Call RAND_DRBG_bytes from inside the FIPS provider

Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to demonstrate that it is possible to use the RAND code from inside the module. This is temporary and will be removed once real uses of the RAND code are available inside the module. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9035)
2025-01-18 13:44:20 +08:00 · 2019-05-28 11:26:17 +01:00 · 2019-05-28 11:26:17 +01:00 · 45c54042d0
commit 45c54042d0
parent f2d20f0bb8
1 changed files with 9 additions and 1 deletions
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@ -15,8 +15,11 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+
 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
 #include <openssl/sha.h>
+#include <openssl/rand_drbg.h>
+
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
@ -85,8 +88,10 @@ static int dummy_evp_call(void *provctx)
    int ret = 0;
    BN_CTX *bnctx = NULL;
    BIGNUM *a = NULL, *b = NULL;
+    unsigned char randbuf[128];
+    RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);

-    if (ctx == NULL || sha256 == NULL)
+    if (ctx == NULL || sha256 == NULL || drbg == NULL)
        goto err;

    if (!EVP_DigestInit_ex(ctx, sha256, NULL))
@ -112,6 +117,9 @@ static int dummy_evp_call(void *provctx)
        || BN_cmp(a, b) != 0)
        goto err;
    
+    if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
+        goto err;
+
    ret = 1;
 err:
    BN_CTX_end(bnctx);