Redirect RAND to FIPS module in FIPS mode.

author Dr. Stephen Henson <steve@openssl.org>

Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h

index 24aa7c0cb4278ef0bda54738909855d786514f2b..315b5cc01621259bb6f455ad209950afdfa83606 100644 (file)
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -136,6 +136,7 @@ void ERR_load_RAND_strings(void);
  #define RAND_F_SSLEAY_RAND_BYTES                        100
  
  /* Reason codes. */
+#define RAND_R_NO_FIPS_RANDOM_METHOD_SET                101
  #define RAND_R_PRNG_NOT_SEEDED                          100
  
  #ifdef  __cplusplus
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c

index 03cda4dd9214dec1495e9ea05068fd379c4ba794..672c333133d82f5be4d9483cdd87a42366711863 100644 (file)
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
  /* crypto/rand/rand_err.c */
  /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
@@ -77,6 +77,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
  
  static ERR_STRING_DATA RAND_str_reasons[]=
         {
+{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
  {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
  {0,NULL}
         };
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c

index 655101e0ec6769812e89ea8dc70fefeaa989f79b..187fe1ef09346c77c4266e1c9974c27524139810 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -61,11 +61,6 @@
  #include "cryptlib.h"
  #include <openssl/rand.h>
  
-#ifdef OPENSSL_FIPSCANISTER
-#define OPENSSL_NO_ENGINE
-#include <openssl/fips.h>
-#endif
-
  #ifndef OPENSSL_NO_ENGINE
  #include <openssl/engine.h>
  #endif
@@ -116,6 +111,18 @@ const RAND_METHOD *RAND_get_rand_method(void)
                 if(e)
                         funct_ref = e;
                 else
+#endif
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       {
+                       default_RAND_meth = FIPS_rand_get_method();
+                       if (default_RAND_meth == NULL)
+                               {
+                               RANDerr(RAND_F_RAND_GET_RAND_METHOD,
+                                       RAND_R_NO_FIPS_RANDOM_METHOD_SET);
+                               }
+                       }
+               else
  #endif
                         default_RAND_meth = RAND_SSLeay();
                 }
author	Dr. Stephen Henson <steve@openssl.org>
	Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Mon, 13 Jun 2011 20:40:52 +0000 (20:40 +0000)
crypto/rand/rand.h		patch \| blob \| history
crypto/rand/rand_err.c		patch \| blob \| history
crypto/rand/rand_lib.c		patch \| blob \| history