1 files changed, 70 insertions, 1 deletions
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..da6b4e0e86 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+static const RAND_METHOD *default_RAND_meth = NULL;
+#ifdef OPENSSL_FIPS
+static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
+                                        const RAND_METHOD **pmeth)
+        {
+        *pmeth = meth;
+        return 1;
+        }
+static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
+        {
+        if (!*pmeth)
+                {
+                if(FIPS_mode())
+                        *pmeth=FIPS_rand_method();
+                else
+                        *pmeth = RAND_SSLeay();
+                }
+        if(FIPS_mode()
+                && *pmeth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+        return *pmeth;
+        }
+static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
+                                                const RAND_METHOD **pmeth)
+        = fips_RAND_set_rand_method;
+static const RAND_METHOD *(*RAND_get_rand_method_func)
+                                                (const RAND_METHOD **pmeth)
+        = fips_RAND_get_rand_method;
+#ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(
+        int (*set_rand_func)(const RAND_METHOD *meth,
+                                                const RAND_METHOD **pmeth),
+        const RAND_METHOD *(*get_rand_func)
+                                                (const RAND_METHOD **pmeth))
+        {
+        RAND_set_rand_method_func = set_rand_func;
+        RAND_get_rand_method_func = get_rand_func;
+        }
+#endif
+int RAND_set_rand_method(const RAND_METHOD *meth)
+        {
+        return RAND_set_rand_method_func(meth, &default_RAND_meth);
+        }
+const RAND_METHOD *RAND_get_rand_method(void)
+        {
+        return RAND_get_rand_method_func(&default_RAND_meth);
+        }
+#else
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
 #endif
-static const RAND_METHOD *default_RAND_meth = NULL;
 int RAND_set_rand_method(const RAND_METHOD *meth)
        {
@@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine)
        }
 #endif
+#endif
 void RAND_cleanup(void)
        {
        const RAND_METHOD *meth = RAND_get_rand_method();

diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 513e338985..da6b4e0e86 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -60,15 +60,82 @@
60	#include <time.h>	60	#include <time.h>
61	#include "cryptlib.h"	61	#include "cryptlib.h"
62	#include <openssl/rand.h>	62	#include <openssl/rand.h>
		63	#include "rand_lcl.h"
		64	#ifdef OPENSSL_FIPS
		65	#include <openssl/fips.h>
		66	#include <openssl/fips_rand.h>
		67	#endif
		68
63	#ifndef OPENSSL_NO_ENGINE	69	#ifndef OPENSSL_NO_ENGINE
64	#include <openssl/engine.h>	70	#include <openssl/engine.h>
65	#endif	71	#endif
66		72
		73	static const RAND_METHOD *default_RAND_meth = NULL;
		74
		75	#ifdef OPENSSL_FIPS
		76
		77	static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
		78	const RAND_METHOD **pmeth)
		79	{
		80	*pmeth = meth;
		81	return 1;
		82	}
		83
		84	static const RAND_METHOD fips_RAND_get_rand_method(const RAND_METHOD *pmeth)
		85	{
		86	if (!*pmeth)
		87	{
		88	if(FIPS_mode())
		89	*pmeth=FIPS_rand_method();
		90	else
		91	*pmeth = RAND_SSLeay();
		92	}
		93
		94	if(FIPS_mode()
		95	&& *pmeth != FIPS_rand_check())
		96	{
		97	RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
		98	return 0;
		99	}
		100
		101	return *pmeth;
		102	}
		103
		104	static int (RAND_set_rand_method_func)(const RAND_METHOD meth,
		105	const RAND_METHOD **pmeth)
		106	= fips_RAND_set_rand_method;
		107	static const RAND_METHOD (RAND_get_rand_method_func)
		108	(const RAND_METHOD **pmeth)
		109	= fips_RAND_get_rand_method;
		110
		111	#ifndef OPENSSL_NO_ENGINE
		112	void int_RAND_set_callbacks(
		113	int (set_rand_func)(const RAND_METHOD meth,
		114	const RAND_METHOD **pmeth),
		115	const RAND_METHOD (get_rand_func)
		116	(const RAND_METHOD **pmeth))
		117	{
		118	RAND_set_rand_method_func = set_rand_func;
		119	RAND_get_rand_method_func = get_rand_func;
		120	}
		121	#endif
		122
		123	int RAND_set_rand_method(const RAND_METHOD *meth)
		124	{
		125	return RAND_set_rand_method_func(meth, &default_RAND_meth);
		126	}
		127
		128	const RAND_METHOD *RAND_get_rand_method(void)
		129	{
		130	return RAND_get_rand_method_func(&default_RAND_meth);
		131	}
		132
		133	#else
		134
67	#ifndef OPENSSL_NO_ENGINE	135	#ifndef OPENSSL_NO_ENGINE
68	/* non-NULL if default_RAND_meth is ENGINE-provided */	136	/* non-NULL if default_RAND_meth is ENGINE-provided */
69	static ENGINE *funct_ref =NULL;	137	static ENGINE *funct_ref =NULL;
70	#endif	138	#endif
71	static const RAND_METHOD *default_RAND_meth = NULL;
72		139
73	int RAND_set_rand_method(const RAND_METHOD *meth)	140	int RAND_set_rand_method(const RAND_METHOD *meth)
74	{	141	{
@@ -129,6 +196,8 @@ int RAND_set_rand_engine(ENGINE *engine)
129	}	196	}
130	#endif	197	#endif
131		198
		199	#endif
		200
132	void RAND_cleanup(void)	201	void RAND_cleanup(void)
133	{	202	{
134	const RAND_METHOD *meth = RAND_get_rand_method();	203	const RAND_METHOD *meth = RAND_get_rand_method();