diff options
author | Matt Caswell <matt@openssl.org> | 2019-05-28 11:26:17 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-28 10:22:21 +0100 |
commit | 45c54042d02362f083143c09513e57317f983244 (patch) | |
tree | c36b2e6282f00540cdad2ade8ae4aa540d45d485 /providers/fips | |
parent | f2d20f0bb8b79f37f785ca9eff5252188991dd8d (diff) |
Call RAND_DRBG_bytes from inside the FIPS provider
Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to
demonstrate that it is possible to use the RAND code from inside the
module. This is temporary and will be removed once real uses of the RAND
code are available inside the module.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9035)
Diffstat (limited to 'providers/fips')
-rw-r--r-- | providers/fips/fipsprov.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 78e30266c5..ff13acb46b 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -15,8 +15,11 @@ #include <openssl/params.h> #include <openssl/err.h> #include <openssl/evp.h> + /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ #include <openssl/sha.h> +#include <openssl/rand_drbg.h> + #include "internal/cryptlib.h" #include "internal/property.h" #include "internal/evp_int.h" @@ -85,8 +88,10 @@ static int dummy_evp_call(void *provctx) int ret = 0; BN_CTX *bnctx = NULL; BIGNUM *a = NULL, *b = NULL; + unsigned char randbuf[128]; + RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); - if (ctx == NULL || sha256 == NULL) + if (ctx == NULL || sha256 == NULL || drbg == NULL) goto err; if (!EVP_DigestInit_ex(ctx, sha256, NULL)) @@ -112,6 +117,9 @@ static int dummy_evp_call(void *provctx) || BN_cmp(a, b) != 0) goto err; + if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) + goto err; + ret = 1; err: BN_CTX_end(bnctx); |