diff options
author | Rich Salz <rsalz@akamai.com> | 2015-12-14 15:24:27 -0500 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-01-06 12:07:26 -0500 |
commit | 700b4a4ae7c2a89ca99bfe64baef1eabfa316136 (patch) | |
tree | ffe906e1a3f0b169233ef0dcadd50c948723d487 /crypto/rand | |
parent | 0b0443af6462724acf7b1ff2c624b124113f11a4 (diff) | |
download | openssl-700b4a4ae7c2a89ca99bfe64baef1eabfa316136.tar.gz |
Remove more (rest?) of FIPS build stuff.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto/rand')
-rw-r--r-- | crypto/rand/rand_lib.c | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 760de52e25..308b9e2c30 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -176,92 +176,3 @@ int RAND_status(void) return meth->status(); return 0; } - -#ifdef OPENSSL_FIPS - -/* - * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest - * of OpenSSL. - */ - -/* - * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather - * entropy internally through RAND_poll(). - */ - -static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, - int entropy, size_t min_len, size_t max_len) -{ - /* Round up request to multiple of block size */ - min_len = ((min_len + 19) / 20) * 20; - *pout = OPENSSL_malloc(min_len); - if (*pout == NULL) - return 0; - if (RAND_OpenSSL()->bytes(*pout, min_len) <= 0) { - OPENSSL_free(*pout); - *pout = NULL; - return 0; - } - return min_len; -} - -static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) -{ - OPENSSL_clear_free(out, olen); -} - -/* - * Set "additional input" when generating random data. This uses the current - * PID, a time value and a counter. - */ - -static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) -{ - /* Use of static variables is OK as this happens under a lock */ - static unsigned char buf[16]; - static unsigned long counter; - FIPS_get_timevec(buf, &counter); - rand_hw_xor(buf, sizeof(buf)); - *pout = buf; - return sizeof(buf); -} - -/* - * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is - * correctly seeded by RAND_poll(). - */ - -static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, - double entropy) -{ - return RAND_OpenSSL()->add(in, inlen, entropy); -} - -static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) -{ - return RAND_OpenSSL()->seed(in, inlen); -} - -int RAND_init_fips(void) -{ - DRBG_CTX *dctx; - size_t plen; - unsigned char pers[32], *p; - dctx = FIPS_get_default_drbg(); - FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); - FIPS_drbg_set_callbacks(dctx, - drbg_get_entropy, drbg_free_entropy, 20, - drbg_get_entropy, drbg_free_entropy); - FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, - drbg_rand_seed, drbg_rand_add); - /* Personalisation string: a string followed by date time vector */ - strcpy((char *)pers, "OpenSSL DRBG2.0"); - plen = drbg_get_adin(dctx, &p); - memcpy(pers + 16, p, plen); - - FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); - FIPS_rand_set_method(FIPS_drbg_method()); - return 1; -} - -#endif |