42 lines
1.2 KiB
Diff
42 lines
1.2 KiB
Diff
From 196ee40d489e4e6a72232a3cdbb7af19a72362b3 Mon Sep 17 00:00:00 2001
|
|
From: Robbie Harwood <rharwood@redhat.com>
|
|
Date: Fri, 4 Jan 2019 17:00:15 -0500
|
|
Subject: [PATCH] Use openssl's PRNG in FIPS mode
|
|
|
|
(cherry picked from commit 31277d79675a76612015ea00d420b41b9a232d5a)
|
|
---
|
|
src/lib/crypto/krb/prng.c | 11 ++++++++++-
|
|
1 file changed, 10 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
|
|
index cb9ca9b98..f0e9984ca 100644
|
|
--- a/src/lib/crypto/krb/prng.c
|
|
+++ b/src/lib/crypto/krb/prng.c
|
|
@@ -26,6 +26,8 @@
|
|
|
|
#include "crypto_int.h"
|
|
|
|
+#include <openssl/rand.h>
|
|
+
|
|
krb5_error_code KRB5_CALLCONV
|
|
krb5_c_random_seed(krb5_context context, krb5_data *data)
|
|
{
|
|
@@ -99,9 +101,16 @@ krb5_boolean
|
|
k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
|
|
{
|
|
const char *device;
|
|
-#if defined(__linux__) && defined(SYS_getrandom)
|
|
int r;
|
|
|
|
+ /* A wild FIPS mode appeared! */
|
|
+ if (FIPS_mode()) {
|
|
+ /* The return codes on this API are not good */
|
|
+ r = RAND_bytes(buf, len);
|
|
+ return r == 1;
|
|
+ }
|
|
+
|
|
+#if defined(__linux__) && defined(SYS_getrandom)
|
|
while (len > 0) {
|
|
/*
|
|
* Pull from the /dev/urandom pool, but require it to have been seeded.
|