author | Tomas Kuthan <tomas.kuthan@oracle.com> |
Wed, 20 Apr 2016 13:13:57 -0700 | |
changeset 5821 | 7c212462920b |
parent 5310 | a06a01eef195 |
permissions | -rw-r--r-- |
5310
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
1 |
# |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
2 |
# Replace arc4random* calls with FIPS compliant implementation in FIPS mode. |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
3 |
# |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
4 |
# Once libc:arc4random* are FIPS compliant (20816957), this patch will be |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
5 |
# dropped. |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
6 |
# |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
7 |
# This is a temporary patch and is not intented for upstream contribution. |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
8 |
# |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
9 |
diff -pur old/misc.c new/misc.c |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
10 |
--- old/misc.c |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
11 |
+++ new/misc.c |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
12 |
@@ -1164,3 +1164,87 @@ sock_set_v6only(int s) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
13 |
error("setsockopt IPV6_V6ONLY: %s", strerror(errno)); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
14 |
#endif |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
15 |
} |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
16 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
17 |
+#ifdef ENABLE_OPENSSL_FIPS |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
18 |
+/* cancel arc4random* -> fips_arc4random* defines from misc.h */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
19 |
+#undef arc4random |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
20 |
+#undef arc4random_buf |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
21 |
+#undef arc4random_stir |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
22 |
+#undef arc4random_uniform |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
23 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
24 |
+/* FIPS compliant alternative for arc4random */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
25 |
+static uint32_t |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
26 |
+fips_arc4random_impl() |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
27 |
+{ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
28 |
+ unsigned int r = 0; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
29 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
30 |
+ if (RAND_bytes((unsigned char *)&r, sizeof (r)) <= 0) { |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
31 |
+ fatal("RAND_bytes() failed. Aborting the process"); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
32 |
+ } |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
33 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
34 |
+ return (r); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
35 |
+} |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
36 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
37 |
+uint32_t |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
38 |
+fips_arc4random() |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
39 |
+{ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
40 |
+ if (!ssh_FIPS_mode()) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
41 |
+ return arc4random(); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
42 |
+ else |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
43 |
+ return fips_arc4random_impl(); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
44 |
+} |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
45 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
46 |
+/* implementation taken from openbsd-compat/arc4random.c */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
47 |
+void |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
48 |
+fips_arc4random_buf(void *_buf, size_t n) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
49 |
+{ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
50 |
+ size_t i; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
51 |
+ uint32_t r = 0; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
52 |
+ char *buf = (char *)_buf; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
53 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
54 |
+ if (!ssh_FIPS_mode()) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
55 |
+ return arc4random_buf(_buf, n); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
56 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
57 |
+ for (i = 0; i < n; i++) { |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
58 |
+ if (i % 4 == 0) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
59 |
+ r = fips_arc4random_impl(); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
60 |
+ buf[i] = r & 0xff; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
61 |
+ r >>= 8; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
62 |
+ } |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
63 |
+ explicit_bzero(&r, sizeof(r)); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
64 |
+} |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
65 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
66 |
+void |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
67 |
+fips_arc4random_stir(void) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
68 |
+{ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
69 |
+ if (!ssh_FIPS_mode()) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
70 |
+ return arc4random_stir(); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
71 |
+} |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
72 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
73 |
+/* implementation taken from openbsd-compat/arc4random.c */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
74 |
+uint32_t |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
75 |
+fips_arc4random_uniform(uint32_t upper_bound) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
76 |
+{ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
77 |
+ uint32_t r, min; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
78 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
79 |
+ if (upper_bound < 2) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
80 |
+ return 0; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
81 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
82 |
+ /* 2**32 % x == (2**32 - x) % x */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
83 |
+ min = -upper_bound % upper_bound; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
84 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
85 |
+ /* |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
86 |
+ * This could theoretically loop forever but each retry has |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
87 |
+ * p > 0.5 (worst case, usually far better) of selecting a |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
88 |
+ * number inside the range we need, so it should rarely need |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
89 |
+ * to re-roll. |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
90 |
+ */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
91 |
+ for (;;) { |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
92 |
+ r = fips_arc4random_impl(); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
93 |
+ if (r >= min) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
94 |
+ break; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
95 |
+ } |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
96 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
97 |
+ return r % upper_bound; |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
98 |
+} |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
99 |
+#endif /* ENABLE_OPENSSL_FIPS */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
100 |
diff -pur old/misc.h new/misc.h |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
101 |
--- old/misc.h |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
102 |
+++ new/misc.h |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
103 |
@@ -140,4 +140,16 @@ char *read_passphrase(const char *, int) |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
104 |
int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
105 |
int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
106 |
|
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
107 |
+#ifdef ENABLE_OPENSSL_FIPS |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
108 |
+/* arc4random* FIPS alternatives */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
109 |
+uint32_t fips_arc4random(void); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
110 |
+void fips_arc4random_buf(void *, size_t); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
111 |
+void fips_arc4random_stir(void); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
112 |
+uint32_t fips_arc4random_uniform(uint32_t upper_bound); |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
113 |
+#define arc4random fips_arc4random |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
114 |
+#define arc4random_buf fips_arc4random_buf |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
115 |
+#define arc4random_stir fips_arc4random_stir |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
116 |
+#define arc4random_uniform fips_arc4random_uniform |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
117 |
+#endif /* ENABLE_OPENSSL_FIPS */ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
118 |
+ |
a06a01eef195
22051483 Dynamically enabling FIPS mode in OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
119 |
#endif /* _MISC_H */ |