Convert to X9.31.

diff --git a/fips/rand/fingerprint.sha1 b/fips/rand/fingerprint.sha1
index f6482327792c1a2a900fac3fc1a39694e5fd9083..fe576ad6ed56c0d9c32e723578c42a78fadc349d 100644 (file)
--- a/fips/rand/fingerprint.sha1
+++ b/fips/rand/fingerprint.sha1
@@ -1,2 +1,2 @@
-HMAC-SHA1(fips_rand.c)= 9371bac9e8929fe26327383f6e7fb11f06671565
+HMAC-SHA1(fips_rand.c)= 9bf5f5a42a150f5499071c34addab1f351f611ce
 HMAC-SHA1(fips_rand.h)= 0567b1fe9b0efe034a537f335659b0b681809791

diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c
index 15c270b4464826def79ccc637d39a4c8641ca2e8..e4607c960975fb10075d83e645011e39f22e4b86 100644 (file)
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@@ -48,8 +48,7 @@
  */
 
 /*
- * This is a FIPS approved PRNG, ANSI X9.17, as specified in HAC,
- * Menezes et al., p.173
+ * This is a FIPS approved PRNG, ANSI X9.31 A.2.4.
  */
 
 #include <openssl/des.h>
@@ -287,9 +286,6 @@ static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
        }
 #endif
 
-    fips_gettime(timeseed);
-    fips_rand_encrypt(intermediate,timeseed);
-
     CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
     for(n=0 ; n < num ; )
@@ -297,12 +293,29 @@ static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
        unsigned char t[SEED_SIZE];
        FIPS_RAND_SIZE_T l;
        
-       /* now generate a full 64 bits of "randomness" */
+       /* ANS X9.31 A.2.4:     I = ede*K(DT)
+              timeseed == DT
+              intermediate == I
+       */
+       fips_gettime(timeseed);
+       fips_rand_encrypt(intermediate,timeseed);
+
+       /* ANS X9.31 A.2.4:     R = ede*K(I^V)
+              intermediate == I
+              seed == V
+              output == R
+       */
        for(l=0 ; l < sizeof t ; ++l)
            t[l]=intermediate[l]^seed[l];
        fips_rand_encrypt(output,t);
+
+       /* ANS X9.31 A.2.4:     V = ede*K(R^I)
+              output == R
+              intermediate == I
+              seed == V
+       */
        for(l=0 ; l < sizeof t ; ++l)
-           t[l]=output[l]^seed[l];
+           t[l]=output[l]^intermediate[l];
        fips_rand_encrypt(seed,t);
 
        if(second && !memcmp(output,previous,sizeof previous))
@@ -314,6 +327,8 @@ static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
        memcpy(previous,output,sizeof previous);
        second=1;
 
+       /* Successive values of R may be concatenated to produce a
+          pseudo random number of the desired length */ 
        l=SEED_SIZE < num-n ? SEED_SIZE : num-n;
        memcpy(buf+n,output,l);
        n+=l;

diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c
index 98fe83ca4a4a56b6f9b48da0665735291cd6d15a..c5b2c3701c91bc18bac3ff684d31d8b9cfbfe383 100644 (file)
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@@ -145,7 +145,7 @@ static PRNGtest t1=
     { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
     { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
     { 0x33,0xc3,0xdf,0xfe,0x60,0x60,0x49,0x9e },
-    { 0x40,0x08,0x95,0x4d,0xb1,0x82,0x98,0x86 }
+    { 0xcd,0x2b,0x41,0xaf,0x80,0x51,0x37,0xd8 }
     };
 static PRNGtest t2=
     {
@@ -154,7 +154,7 @@ static PRNGtest t2=
     { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
     { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
     { 0x65,0xf1,0xa4,0x07,0x42,0x38,0xd5,0x25 },
-    { 0x99,0xba,0x8f,0xd2,0x88,0xad,0xf8,0x34 }
+    { 0xbb,0x75,0x84,0x20,0x7a,0x44,0xf0,0xa0 }
     };
 
 static void dump(const unsigned char *b,int n)