Allow applications to specify alternative FIPS RAND methods if they

are sure they are OK. API to retrieve FIPS rand method.

Allow applications to specify alternative FIPS RAND methods if they
are sure they are OK. API to retrieve FIPS rand method.
1d55dd86 · Dr. Stephen Henson · 38f90d06 · 1d55dd86 · 1d55dd86
隐藏空白更改
内联并排

Showing with 33 addition and 10 deletion

fips/rand/fips_rand.h fips/rand/fips_rand.h +4 -0

fips/rand/fips_rand_lib.c fips/rand/fips_rand_lib.c +29 -10

未找到文件。
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -114,7 +114,11 @@ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval);
 DRBG_CTX *FIPS_get_default_drbg(void);
 const RAND_METHOD *FIPS_drbg_method(void);

+
 int FIPS_rand_set_method(const RAND_METHOD *meth);
+const RAND_METHOD *FIPS_rand_get_method(void);
+
+void FIPS_rand_set_bits(int nbits);

 int FIPS_rand_strength(void);


--- a/fips/rand/fips_rand_lib.c
+++ b/fips/rand/fips_rand_lib.c
@@ -62,25 +62,42 @@

 static const RAND_METHOD *fips_rand_meth = NULL;
 static int fips_approved_rand_meth = 0;
+static int fips_rand_bits = 0;

-int FIPS_rand_set_method(const RAND_METHOD *meth)
+/* Allows application to override number of bits and uses non-FIPS methods */
+void FIPS_rand_set_bits(int nbits)
 	{
-	if (meth == FIPS_drbg_method())
-		fips_approved_rand_meth = 1;
-	else if (meth == FIPS_x931_method())
-		fips_approved_rand_meth = 2;
-	else
-		fips_approved_rand_meth = 0;
+	fips_rand_bits = nbits;
+	}

-	if (!fips_approved_rand_meth && FIPS_module_mode())
+int FIPS_rand_set_method(const RAND_METHOD *meth)
+	{
+	if (!fips_rand_bits)
 		{
-		FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD);
-		return 0;
+		if (meth == FIPS_drbg_method())
+			fips_approved_rand_meth = 1;
+		else if (meth == FIPS_x931_method())
+			fips_approved_rand_meth = 2;
+		else
+			{
+			fips_approved_rand_meth = 0;
+			if (FIPS_module_mode())
+				{
+				FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD,
+						FIPS_R_NON_FIPS_METHOD);
+				return 0;
+				}
+			}
 		}
 	fips_rand_meth = meth;
 	return 1;
 	}

+const RAND_METHOD *FIPS_rand_get_method(void)
+	{
+	return fips_rand_meth;
+	}
+
 void FIPS_rand_seed(const void *buf, int num)
 	{
 	if (!fips_approved_rand_meth && FIPS_module_mode())
@@ -147,6 +164,8 @@ int FIPS_rand_status(void)

 int FIPS_rand_strength(void)
 	{
+	if (fips_rand_bits)
+		return fips_rand_bits;
 	if (fips_approved_rand_meth == 1)
 		return FIPS_drbg_get_strength(FIPS_get_default_drbg());
 	else if (fips_approved_rand_meth == 2)