1 files changed, 0 insertions, 129 deletions
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 5ac0e14caf..243a87ddfb 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -65,11 +65,6 @@
 #include <openssl/engine.h>
 #endif
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#endif
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
@@ -180,127 +175,3 @@ int RAND_status(void)
                return meth->status();
        return 0;
        }
-#ifdef OPENSSL_FIPS
-/* FIPS DRBG initialisation code. This sets up the DRBG for use by the
- * rest of OpenSSL. 
- */
-/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
- * entropy internally through RAND_poll().
- */
-static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
-                                int entropy, size_t min_len, size_t max_len)
-        {
-        /* Round up request to multiple of block size */
-        min_len = ((min_len + 19) / 20) * 20;
-        *pout = OPENSSL_malloc(min_len);
-        if (!*pout)
-                return 0;
-        if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
-                {
-                OPENSSL_free(*pout);
-                *pout = NULL;
-                return 0;
-                }
-        return min_len;
-        }
-static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
-        {
-        if (out)
-                {
-                OPENSSL_cleanse(out, olen);
-                OPENSSL_free(out);
-                }
-        }
-/* Set "additional input" when generating random data. This uses the
- * current PID, a time value and a counter.
- */
-static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
-        {
-        /* Use of static variables is OK as this happens under a lock */
-        static unsigned char buf[16];
-        static unsigned long counter;
-        FIPS_get_timevec(buf, &counter);
-        *pout = buf;
-        return sizeof(buf);
-        }
-/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is 
- * correctly seeded by RAND_poll().
- */
-static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
-                                double entropy)
-        {
-        RAND_SSLeay()->add(in, inlen, entropy);
-        return 1;
-        }
-static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
-        {
-        RAND_SSLeay()->seed(in, inlen);
-        return 1;
-        }
-#ifndef OPENSSL_DRBG_DEFAULT_TYPE
-#define OPENSSL_DRBG_DEFAULT_TYPE       NID_aes_256_ctr
-#endif
-#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
-#define OPENSSL_DRBG_DEFAULT_FLAGS      DRBG_FLAG_CTR_USE_DF
-#endif 
-static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
-static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
-void RAND_set_fips_drbg_type(int type, int flags)
-        {
-        fips_drbg_type = type;
-        fips_drbg_flags = flags;
-        }
-int RAND_init_fips(void)
-        {
-        DRBG_CTX *dctx;
-        size_t plen;
-        unsigned char pers[32], *p;
-#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
-        if (fips_drbg_type >> 16)
-                {
-                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
-                return 0;
-                }
-#endif
-                
-        dctx = FIPS_get_default_drbg();
-        if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
-                {
-                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
-                return 0;
-                }
-                
-        FIPS_drbg_set_callbacks(dctx,
-                                drbg_get_entropy, drbg_free_entropy, 20,
-                                drbg_get_entropy, drbg_free_entropy);
-        FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
-                                        drbg_rand_seed, drbg_rand_add);
-        /* Personalisation string: a string followed by date time vector */
-        strcpy((char *)pers, "OpenSSL DRBG2.0");
-        plen = drbg_get_adin(dctx, &p);
-        memcpy(pers + 16, p, plen);
-        if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
-                {
-                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
-                return 0;
-                }
-        FIPS_rand_set_method(FIPS_drbg_method());
-        return 1;
-        }
-#endif

diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 5ac0e14caf..243a87ddfb 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -65,11 +65,6 @@
65	#include <openssl/engine.h>	65	#include <openssl/engine.h>
66	#endif	66	#endif
67		67
68	#ifdef OPENSSL_FIPS
69	#include <openssl/fips.h>
70	#include <openssl/fips_rand.h>
71	#endif
72
73	#ifndef OPENSSL_NO_ENGINE	68	#ifndef OPENSSL_NO_ENGINE
74	/* non-NULL if default_RAND_meth is ENGINE-provided */	69	/* non-NULL if default_RAND_meth is ENGINE-provided */
75	static ENGINE *funct_ref =NULL;	70	static ENGINE *funct_ref =NULL;
@@ -180,127 +175,3 @@ int RAND_status(void)
180	return meth->status();	175	return meth->status();
181	return 0;	176	return 0;
182	}	177	}
183
184	#ifdef OPENSSL_FIPS
185
186	/* FIPS DRBG initialisation code. This sets up the DRBG for use by the
187	* rest of OpenSSL.
188	*/
189
190	/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
191	* entropy internally through RAND_poll().
192	*/
193
194	static size_t drbg_get_entropy(DRBG_CTX ctx, unsigned char *pout,
195	int entropy, size_t min_len, size_t max_len)
196	{
197	/* Round up request to multiple of block size */
198	min_len = ((min_len + 19) / 20) * 20;
199	*pout = OPENSSL_malloc(min_len);
200	if (!*pout)
201	return 0;
202	if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
203	{
204	OPENSSL_free(*pout);
205	*pout = NULL;
206	return 0;
207	}
208	return min_len;
209	}
210
211	static void drbg_free_entropy(DRBG_CTX ctx, unsigned char out, size_t olen)
212	{
213	if (out)
214	{
215	OPENSSL_cleanse(out, olen);
216	OPENSSL_free(out);
217	}
218	}
219
220	/* Set "additional input" when generating random data. This uses the
221	* current PID, a time value and a counter.
222	*/
223
224	static size_t drbg_get_adin(DRBG_CTX ctx, unsigned char *pout)
225	{
226	/* Use of static variables is OK as this happens under a lock */
227	static unsigned char buf[16];
228	static unsigned long counter;
229	FIPS_get_timevec(buf, &counter);
230	*pout = buf;
231	return sizeof(buf);
232	}
233
234	/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
235	* correctly seeded by RAND_poll().
236	*/
237
238	static int drbg_rand_add(DRBG_CTX ctx, const void in, int inlen,
239	double entropy)
240	{
241	RAND_SSLeay()->add(in, inlen, entropy);
242	return 1;
243	}
244
245	static int drbg_rand_seed(DRBG_CTX ctx, const void in, int inlen)
246	{
247	RAND_SSLeay()->seed(in, inlen);
248	return 1;
249	}
250
251	#ifndef OPENSSL_DRBG_DEFAULT_TYPE
252	#define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr
253	#endif
254	#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
255	#define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF
256	#endif
257
258	static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
259	static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
260
261	void RAND_set_fips_drbg_type(int type, int flags)
262	{
263	fips_drbg_type = type;
264	fips_drbg_flags = flags;
265	}
266
267	int RAND_init_fips(void)
268	{
269	DRBG_CTX *dctx;
270	size_t plen;
271	unsigned char pers[32], *p;
272	#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
273	if (fips_drbg_type >> 16)
274	{
275	RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
276	return 0;
277	}
278	#endif
279
280	dctx = FIPS_get_default_drbg();
281	if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
282	{
283	RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
284	return 0;
285	}
286
287	FIPS_drbg_set_callbacks(dctx,
288	drbg_get_entropy, drbg_free_entropy, 20,
289	drbg_get_entropy, drbg_free_entropy);
290	FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
291	drbg_rand_seed, drbg_rand_add);
292	/* Personalisation string: a string followed by date time vector */
293	strcpy((char *)pers, "OpenSSL DRBG2.0");
294	plen = drbg_get_adin(dctx, &p);
295	memcpy(pers + 16, p, plen);
296
297	if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
298	{
299	RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
300	return 0;
301	}
302	FIPS_rand_set_method(FIPS_drbg_method());
303	return 1;
304	}
305
306	#endif