Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
+ This shouldn't present any incompatibility problems because applications
+ shouldn't be using these directly and any that are will need to rethink
+ anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
+ [Steve Henson]
+
*) Extensive self tests and health checking required by SP800-90 DRBG.
Remove strength parameter from FIPS_drbg_instantiate and always
instantiate at maximum supported strength.
}
/* Perform RNG KAT before seeding */
- if (!FIPS_selftest_rng())
+ if (!FIPS_selftest_x931())
{
fips_selftest_fail = 1;
ret = 0;
int FIPS_selftest_ecdsa(void);
void FIPS_corrupt_ecdsa(void);
void FIPS_corrupt_ec_keygen(void);
-void FIPS_corrupt_rng(void);
+void FIPS_corrupt_x931(void);
void FIPS_corrupt_drbg(void);
-void FIPS_rng_stick(void);
+void FIPS_x931_stick(void);
void FIPS_drbg_stick(void);
-int FIPS_selftest_rng(void);
+int FIPS_selftest_x931(void);
int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
} else if (!strcmp(argv[1], "drbg")) {
FIPS_corrupt_drbg();
} else if (!strcmp(argv[1], "rng")) {
- FIPS_corrupt_rng();
+ FIPS_corrupt_x931();
} else if (!strcmp(argv[1], "rngstick")) {
do_rng_stick = 1;
no_exit = 1;
if (do_drbg_stick)
FIPS_drbg_stick();
if (do_rng_stick)
- FIPS_rng_stick();
+ FIPS_x931_stick();
/* AES encryption/decryption
*/
static int fips_prng_fail = 0;
-void FIPS_rng_stick(void)
+void FIPS_x931_stick(void)
{
fips_prng_fail = 1;
}
return 1;
}
-int FIPS_rand_test_mode(void)
+int FIPS_x931_test_mode(void)
{
return fips_set_test_mode(&sctx);
}
-int FIPS_rand_set_dt(unsigned char *dt)
+int FIPS_x931_set_dt(unsigned char *dt)
{
if (!sctx.test_mode)
{
}
-int FIPS_rand_set_key(const unsigned char *key, int keylen)
+int FIPS_x931_set_key(const unsigned char *key, int keylen)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
return ret;
}
-int FIPS_rand_seed(const void *seed, int seedlen)
+int FIPS_x931_seed(const void *seed, int seedlen)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
}
-int FIPS_rand_bytes(unsigned char *out, int count)
+int FIPS_x931_bytes(unsigned char *out, int count)
{
int ret;
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
return ret;
}
-int FIPS_rand_status(void)
+int FIPS_x931_status(void)
{
int ret;
CRYPTO_r_lock(CRYPTO_LOCK_RAND);
return ret;
}
-void FIPS_rand_reset(void)
+void FIPS_x931_reset(void)
{
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
fips_rand_prng_reset(&sctx);
static int fips_do_rand_seed(const void *seed, int seedlen)
{
- FIPS_rand_seed(seed, seedlen);
+ FIPS_x931_seed(seed, seedlen);
return 1;
}
static int fips_do_rand_add(const void *seed, int seedlen,
double add_entropy)
{
- FIPS_rand_seed(seed, seedlen);
+ FIPS_x931_seed(seed, seedlen);
return 1;
}
-static const RAND_METHOD rand_fips_meth=
+static const RAND_METHOD rand_x931_meth=
{
fips_do_rand_seed,
- FIPS_rand_bytes,
- FIPS_rand_reset,
+ FIPS_x931_bytes,
+ FIPS_x931_reset,
fips_do_rand_add,
- FIPS_rand_bytes,
- FIPS_rand_status
+ FIPS_x931_bytes,
+ FIPS_x931_status
};
-const RAND_METHOD *FIPS_rand_method(void)
+const RAND_METHOD *FIPS_x931_method(void)
{
- return &rand_fips_meth;
+ return &rand_x931_meth;
}
#endif
extern "C" {
#endif
-int FIPS_rand_set_key(const unsigned char *key, int keylen);
-int FIPS_rand_seed(const void *buf, int num);
-int FIPS_rand_bytes(unsigned char *out, int outlen);
+int FIPS_x931_set_key(const unsigned char *key, int keylen);
+int FIPS_x931_seed(const void *buf, int num);
+int FIPS_x931_bytes(unsigned char *out, int outlen);
-int FIPS_rand_test_mode(void);
-void FIPS_rand_reset(void);
-int FIPS_rand_set_dt(unsigned char *dt);
+int FIPS_x931_test_mode(void);
+void FIPS_x931_reset(void);
+int FIPS_x931_set_dt(unsigned char *dt);
-int FIPS_rand_status(void);
+int FIPS_x931_status(void);
-const RAND_METHOD *FIPS_rand_method(void);
+const RAND_METHOD *FIPS_x931_method(void);
typedef struct drbg_ctx_st DRBG_CTX;
};
-void FIPS_corrupt_rng()
+void FIPS_corrupt_x931()
{
aes_192_tv[0].V[0]++;
}
-#define fips_rand_test(key, tv) \
- do_rand_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
+#define fips_x931_test(key, tv) \
+ do_x931_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
-static int do_rand_test(unsigned char *key, int keylen,
+static int do_x931_test(unsigned char *key, int keylen,
AES_PRNG_TV *tv, int ntv)
{
unsigned char R[16];
int i;
- if (!FIPS_rand_set_key(key, keylen))
+ if (!FIPS_x931_set_key(key, keylen))
return 0;
for (i = 0; i < ntv; i++)
{
- FIPS_rand_seed(tv[i].V, 16);
- FIPS_rand_set_dt(tv[i].DT);
- FIPS_rand_bytes(R, 16);
+ FIPS_x931_seed(tv[i].V, 16);
+ FIPS_x931_set_dt(tv[i].DT);
+ FIPS_x931_bytes(R, 16);
if (memcmp(R, tv[i].R, 16))
return 0;
}
}
-int FIPS_selftest_rng()
+int FIPS_selftest_x931()
{
- FIPS_rand_reset();
- if (!FIPS_rand_test_mode())
+ FIPS_x931_reset();
+ if (!FIPS_x931_test_mode())
{
FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
return 0;
}
- if (!fips_rand_test(aes_128_key,aes_128_tv)
- || !fips_rand_test(aes_192_key, aes_192_tv)
- || !fips_rand_test(aes_256_key, aes_256_tv))
+ if (!fips_x931_test(aes_128_key,aes_128_tv)
+ || !fips_x931_test(aes_192_key, aes_192_tv)
+ || !fips_x931_test(aes_256_key, aes_256_tv))
{
FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
return 0;
}
- FIPS_rand_reset();
+ FIPS_x931_reset();
return 1;
}
{
unsigned char buf[16], dt[16];
int i, j;
- FIPS_rand_reset();
- FIPS_rand_test_mode();
- FIPS_rand_set_key(key, keylen);
- FIPS_rand_seed(tv->V, 16);
+ FIPS_x931_reset();
+ FIPS_x931_test_mode();
+ FIPS_x931_set_key(key, keylen);
+ FIPS_x931_seed(tv->V, 16);
memcpy(dt, tv->DT, 16);
for (i = 0; i < 10000; i++)
{
- FIPS_rand_set_dt(dt);
- FIPS_rand_bytes(buf, 16);
+ FIPS_x931_set_dt(dt);
+ FIPS_x931_bytes(buf, 16);
/* Increment DT */
for (j = 15; j >= 0; j--)
{
return;
}
- FIPS_rand_set_key(key, keylen);
- FIPS_rand_seed(v,16);
- FIPS_rand_set_dt(dt);
- if (FIPS_rand_bytes(ret,16) <= 0)
+ FIPS_x931_set_key(key, keylen);
+ FIPS_x931_seed(v,16);
+ FIPS_x931_set_dt(dt);
+ if (FIPS_x931_bytes(ret,16) <= 0)
{
fprintf(stderr, "Error getting PRNG value\n");
return;
return;
}
- FIPS_rand_set_key(key, keylen);
- FIPS_rand_seed(v,16);
+ FIPS_x931_set_key(key, keylen);
+ FIPS_x931_seed(v,16);
for (i = 0; i < 10000; i++)
{
- FIPS_rand_set_dt(dt);
- if (FIPS_rand_bytes(ret,16) <= 0)
+ FIPS_x931_set_dt(dt);
+ if (FIPS_x931_bytes(ret,16) <= 0)
{
fprintf(stderr, "Error getting PRNG value\n");
return;
exit(1);
}
fips_algtest_init();
- FIPS_rand_reset();
- if (!FIPS_rand_test_mode())
+ FIPS_x931_reset();
+ if (!FIPS_x931_test_mode())
{
fprintf(stderr, "Error setting PRNG test mode\n");
exit(1);
projects / openssl.git / commitdiff