FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()

Make sure that the OpenSSL DRBG gets used when generating random numbers in FIPS mode. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 21:49:41 +03:00 · 2012-08-16 21:49:41 +03:00 · 982bafedaf
commit 982bafedaf
parent 105f5881d5
5 changed files with 53 additions and 0 deletions
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@ -15,6 +15,7 @@
 #include <openssl/evp.h>
 #include <openssl/dh.h>
 #include <openssl/hmac.h>
+#include <openssl/rand.h>

 #include "common.h"
 #include "wpabuf.h"
@ -738,3 +739,11 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
 {
 	return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
 }
+
+
+int crypto_get_random(void *buf, size_t len)
+{
+	if (RAND_bytes(buf, len) != 1)
+		return -1;
+	return 0;
+}