From: Ben Laurie <ben@openssl.org>
Date: Fri, 23 Jul 2004 13:20:32 +0000 (+0000)
Subject: Convert to X9.31.
X-Git-Tag: OpenSSL_0_9_7e~50
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=03ecfadf3d58cc3f3e0ea836581fa8617d72a3c0;p=oweals%2Fopenssl.git

Convert to X9.31.
---

diff --git a/fips/rand/fingerprint.sha1 b/fips/rand/fingerprint.sha1
index f648232779..fe576ad6ed 100644
--- a/fips/rand/fingerprint.sha1
+++ b/fips/rand/fingerprint.sha1
@@ -1,2 +1,2 @@
-HMAC-SHA1(fips_rand.c)= 9371bac9e8929fe26327383f6e7fb11f06671565
+HMAC-SHA1(fips_rand.c)= 9bf5f5a42a150f5499071c34addab1f351f611ce
 HMAC-SHA1(fips_rand.h)= 0567b1fe9b0efe034a537f335659b0b681809791
diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c
index 15c270b446..e4607c9609 100644
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@@ -48,8 +48,7 @@
  */
 
 /*
- * This is a FIPS approved PRNG, ANSI X9.17, as specified in HAC,
- * Menezes et al., p.173
+ * This is a FIPS approved PRNG, ANSI X9.31 A.2.4.
  */
 
 #include <openssl/des.h>
@@ -287,9 +286,6 @@ static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
 	}
 #endif
 
-    fips_gettime(timeseed);
-    fips_rand_encrypt(intermediate,timeseed);
-
     CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
     for(n=0 ; n < num ; )
@@ -297,12 +293,29 @@ static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
 	unsigned char t[SEED_SIZE];
 	FIPS_RAND_SIZE_T l;
 	
-	/* now generate a full 64 bits of "randomness" */
+	/* ANS X9.31 A.2.4:	I = ede*K(DT)
+	       timeseed == DT
+	       intermediate == I
+	*/
+	fips_gettime(timeseed);
+	fips_rand_encrypt(intermediate,timeseed);
+
+	/* ANS X9.31 A.2.4:     R = ede*K(I^V)
+	       intermediate == I
+	       seed == V
+	       output == R
+	*/
 	for(l=0 ; l < sizeof t ; ++l)
 	    t[l]=intermediate[l]^seed[l];
 	fips_rand_encrypt(output,t);
+
+	/* ANS X9.31 A.2.4:     V = ede*K(R^I)
+	       output == R
+	       intermediate == I
+	       seed == V
+	*/
 	for(l=0 ; l < sizeof t ; ++l)
-	    t[l]=output[l]^seed[l];
+	    t[l]=output[l]^intermediate[l];
 	fips_rand_encrypt(seed,t);
 
 	if(second && !memcmp(output,previous,sizeof previous))
@@ -314,6 +327,8 @@ static int fips_rand_bytes(unsigned char *buf,FIPS_RAND_SIZE_T num)
 	memcpy(previous,output,sizeof previous);
 	second=1;
 
+	/* Successive values of R may be concatenated to produce a
+	   pseudo random number of the desired length */ 
 	l=SEED_SIZE < num-n ? SEED_SIZE : num-n;
 	memcpy(buf+n,output,l);
 	n+=l;
diff --git a/fips/rand/fips_randtest.c b/fips/rand/fips_randtest.c
index 98fe83ca4a..c5b2c3701c 100644
--- a/fips/rand/fips_randtest.c
+++ b/fips/rand/fips_randtest.c
@@ -145,7 +145,7 @@ static PRNGtest t1=
     { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
     { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
     { 0x33,0xc3,0xdf,0xfe,0x60,0x60,0x49,0x9e },
-    { 0x40,0x08,0x95,0x4d,0xb1,0x82,0x98,0x86 }
+    { 0xcd,0x2b,0x41,0xaf,0x80,0x51,0x37,0xd8 }
     };
 static PRNGtest t2=
     {
@@ -154,7 +154,7 @@ static PRNGtest t2=
     { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
     { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff },
     { 0x65,0xf1,0xa4,0x07,0x42,0x38,0xd5,0x25 },
-    { 0x99,0xba,0x8f,0xd2,0x88,0xad,0xf8,0x34 }
+    { 0xbb,0x75,0x84,0x20,0x7a,0x44,0xf0,0xa0 }
     };
 
 static void dump(const unsigned char *b,int n)