summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rand
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rand')
-rw-r--r--src/lib/libcrypto/rand/rand.h10
-rw-r--r--src/lib/libcrypto/rand/rand_err.c8
-rw-r--r--src/lib/libcrypto/rand/rand_lib.c12
-rw-r--r--src/lib/libcrypto/rand/randfile.c2
4 files changed, 31 insertions, 1 deletions
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index 606382dd21..604df9be6c 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -71,6 +71,10 @@
71extern "C" { 71extern "C" {
72#endif 72#endif
73 73
74#if defined(OPENSSL_FIPS)
75#define FIPS_RAND_SIZE_T int
76#endif
77
74typedef struct rand_meth_st 78typedef struct rand_meth_st
75 { 79 {
76 void (*seed)(const void *buf, int num); 80 void (*seed)(const void *buf, int num);
@@ -121,11 +125,17 @@ void ERR_load_RAND_strings(void);
121/* Error codes for the RAND functions. */ 125/* Error codes for the RAND functions. */
122 126
123/* Function codes. */ 127/* Function codes. */
128#define RAND_F_FIPS_RAND_BYTES 102
124#define RAND_F_RAND_GET_RAND_METHOD 101 129#define RAND_F_RAND_GET_RAND_METHOD 101
125#define RAND_F_SSLEAY_RAND_BYTES 100 130#define RAND_F_SSLEAY_RAND_BYTES 100
126 131
127/* Reason codes. */ 132/* Reason codes. */
133#define RAND_R_NON_FIPS_METHOD 101
134#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 105
135#define RAND_R_PRNG_NOT_REKEYED 103
136#define RAND_R_PRNG_NOT_RESEEDED 104
128#define RAND_R_PRNG_NOT_SEEDED 100 137#define RAND_R_PRNG_NOT_SEEDED 100
138#define RAND_R_PRNG_STUCK 102
129 139
130#ifdef __cplusplus 140#ifdef __cplusplus
131} 141}
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index b77267e213..95574659ac 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -1,6 +1,6 @@
1/* crypto/rand/rand_err.c */ 1/* crypto/rand/rand_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -66,6 +66,7 @@
66#ifndef OPENSSL_NO_ERR 66#ifndef OPENSSL_NO_ERR
67static ERR_STRING_DATA RAND_str_functs[]= 67static ERR_STRING_DATA RAND_str_functs[]=
68 { 68 {
69{ERR_PACK(0,RAND_F_FIPS_RAND_BYTES,0), "FIPS_RAND_BYTES"},
69{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, 70{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"},
70{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, 71{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"},
71{0,NULL} 72{0,NULL}
@@ -73,7 +74,12 @@ static ERR_STRING_DATA RAND_str_functs[]=
73 74
74static ERR_STRING_DATA RAND_str_reasons[]= 75static ERR_STRING_DATA RAND_str_reasons[]=
75 { 76 {
77{RAND_R_NON_FIPS_METHOD ,"non fips method"},
78{RAND_R_PRNG_ASKING_FOR_TOO_MUCH ,"prng asking for too much"},
79{RAND_R_PRNG_NOT_REKEYED ,"prng not rekeyed"},
80{RAND_R_PRNG_NOT_RESEEDED ,"prng not reseeded"},
76{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, 81{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"},
82{RAND_R_PRNG_STUCK ,"prng stuck"},
77{0,NULL} 83{0,NULL}
78 }; 84 };
79 85
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..88f1b56d91 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -63,6 +63,8 @@
63#ifndef OPENSSL_NO_ENGINE 63#ifndef OPENSSL_NO_ENGINE
64#include <openssl/engine.h> 64#include <openssl/engine.h>
65#endif 65#endif
66#include <openssl/fips.h>
67#include <openssl/fips_rand.h>
66 68
67#ifndef OPENSSL_NO_ENGINE 69#ifndef OPENSSL_NO_ENGINE
68/* non-NULL if default_RAND_meth is ENGINE-provided */ 70/* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -85,6 +87,16 @@ int RAND_set_rand_method(const RAND_METHOD *meth)
85 87
86const RAND_METHOD *RAND_get_rand_method(void) 88const RAND_METHOD *RAND_get_rand_method(void)
87 { 89 {
90#ifdef OPENSSL_FIPS
91 if(FIPS_mode()
92 && default_RAND_meth != FIPS_rand_check())
93 {
94 RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
95 return 0;
96 }
97#endif
98
99
88 if (!default_RAND_meth) 100 if (!default_RAND_meth)
89 { 101 {
90#ifndef OPENSSL_NO_ENGINE 102#ifndef OPENSSL_NO_ENGINE
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index f5d0843d13..c7fba496a8 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -166,6 +166,7 @@ int RAND_write_file(const char *file)
166 } 166 }
167 167
168#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) 168#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
169 {
169 /* For some reason Win32 can't write to files created this way */ 170 /* For some reason Win32 can't write to files created this way */
170 171
171 /* chmod(..., 0600) is too late to protect the file, 172 /* chmod(..., 0600) is too late to protect the file,
@@ -173,6 +174,7 @@ int RAND_write_file(const char *file)
173 int fd = open(file, O_CREAT, 0600); 174 int fd = open(file, O_CREAT, 0600);
174 if (fd != -1) 175 if (fd != -1)
175 out = fdopen(fd, "wb"); 176 out = fdopen(fd, "wb");
177 }
176#endif 178#endif
177 if (out == NULL) 179 if (out == NULL)
178 out = fopen(file,"wb"); 180 out = fopen(file,"wb");
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 02:50:57 +0000