diff options
| author | Ben Laurie <ben@openssl.org> | 2004-05-12 14:11:10 +0000 |
|---|---|---|
| committer | Ben Laurie <ben@openssl.org> | 2004-05-12 14:11:10 +0000 |
| commit | 72d75ee2067b987eaf167db9c6e143bd0fd5ddee (patch) | |
| tree | 247e363d66a8aa40d18bda2fa72f76f40db14ce1 /fips/rand | |
| parent | 49bc4c102358ddaee435dc1c0fb75bb046d293c6 (diff) | |
Blow up in people's faces if they don't reseed.
Diffstat (limited to 'fips/rand')
| -rw-r--r-- | fips/rand/fingerprint.sha1 | 2 | ||||
| -rw-r--r-- | fips/rand/fips_rand.c | 29 |
2 files changed, 30 insertions, 1 deletions
diff --git a/fips/rand/fingerprint.sha1 b/fips/rand/fingerprint.sha1 index 493cba205c..11421113e0 100644 --- a/fips/rand/fingerprint.sha1 +++ b/fips/rand/fingerprint.sha1 @@ -1,2 +1,2 @@ -HMAC-SHA1(fips_rand.c)= dfc608a14c5c674e9923d08bd9bb5c4b7f1bf615 +HMAC-SHA1(fips_rand.c)= 58be68c405269c9a4c35ee19642c4da982374769 HMAC-SHA1(fips_rand.h)= 889afc9a526fe59138326134950b733627a7e9cf diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c index e1557edd90..2ff197ebb0 100644 --- a/fips/rand/fips_rand.c +++ b/fips/rand/fips_rand.c @@ -84,6 +84,11 @@ static int key_set; static int test_mode; static unsigned char test_faketime[8]; +#ifndef GETPID_IS_MEANINGLESS +static int seed_pid; +static int key_pid; +#endif + static void fips_rand_cleanup(void); static void fips_rand_add(const void *buf, int num, double add_entropy); static int fips_rand_bytes(unsigned char *buf, int num); @@ -111,6 +116,9 @@ void FIPS_set_prng_key(const unsigned char k1[8],const unsigned char k2[8]) memcpy(&key1,k1,sizeof key1); memcpy(&key2,k2,sizeof key2); key_set=1; +#ifndef GETPID_IS_MEANINGLESS + key_pid=getpid(); +#endif second=0; } @@ -224,6 +232,10 @@ void FIPS_rand_seed(const void *buf_, int num) n_seed+=t; } +#ifndef GETPID_IS_MEANINGLESS + seed_pid=getpid(); +#endif + CRYPTO_w_unlock(CRYPTO_LOCK_RAND); } @@ -239,6 +251,9 @@ static int fips_rand_bytes(unsigned char *buf,int num) unsigned char intermediate[SEED_SIZE]; unsigned char output[SEED_SIZE]; static unsigned char previous[SEED_SIZE]; +#ifndef GETPID_IS_MEANINGLESS + int pid; +#endif if(n_seed < sizeof seed) { @@ -246,6 +261,20 @@ static int fips_rand_bytes(unsigned char *buf,int num) return 0; } +#ifndef GETPID_IS_MEANINGLESS + pid=getpid(); + if(pid != seed_pid) + { + RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_RESEEDED); + return 0; + } + if(pid != key_pid) + { + RANDerr(RAND_F_FIPS_RAND_BYTES,RAND_R_PRNG_NOT_REKEYED); + return 0; + } +#endif + fips_gettime(timeseed); fips_rand_encrypt(intermediate,timeseed); |