projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Initial switch to DRBG base PRNG in FIPS mode. Include bogus seeding for
[openssl.git]
/
fips
/
fips.c
diff --git
a/fips/fips.c
b/fips/fips.c
index 6b5e4d4ccb46df39628425582a012c93608cc4be..2b66160bb51de24d234de3c9b4d9402ce6680e75 100644
(file)
--- a/
fips/fips.c
+++ b/
fips/fips.c
@@
-174,9
+174,12
@@
int FIPS_selftest(void)
return FIPS_selftest_sha1()
&& FIPS_selftest_hmac()
return FIPS_selftest_sha1()
&& FIPS_selftest_hmac()
+ && FIPS_selftest_cmac()
&& FIPS_selftest_aes()
&& FIPS_selftest_aes()
+ && FIPS_selftest_aes_gcm()
&& FIPS_selftest_des()
&& FIPS_selftest_rsa()
&& FIPS_selftest_des()
&& FIPS_selftest_rsa()
+ && FIPS_selftest_ecdsa()
&& FIPS_selftest_dsa();
}
&& FIPS_selftest_dsa();
}
@@
-274,7
+277,6
@@
int FIPS_mode_set(int onoff)
if(onoff)
{
if(onoff)
{
- unsigned char buf[48];
fips_selftest_fail = 0;
fips_selftest_fail = 0;
@@
-313,6
+315,13
@@
int FIPS_mode_set(int onoff)
goto end;
}
goto end;
}
+ if (!FIPS_selftest_drbg())
+ {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
/* Perform RNG KAT before seeding */
if (!FIPS_selftest_rng())
{
/* Perform RNG KAT before seeding */
if (!FIPS_selftest_rng())
{
@@
-320,10
+329,11
@@
int FIPS_mode_set(int onoff)
ret = 0;
goto end;
}
ret = 0;
goto end;
}
-
+#if 0
/* automagically seed PRNG if not already seeded */
if(!FIPS_rand_status())
{
/* automagically seed PRNG if not already seeded */
if(!FIPS_rand_status())
{
+ unsigned char buf[48];
if(RAND_bytes(buf,sizeof buf) <= 0)
{
fips_selftest_fail = 1;
if(RAND_bytes(buf,sizeof buf) <= 0)
{
fips_selftest_fail = 1;
@@
-337,6
+347,10
@@
int FIPS_mode_set(int onoff)
/* now switch into FIPS mode */
fips_set_rand_check(FIPS_rand_method());
RAND_set_rand_method(FIPS_rand_method());
/* now switch into FIPS mode */
fips_set_rand_check(FIPS_rand_method());
RAND_set_rand_method(FIPS_rand_method());
+#else
+ fips_set_rand_check(FIPS_drbg_method());
+ RAND_set_rand_method(FIPS_drbg_method());
+#endif
if(FIPS_selftest())
fips_set_mode(1);
else
if(FIPS_selftest())
fips_set_mode(1);
else