APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_eng.c rand_err.c rand_egd.c \
rand_win.c rand_unix.c rand_os2.c rand_nw.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_eng.o rand_err.o rand_egd.o \
rand_win.o rand_unix.o rand_os2.o rand_nw.o
SRC= $(LIBSRC)
#include <openssl/crypto.h>
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#ifdef BN_DEBUG
# define PREDICT
#endif
int do_stir_pool = 0;
+#ifdef OPENSSL_FIPS
+ if(FIPS_mode())
+ {
+ FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
+
#ifdef PREDICT
if (rand_predictable)
{
#endif
#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
+#define FIPS_RAND_SIZE_T int
#endif
/* Already defined in ossl_typ.h */
int RAND_egd(const char *path);
int RAND_egd_bytes(const char *path,int bytes);
int RAND_poll(void);
+#ifndef OPENSSL_NO_ENGINE
+#ifdef OPENSSL_FIPS
+void int_RAND_init_engine_callbacks(void);
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
+#endif
+#endif
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
/* Error codes for the RAND functions. */
/* Function codes. */
+#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
+#define RAND_F_FIPS_RAND 103
+#define RAND_F_FIPS_RAND_BYTES 102
+#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
+#define RAND_F_FIPS_RAND_SET_DT 106
+#define RAND_F_FIPS_SET_DT 104
+#define RAND_F_FIPS_SET_PRNG_SEED 107
+#define RAND_F_FIPS_SET_TEST_MODE 105
#define RAND_F_RAND_GET_RAND_METHOD 101
#define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */
+#define RAND_R_NON_FIPS_METHOD 105
+#define RAND_R_NOT_IN_TEST_MODE 106
+#define RAND_R_NO_KEY_SET 107
+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
+#define RAND_R_PRNG_ERROR 108
+#define RAND_R_PRNG_KEYED 109
+#define RAND_R_PRNG_NOT_REKEYED 102
+#define RAND_R_PRNG_NOT_RESEEDED 103
#define RAND_R_PRNG_NOT_SEEDED 100
+#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
+#define RAND_R_PRNG_STUCK 104
#ifdef __cplusplus
}
/* crypto/rand/rand_err.c */
/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
static ERR_STRING_DATA RAND_str_functs[]=
{
+{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
+{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
+{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
+{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0,NULL}
static ERR_STRING_DATA RAND_str_reasons[]=
{
+{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
+{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
+{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
+{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
+{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
{0,NULL}
};
#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
#endif
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth));
+int eng_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth);
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
+#endif
+
#endif
#include <time.h>
#include "cryptlib.h"
#include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+
+#ifdef OPENSSL_FIPS
+
+static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ {
+ *pmeth = meth;
+ return 1;
+ }
+
+static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
+ {
+ if (!*pmeth)
+ {
+ if(FIPS_mode())
+ *pmeth=FIPS_rand_method();
+ else
+ *pmeth = RAND_SSLeay();
+ }
+
+ if(FIPS_mode()
+ && *pmeth != FIPS_rand_check())
+ {
+ RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+
+ return *pmeth;
+ }
+
+static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ = fips_RAND_set_rand_method;
+static const RAND_METHOD *(*RAND_get_rand_method_func)
+ (const RAND_METHOD **pmeth)
+ = fips_RAND_get_rand_method;
+
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+ int (*set_rand_func)(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth))
+ {
+ RAND_set_rand_method_func = set_rand_func;
+ RAND_get_rand_method_func = get_rand_func;
+ }
+#endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+ {
+ return RAND_set_rand_method_func(meth, &default_RAND_meth);
+ }
+
+const RAND_METHOD *RAND_get_rand_method(void)
+ {
+ return RAND_get_rand_method_func(&default_RAND_meth);
+ }
+
+#else
+
#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static ENGINE *funct_ref =NULL;
#endif
-static const RAND_METHOD *default_RAND_meth = NULL;
int RAND_set_rand_method(const RAND_METHOD *meth)
{
}
#endif
+#endif
+
void RAND_cleanup(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();