From 0ede2af7a0d7f3c9a43f50c529ad9aae480150fb Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 13 Jun 2011 20:40:52 +0000 Subject: [PATCH] Redirect RAND to FIPS module in FIPS mode. --- crypto/rand/rand.h | 1 + crypto/rand/rand_err.c | 3 ++- crypto/rand/rand_lib.c | 17 ++++++++++++----- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h index 24aa7c0cb4..315b5cc016 100644 --- a/crypto/rand/rand.h +++ b/crypto/rand/rand.h @@ -136,6 +136,7 @@ void ERR_load_RAND_strings(void); #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 #define RAND_R_PRNG_NOT_SEEDED 100 #ifdef __cplusplus diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c index 03cda4dd92..672c333133 100644 --- a/crypto/rand/rand_err.c +++ b/crypto/rand/rand_err.c @@ -1,6 +1,6 @@ /* crypto/rand/rand_err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -77,6 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_reasons[]= { +{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {0,NULL} }; diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 655101e0ec..187fe1ef09 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -61,11 +61,6 @@ #include "cryptlib.h" #include -#ifdef OPENSSL_FIPSCANISTER -#define OPENSSL_NO_ENGINE -#include -#endif - #ifndef OPENSSL_NO_ENGINE #include #endif @@ -116,6 +111,18 @@ const RAND_METHOD *RAND_get_rand_method(void) if(e) funct_ref = e; else +#endif +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + { + default_RAND_meth = FIPS_rand_get_method(); + if (default_RAND_meth == NULL) + { + RANDerr(RAND_F_RAND_GET_RAND_METHOD, + RAND_R_NO_FIPS_RANDOM_METHOD_SET); + } + } + else #endif default_RAND_meth = RAND_SSLeay(); } -- 2.40.0