Rename deprecated FIPS_rand functions to FIPS_x931. These shouldn't be

used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.

CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
+     This shouldn't present any incompatibility problems because applications
+     shouldn't be using these directly and any that are will need to rethink
+     anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
+     [Steve Henson]
+
   *) Extensive self tests and health checking required by SP800-90 DRBG.
      Remove strength parameter from FIPS_drbg_instantiate and always
      instantiate at maximum supported strength.

fips/fips.c

@@ -323,7 +323,7 @@ int FIPS_mode_set(int onoff)
 	    }
 
 	/* Perform RNG KAT before seeding */
-	if (!FIPS_selftest_rng())
+	if (!FIPS_selftest_x931())
 	    {
 	    fips_selftest_fail = 1;
 	    ret = 0;

fips/fips.h

@@ -89,11 +89,11 @@ int FIPS_selftest_dsa(void);
 int FIPS_selftest_ecdsa(void);
 void FIPS_corrupt_ecdsa(void);
 void FIPS_corrupt_ec_keygen(void);
-void FIPS_corrupt_rng(void);
+void FIPS_corrupt_x931(void);
 void FIPS_corrupt_drbg(void);
-void FIPS_rng_stick(void);
+void FIPS_x931_stick(void);
 void FIPS_drbg_stick(void);
-int FIPS_selftest_rng(void);
+int FIPS_selftest_x931(void);
 int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
 int FIPS_selftest_cmac(void);

fips/fips_test_suite.c

@@ -723,7 +723,7 @@ int main(int argc,char **argv)
 	} else if (!strcmp(argv[1], "drbg")) {
 	    FIPS_corrupt_drbg();
 	} else if (!strcmp(argv[1], "rng")) {
-	    FIPS_corrupt_rng();
+	    FIPS_corrupt_x931();
 	} else if (!strcmp(argv[1], "rngstick")) {
 	    do_rng_stick = 1;
 	    no_exit = 1;
@@ -764,7 +764,7 @@ int main(int argc,char **argv)
     if (do_drbg_stick)
             FIPS_drbg_stick();
     if (do_rng_stick)
-            FIPS_rng_stick();
+            FIPS_x931_stick();
 
     /* AES encryption/decryption
     */

fips/rand/fips_rand.c

@@ -111,7 +111,7 @@ static FIPS_PRNG_CTX sctx;
 
 static int fips_prng_fail = 0;
 
-void FIPS_rng_stick(void)
+void FIPS_x931_stick(void)
 	{
 	fips_prng_fail = 1;
 	}
@@ -205,12 +205,12 @@ static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
 	return 1;
 	}
 
-int FIPS_rand_test_mode(void)
+int FIPS_x931_test_mode(void)
 	{
 	return fips_set_test_mode(&sctx);
 	}
 
-int FIPS_rand_set_dt(unsigned char *dt)
+int FIPS_x931_set_dt(unsigned char *dt)
 	{
 	if (!sctx.test_mode)
 		{
@@ -339,7 +339,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
 	}
 
 
-int FIPS_rand_set_key(const unsigned char *key, int keylen)
+int FIPS_x931_set_key(const unsigned char *key, int keylen)
 	{
 	int ret;
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
@@ -348,7 +348,7 @@ int FIPS_rand_set_key(const unsigned char *key, int keylen)
 	return ret;
 	}
 
-int FIPS_rand_seed(const void *seed, int seedlen)
+int FIPS_x931_seed(const void *seed, int seedlen)
 	{
 	int ret;
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
@@ -358,7 +358,7 @@ int FIPS_rand_seed(const void *seed, int seedlen)
 	}
 
 
-int FIPS_rand_bytes(unsigned char *out, int count)
+int FIPS_x931_bytes(unsigned char *out, int count)
 	{
 	int ret;
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
@@ -367,7 +367,7 @@ int FIPS_rand_bytes(unsigned char *out, int count)
 	return ret;
 	}
 
-int FIPS_rand_status(void)
+int FIPS_x931_status(void)
 	{
 	int ret;
 	CRYPTO_r_lock(CRYPTO_LOCK_RAND);
@@ -376,7 +376,7 @@ int FIPS_rand_status(void)
 	return ret;
 	}
 
-void FIPS_rand_reset(void)
+void FIPS_x931_reset(void)
 	{
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	fips_rand_prng_reset(&sctx);
@@ -385,30 +385,30 @@ void FIPS_rand_reset(void)
 
 static int fips_do_rand_seed(const void *seed, int seedlen)
 	{
-	FIPS_rand_seed(seed, seedlen);
+	FIPS_x931_seed(seed, seedlen);
 	return 1;
 	}
 
 static int fips_do_rand_add(const void *seed, int seedlen,
 					double add_entropy)
 	{
-	FIPS_rand_seed(seed, seedlen);
+	FIPS_x931_seed(seed, seedlen);
 	return 1;
 	}
 
-static const RAND_METHOD rand_fips_meth=
+static const RAND_METHOD rand_x931_meth=
     {
     fips_do_rand_seed,
-    FIPS_rand_bytes,
-    FIPS_rand_reset,
+    FIPS_x931_bytes,
+    FIPS_x931_reset,
     fips_do_rand_add,
-    FIPS_rand_bytes,
-    FIPS_rand_status
+    FIPS_x931_bytes,
+    FIPS_x931_status
     };
 
-const RAND_METHOD *FIPS_rand_method(void)
+const RAND_METHOD *FIPS_x931_method(void)
 {
-  return &rand_fips_meth;
+  return &rand_x931_meth;
 }
 
 #endif

fips/rand/fips_rand.h

@@ -58,17 +58,17 @@
 extern "C" {
 #endif
 
-int FIPS_rand_set_key(const unsigned char *key, int keylen);
-int FIPS_rand_seed(const void *buf, int num);
-int FIPS_rand_bytes(unsigned char *out, int outlen);
+int FIPS_x931_set_key(const unsigned char *key, int keylen);
+int FIPS_x931_seed(const void *buf, int num);
+int FIPS_x931_bytes(unsigned char *out, int outlen);
 
-int FIPS_rand_test_mode(void);
-void FIPS_rand_reset(void);
-int FIPS_rand_set_dt(unsigned char *dt);
+int FIPS_x931_test_mode(void);
+void FIPS_x931_reset(void);
+int FIPS_x931_set_dt(unsigned char *dt);
 
-int FIPS_rand_status(void);
+int FIPS_x931_status(void);
 
-const RAND_METHOD *FIPS_rand_method(void);
+const RAND_METHOD *FIPS_x931_method(void);
 
 typedef struct drbg_ctx_st DRBG_CTX;
 

fips/rand/fips_rand_selftest.c

@@ -324,26 +324,26 @@ static AES_PRNG_TV aes_256_tv[] = {
 };
 
 
-void FIPS_corrupt_rng()
+void FIPS_corrupt_x931()
     {
     aes_192_tv[0].V[0]++;
     }
 
-#define fips_rand_test(key, tv) \
-	do_rand_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
+#define fips_x931_test(key, tv) \
+	do_x931_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
 
-static int do_rand_test(unsigned char *key, int keylen,
+static int do_x931_test(unsigned char *key, int keylen,
 			AES_PRNG_TV *tv, int ntv)
 	{
 	unsigned char R[16];
 	int i;
-	if (!FIPS_rand_set_key(key, keylen))
+	if (!FIPS_x931_set_key(key, keylen))
 		return 0;
 	for (i = 0; i < ntv; i++)
 		{
-		FIPS_rand_seed(tv[i].V, 16);
-		FIPS_rand_set_dt(tv[i].DT);
-		FIPS_rand_bytes(R, 16);
+		FIPS_x931_seed(tv[i].V, 16);
+		FIPS_x931_set_dt(tv[i].DT);
+		FIPS_x931_bytes(R, 16);
 		if (memcmp(R, tv[i].R, 16))
 			return 0;
 		}
@@ -351,22 +351,22 @@ static int do_rand_test(unsigned char *key, int keylen,
 	}
 	
 
-int FIPS_selftest_rng()
+int FIPS_selftest_x931()
 	{
-	FIPS_rand_reset();
-	if (!FIPS_rand_test_mode())
+	FIPS_x931_reset();
+	if (!FIPS_x931_test_mode())
 		{
 		FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
 		return 0;
 		}
-	if (!fips_rand_test(aes_128_key,aes_128_tv)
-		|| !fips_rand_test(aes_192_key, aes_192_tv)
-		|| !fips_rand_test(aes_256_key, aes_256_tv))
+	if (!fips_x931_test(aes_128_key,aes_128_tv)
+		|| !fips_x931_test(aes_192_key, aes_192_tv)
+		|| !fips_x931_test(aes_256_key, aes_256_tv))
 		{
 		FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
 		return 0;
 		}
-	FIPS_rand_reset();
+	FIPS_x931_reset();
 	return 1;
 	}
 

fips/rand/fips_randtest.c

@@ -218,15 +218,15 @@ static void run_test(unsigned char *key, int keylen, AES_PRNG_MCT *tv)
     {
     unsigned char buf[16], dt[16];
     int i, j;
-    FIPS_rand_reset();
-    FIPS_rand_test_mode();
-    FIPS_rand_set_key(key, keylen);
-    FIPS_rand_seed(tv->V, 16);
+    FIPS_x931_reset();
+    FIPS_x931_test_mode();
+    FIPS_x931_set_key(key, keylen);
+    FIPS_x931_seed(tv->V, 16);
     memcpy(dt, tv->DT, 16);
     for (i = 0; i < 10000; i++)
 	{
-    	FIPS_rand_set_dt(dt);
-	FIPS_rand_bytes(buf, 16);
+    	FIPS_x931_set_dt(dt);
+	FIPS_x931_bytes(buf, 16);
 	/* Increment DT */
 	for (j = 15; j >= 0; j--)
 		{

fips/rand/fips_rngvs.c

@@ -90,10 +90,10 @@ static void vst(FILE *in, FILE *out)
 		return;
 		}
 
-	    FIPS_rand_set_key(key, keylen);
-	    FIPS_rand_seed(v,16);
-	    FIPS_rand_set_dt(dt);
-	    if (FIPS_rand_bytes(ret,16) <= 0)
+	    FIPS_x931_set_key(key, keylen);
+	    FIPS_x931_seed(v,16);
+	    FIPS_x931_set_dt(dt);
+	    if (FIPS_x931_bytes(ret,16) <= 0)
 		{
 		fprintf(stderr, "Error getting PRNG value\n");
 	        return;
@@ -168,12 +168,12 @@ static void mct(FILE *in, FILE *out)
 		return;
 		}
 
-	    FIPS_rand_set_key(key, keylen);
-	    FIPS_rand_seed(v,16);
+	    FIPS_x931_set_key(key, keylen);
+	    FIPS_x931_seed(v,16);
 	    for (i = 0; i < 10000; i++)
 		{
-		    FIPS_rand_set_dt(dt);
-		    if (FIPS_rand_bytes(ret,16) <= 0)
+		    FIPS_x931_set_dt(dt);
+		    if (FIPS_x931_bytes(ret,16) <= 0)
 			{
 			fprintf(stderr, "Error getting PRNG value\n");
 		        return;
@@ -227,8 +227,8 @@ int main(int argc,char **argv)
 	exit(1);
 	}
     fips_algtest_init();
-    FIPS_rand_reset();
-    if (!FIPS_rand_test_mode())
+    FIPS_x931_reset();
+    if (!FIPS_x931_test_mode())
 	{
 	fprintf(stderr, "Error setting PRNG test mode\n");
 	exit(1);