/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
-static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING;
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
unsigned int flags,
RAND_DRBG *parent)
{
- RAND_DRBG *drbg = secure ?
- OPENSSL_secure_zalloc(sizeof(*drbg)) : OPENSSL_zalloc(sizeof(*drbg));
+ RAND_DRBG *drbg = secure ? OPENSSL_secure_zalloc(sizeof(*drbg))
+ : OPENSSL_zalloc(sizeof(*drbg));
if (drbg == NULL) {
RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
drbg->parent = parent;
if (parent == NULL) {
+#ifdef FIPS_MODE
+ drbg->get_entropy = rand_crngt_get_entropy;
+ drbg->cleanup_entropy = rand_crngt_cleanup_entropy;
+#else
drbg->get_entropy = rand_drbg_get_entropy;
drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#endif
#ifndef RAND_DRBG_GET_RANDOM_NONCE
drbg->get_nonce = rand_drbg_get_nonce;
drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
buflen = (size_t)num;
+#ifdef FIPS_MODE
+ /*
+ * NIST SP-800-90A mandates that entropy *shall not* be provided
+ * by the consuming application. By setting the randomness to zero,
+ * we ensure that the buffer contents will be added to the internal
+ * state of the DRBG only as additional data.
+ *
+ * (NIST SP-800-90Ar1, Sections 9.1 and 9.2)
+ */
+ randomness = 0.0;
+#endif
if (buflen < seedlen || randomness < (double) seedlen) {
#if defined(OPENSSL_RAND_SEED_NONE)
/*
return ret;
#else
/*
- * If an os entropy source is avaible then we declare the buffer content
+ * If an os entropy source is available then we declare the buffer content
* as additional data by setting randomness to zero and trigger a regular
* reseeding.
*/
#endif
}
-
if (randomness > (double)seedlen) {
/*
* The purpose of this check is to bound |randomness| by a