provider: add RAND algorithm tables
authorPauli <paul.dale@oracle.com>
Fri, 8 May 2020 00:24:12 +0000 (10:24 +1000)
committerPauli <paul.dale@oracle.com>
Wed, 24 Jun 2020 10:05:41 +0000 (20:05 +1000)
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)

providers/defltprov.c
providers/fips/fipsprov.c

index 8e27b33..c68e347 100644 (file)
@@ -337,6 +337,17 @@ static const OSSL_ALGORITHM deflt_keyexch[] = {
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM deflt_rands[] = {
+    { "TEST-RAND", "provider=default", test_rng_functions },
+    { "HASH-DRBG", "provider=default", drbg_hash_functions },
+/*
+    { "HMAC-DRBG", "provider=default", drbg_hmac_functions },
+    { "CTR-DRBG", "provider=default", drbg_ctr_functions },
+*/
+    { "CRNGT:continuous-rng-test", "provider=default", crngt_functions },
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM deflt_signature[] = {
 #ifndef OPENSSL_NO_DSA
     { "DSA:dsaEncryption", "provider=default", dsa_signature_functions },
@@ -536,6 +547,8 @@ static const OSSL_ALGORITHM *deflt_query(void *provctx, int operation_id,
         return deflt_macs;
     case OSSL_OP_KDF:
         return deflt_kdfs;
+    case OSSL_OP_RAND:
+        return deflt_rands;
     case OSSL_OP_KEYMGMT:
         return deflt_keymgmt;
     case OSSL_OP_KEYEXCH:
index 4d39570..5927c9f 100644 (file)
@@ -469,6 +469,21 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
     { NULL, NULL, NULL }
 };
 
+static const OSSL_ALGORITHM fips_rands[] = {
+    /*
+     * The TEST RNG must be first, so it can be suppressed after the power up
+     * tests are completed.
+     */
+    { "TEST-RAND", "provider=fips", test_rng_functions },
+    { "HASH-DRBG", "provider=fips", drbg_hash_functions },
+/*
+    { "HMAC-DRBG", "provider=fips", drbg_hmac_functions },
+    { "CTR-DRBG", "provider=fips", drbg_ctr_functions },
+*/
+    { "CRNGT:continuous-rng-test", "provider=fips", crngt_functions },
+    { NULL, NULL, NULL }
+};
+
 static const OSSL_ALGORITHM fips_keyexch[] = {
 #ifndef OPENSSL_NO_DH
     { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions },
@@ -533,6 +548,8 @@ static const OSSL_ALGORITHM *fips_query(void *provctx, int operation_id,
         return fips_macs;
     case OSSL_OP_KDF:
         return fips_kdfs;
+    case OSSL_OP_RAND:
+        return fips_rands;
     case OSSL_OP_KEYMGMT:
         return fips_keymgmt;
     case OSSL_OP_KEYEXCH: