From 1d55dd86dd00f13384be8cd91bfbbad3a515c337 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 13 Jun 2011 20:28:45 +0000 Subject: [PATCH] Allow applications to specify alternative FIPS RAND methods if they are sure they are OK. API to retrieve FIPS rand method. --- fips/rand/fips_rand.h | 4 ++++ fips/rand/fips_rand_lib.c | 39 +++++++++++++++++++++++++++++---------- 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h index 8d886e81db..dca767b943 100644 --- a/fips/rand/fips_rand.h +++ b/fips/rand/fips_rand.h @@ -114,7 +114,11 @@ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); DRBG_CTX *FIPS_get_default_drbg(void); const RAND_METHOD *FIPS_drbg_method(void); + int FIPS_rand_set_method(const RAND_METHOD *meth); +const RAND_METHOD *FIPS_rand_get_method(void); + +void FIPS_rand_set_bits(int nbits); int FIPS_rand_strength(void); diff --git a/fips/rand/fips_rand_lib.c b/fips/rand/fips_rand_lib.c index cc8d7179b6..a606d31fbd 100644 --- a/fips/rand/fips_rand_lib.c +++ b/fips/rand/fips_rand_lib.c @@ -62,25 +62,42 @@ static const RAND_METHOD *fips_rand_meth = NULL; static int fips_approved_rand_meth = 0; +static int fips_rand_bits = 0; -int FIPS_rand_set_method(const RAND_METHOD *meth) +/* Allows application to override number of bits and uses non-FIPS methods */ +void FIPS_rand_set_bits(int nbits) { - if (meth == FIPS_drbg_method()) - fips_approved_rand_meth = 1; - else if (meth == FIPS_x931_method()) - fips_approved_rand_meth = 2; - else - fips_approved_rand_meth = 0; + fips_rand_bits = nbits; + } - if (!fips_approved_rand_meth && FIPS_module_mode()) +int FIPS_rand_set_method(const RAND_METHOD *meth) + { + if (!fips_rand_bits) { - FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD); - return 0; + if (meth == FIPS_drbg_method()) + fips_approved_rand_meth = 1; + else if (meth == FIPS_x931_method()) + fips_approved_rand_meth = 2; + else + { + fips_approved_rand_meth = 0; + if (FIPS_module_mode()) + { + FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, + FIPS_R_NON_FIPS_METHOD); + return 0; + } + } } fips_rand_meth = meth; return 1; } +const RAND_METHOD *FIPS_rand_get_method(void) + { + return fips_rand_meth; + } + void FIPS_rand_seed(const void *buf, int num) { if (!fips_approved_rand_meth && FIPS_module_mode()) @@ -147,6 +164,8 @@ int FIPS_rand_status(void) int FIPS_rand_strength(void) { + if (fips_rand_bits) + return fips_rand_bits; if (fips_approved_rand_meth == 1) return FIPS_drbg_get_strength(FIPS_get_default_drbg()); else if (fips_approved_rand_meth == 2) -- 2.25.1