Use rdrand as additional entropy source.

[openssl.git] / crypto / rand / rand_lib.c

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index f3bd4e632eebc07384bd368db458a8b4dc3ef2fb..4aa6486c8102c9e07d64cfd29ca57c76db0ba9ff 100644 (file)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -78,10 +78,6 @@ static const RAND_METHOD *default_RAND_meth = NULL;
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
-#ifdef OPENSSL_FIPS
-       if (!FIPS_rand_set_method(meth))
-               return 0;
-#endif
 #ifndef OPENSSL_NO_ENGINE
        if(funct_ref)
                {
@@ -198,11 +194,11 @@ int RAND_status(void)
 static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
                                 int entropy, size_t min_len, size_t max_len)
         {
+       /* Round up request to multiple of block size */
+       min_len = ((min_len + 19) / 20) * 20;
        *pout = OPENSSL_malloc(min_len);
        if (!*pout)
                return 0;
-       /* Round up request to multiple of block size */
-       min_len = ((min_len + 19) / 20) * 20;
        if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
                {
                OPENSSL_free(*pout);
@@ -214,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
        {
-       OPENSSL_cleanse(out, olen);
-       OPENSSL_free(out);
+       if (out)
+               {
+               OPENSSL_cleanse(out, olen);
+               OPENSSL_free(out);
+               }
        }
 
 /* Set "additional input" when generating random data. This uses the
@@ -228,6 +227,7 @@ static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
        static unsigned char buf[16];
        static unsigned long counter;
        FIPS_get_timevec(buf, &counter);
+       rand_hw_xor(buf, sizeof(buf));
        *pout = buf;
        return sizeof(buf);
        }