Hello, I'am attaching patch for crypto/rand/rnd_lcl.h which configures openssl to use SHA256 as hash function for PRNG.... This is a requirement form french "Agence nationale de securité de services d'informtion" (ANSSI. I hope it will be accepted. ============================================================= --- /home/vadim/Downloads/openssl-1.0.1h/crypto/rand/rand_lcl.h 2014-06-05 11:41:30.000000000 +0200 +++ /tmp/new/rand_lcl.h 2015-07-20 16:07:58.513282954 +0200 @@ -115,7 +115,9 @@ #define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ -#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) && !defined(USE_SHA256_RAND) +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) +#define USE_SHA256_RAND #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) #define USE_SHA1_RAND #elif !defined(OPENSSL_NO_MD5) @@ -142,6 +144,11 @@ #define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH #define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) #define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) +#elif defined(USE_SHA256_RAND) +#include <openssl/sha.h> +#define MD_DIGEST_LENGTH SHA256_DIGEST_LENGTH +#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha256(), NULL) +#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha256(), NULL) #elif defined(USE_MDC2_RAND) #include <openssl/mdc2.h> #define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
