand_check; static int fips_is_owning_thread(void); static int fips_set_owning_thread(void); @@ -97,18 +96,6 @@ static void fips_set_mode(int onoff) } } -static void fips_set_rand_check(const void *rand_check) - { - int owning_thread = fips_is_owning_thread(); - - if (fips_started) - { - if (!owning_thread) fips_w_lock(); - fips_rand_check = rand_check; - if (!owning_thread) fips_w_unlock(); - } - } - int FIPS_mode(void) { int ret = 0; @@ -123,20 +110,6 @@ int FIPS_mode(void) return ret; } -const void *FIPS_rand_check(void) - { - const void *ret = 0; - int owning_thread = fips_is_owning_thread(); - - if (fips_started) - { - if (!owning_thread) fips_r_lock(); - ret = fips_rand_check; - if (!owning_thread) fips_r_unlock(); - } - return ret; - } - int FIPS_selftest_failed(void) { int ret = 0; @@ -329,28 +302,7 @@ int FIPS_mode_set(int onoff) ret = 0; goto end; } -#if 0 - /* automagically seed PRNG if not already seeded */ - if(!FIPS_rand_status()) - { - unsigned char buf[48]; - if(RAND_bytes(buf,sizeof buf) <= 0) - { - fips_selftest_fail = 1; - ret = 0; - goto end; - } - FIPS_rand_set_key(buf,32); - FIPS_rand_seed(buf+32,16); - } - /* now switch into FIPS mode */ - fips_set_rand_check(FIPS_rand_method()); - RAND_set_rand_method(FIPS_rand_method()); -#else - fips_set_rand_check(FIPS_drbg_method()); - RAND_set_rand_method(FIPS_drbg_method()); -#endif if(FIPS_selftest()) fips_set_mode(1); else |