Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL".
This commit is contained in:
Dr. Stephen Henson
@@ -94,7 +94,7 @@ extern int rand_predictable;
|
||||
|
||||
int RAND_set_rand_method(const RAND_METHOD *meth);
|
||||
const RAND_METHOD *RAND_get_rand_method(void);
|
||||
#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_FIPS)
|
||||
#ifndef OPENSSL_NO_ENGINE
|
||||
int RAND_set_rand_engine(ENGINE *engine);
|
||||
#endif
|
||||
RAND_METHOD *RAND_SSLeay(void);
|
||||
@@ -119,6 +119,10 @@ int RAND_event(UINT, WPARAM, LPARAM);
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_FIPS
|
||||
int RAND_init_fips(void);
|
||||
#endif
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
* made after this point may be overwritten when the script is next run.
|
||||
@@ -132,6 +136,7 @@ void ERR_load_RAND_strings(void);
|
||||
#define RAND_F_FIPS_RAND_SET_DT 103
|
||||
#define RAND_F_FIPS_SET_PRNG_SEED 104
|
||||
#define RAND_F_FIPS_SET_TEST_MODE 105
|
||||
#define RAND_F_FIPS_X931_SET_DT 106
|
||||
#define RAND_F_RAND_GET_RAND_METHOD 101
|
||||
#define RAND_F_SSLEAY_RAND_BYTES 100
|
||||
|
||||
|
||||
Reference in New Issue
Block a user