Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be (cab0595c) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,12 @@

		Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]

		) Rename old X9.31 PRNG functions of the form FIPS_rand to FIPS_x931*.
		This shouldn't present any incompatibility problems because applications
		shouldn't be using these directly and any that are will need to rethink
		anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
		[Steve Henson]

		*) Extensive self tests and health checking required by SP800-90 DRBG.
		Remove strength parameter from FIPS_drbg_instantiate and always
		instantiate at maximum supported strength.

fips/fips.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -323,7 +323,7 @@ int FIPS_mode_set(int onoff)
		}

		/* Perform RNG KAT before seeding */
		if (!FIPS_selftest_rng())
		if (!FIPS_selftest_x931())
		{
		fips_selftest_fail = 1;
		ret = 0;

fips/fips.h

+3 −3

Original line number	Diff line number	Diff line
		@@ -89,11 +89,11 @@ int FIPS_selftest_dsa(void);
		int FIPS_selftest_ecdsa(void);
		void FIPS_corrupt_ecdsa(void);
		void FIPS_corrupt_ec_keygen(void);
		void FIPS_corrupt_rng(void);
		void FIPS_corrupt_x931(void);
		void FIPS_corrupt_drbg(void);
		void FIPS_rng_stick(void);
		void FIPS_x931_stick(void);
		void FIPS_drbg_stick(void);
		int FIPS_selftest_rng(void);
		int FIPS_selftest_x931(void);
		int FIPS_selftest_hmac(void);
		int FIPS_selftest_drbg(void);
		int FIPS_selftest_cmac(void);

fips/fips_test_suite.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -723,7 +723,7 @@ int main(int argc,char **argv)
		} else if (!strcmp(argv[1], "drbg")) {
		FIPS_corrupt_drbg();
		} else if (!strcmp(argv[1], "rng")) {
		FIPS_corrupt_rng();
		FIPS_corrupt_x931();
		} else if (!strcmp(argv[1], "rngstick")) {
		do_rng_stick = 1;
		no_exit = 1;
		@@ -764,7 +764,7 @@ int main(int argc,char **argv)
		if (do_drbg_stick)
		FIPS_drbg_stick();
		if (do_rng_stick)
		FIPS_rng_stick();
		FIPS_x931_stick();

		/* AES encryption/decryption
		*/

fips/rand/fips_rand.c

+17 −17

Original line number	Diff line number	Diff line
		@@ -111,7 +111,7 @@ static FIPS_PRNG_CTX sctx;

		static int fips_prng_fail = 0;

		void FIPS_rng_stick(void)
		void FIPS_x931_stick(void)
		{
		fips_prng_fail = 1;
		}
		@@ -205,12 +205,12 @@ static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
		return 1;
		}

		int FIPS_rand_test_mode(void)
		int FIPS_x931_test_mode(void)
		{
		return fips_set_test_mode(&sctx);
		}

		int FIPS_rand_set_dt(unsigned char *dt)
		int FIPS_x931_set_dt(unsigned char *dt)
		{
		if (!sctx.test_mode)
		{
		@@ -339,7 +339,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
		}


		int FIPS_rand_set_key(const unsigned char *key, int keylen)
		int FIPS_x931_set_key(const unsigned char *key, int keylen)
		{
		int ret;
		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
		@@ -348,7 +348,7 @@ int FIPS_rand_set_key(const unsigned char *key, int keylen)
		return ret;
		}

		int FIPS_rand_seed(const void *seed, int seedlen)
		int FIPS_x931_seed(const void *seed, int seedlen)
		{
		int ret;
		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
		@@ -358,7 +358,7 @@ int FIPS_rand_seed(const void *seed, int seedlen)
		}


		int FIPS_rand_bytes(unsigned char *out, int count)
		int FIPS_x931_bytes(unsigned char *out, int count)
		{
		int ret;
		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
		@@ -367,7 +367,7 @@ int FIPS_rand_bytes(unsigned char *out, int count)
		return ret;
		}

		int FIPS_rand_status(void)
		int FIPS_x931_status(void)
		{
		int ret;
		CRYPTO_r_lock(CRYPTO_LOCK_RAND);
		@@ -376,7 +376,7 @@ int FIPS_rand_status(void)
		return ret;
		}

		void FIPS_rand_reset(void)
		void FIPS_x931_reset(void)
		{
		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
		fips_rand_prng_reset(&sctx);
		@@ -385,30 +385,30 @@ void FIPS_rand_reset(void)

		static int fips_do_rand_seed(const void *seed, int seedlen)
		{
		FIPS_rand_seed(seed, seedlen);
		FIPS_x931_seed(seed, seedlen);
		return 1;
		}

		static int fips_do_rand_add(const void *seed, int seedlen,
		double add_entropy)
		{
		FIPS_rand_seed(seed, seedlen);
		FIPS_x931_seed(seed, seedlen);
		return 1;
		}

		static const RAND_METHOD rand_fips_meth=
		static const RAND_METHOD rand_x931_meth=
		{
		fips_do_rand_seed,
		FIPS_rand_bytes,
		FIPS_rand_reset,
		FIPS_x931_bytes,
		FIPS_x931_reset,
		fips_do_rand_add,
		FIPS_rand_bytes,
		FIPS_rand_status
		FIPS_x931_bytes,
		FIPS_x931_status
		};

		const RAND_METHOD *FIPS_rand_method(void)
		const RAND_METHOD *FIPS_x931_method(void)
		{
		return &rand_fips_meth;
		return &rand_x931_meth;
		}

		#endif