Extensive reorganisation of PRNG handling in FIPS module: all calls

now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL".
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-05 17:24:10 +0200
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-05 17:24:10 +0200
commit: 05e24c87dd1428809d6eaebf754b472a6cb4bb50 (patch)
tree: db17782a6020c7f4962f8bf9c1666f6f19356e1a /crypto/o_init.c
parent: Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be (diff)
download: openssl-05e24c87dd1428809d6eaebf754b472a6cb4bb50.tar.xz
openssl-05e24c87dd1428809d6eaebf754b472a6cb4bb50.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/o_init.c b/crypto/o_init.c
index bb6d9cff11..b7f8d10fa0 100644
--- a/crypto/o_init.c
+++ b/crypto/o_init.c
@@ -56,6 +56,7 @@
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
 #include <openssl/fips.h>
+#include <openssl/rand.h>
 #endif
 
 #if defined(__GNUC__) && __GNUC__>=2
@@ -123,6 +124,7 @@ void OPENSSL_init(void)
 	FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock);
 	FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata);
 	FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free);
+	RAND_init_fips();
 #endif
 #if 0
 	fprintf(stderr, "Called OPENSSL_init\n");
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-05 17:24:10 +0200
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-05 17:24:10 +0200
commit	05e24c87dd1428809d6eaebf754b472a6cb4bb50 (patch)
tree	db17782a6020c7f4962f8bf9c1666f6f19356e1a /crypto/o_init.c
parent	Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be (diff)
download	openssl-05e24c87dd1428809d6eaebf754b472a6cb4bb50.tar.xz openssl-05e24c87dd1428809d6eaebf754b472a6cb4bb50.zip