int RAND_set_rand_method(const RAND_METHOD *meth)
{
-#ifdef OPENSSL_FIPS
- if (!FIPS_rand_set_method(meth))
- return 0;
-#endif
#ifndef OPENSSL_NO_ENGINE
if(funct_ref)
{
static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
+ /* Round up request to multiple of block size */
+ min_len = ((min_len + 19) / 20) * 20;
*pout = OPENSSL_malloc(min_len);
if (!*pout)
return 0;
static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
{
- OPENSSL_cleanse(out, olen);
- OPENSSL_free(out);
+ if (out)
+ {
+ OPENSSL_cleanse(out, olen);
+ OPENSSL_free(out);
+ }
}
/* Set "additional input" when generating random data. This uses the
static unsigned char buf[16];
static unsigned long counter;
FIPS_get_timevec(buf, &counter);
+ rand_hw_xor(buf, sizeof(buf));
*pout = buf;
return sizeof(buf);
}
dctx = FIPS_get_default_drbg();
FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
FIPS_drbg_set_callbacks(dctx,
- drbg_get_entropy, drbg_free_entropy,
+ drbg_get_entropy, drbg_free_entropy, 20,
drbg_get_entropy, drbg_free_entropy);
FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
drbg_rand_seed, drbg_rand_add);
projects / openssl.git / blobdiff