133 lines
4.5 KiB
Diff
133 lines
4.5 KiB
Diff
|
From 6aa1bc1df0dbbf5b4cb06b86f949aa9d80f68700 Mon Sep 17 00:00:00 2001
|
||
|
From: Stephan Mueller <smueller@chronox.de>
|
||
|
Date: Sat, 8 Mar 2014 23:14:58 +0100
|
||
|
Subject: [PATCH v3 4/7] Invoke DRBG from common libgcrypt RNG code
|
||
|
To: gcrypt-devel@gnupg.org
|
||
|
Cc: jeremy.wayne.powell@gmail.com
|
||
|
|
||
|
Integrate the DRBG invocation with the common libgcrypt RNG code. This
|
||
|
integration replaces the old ANSI X9.31 RNG invocation. As the ANSI
|
||
|
X9.31 shall only be invoked in FIPS mode and it is sunset at the end of
|
||
|
2014 for FIPS purposes, a complete replacement with the DRBG is
|
||
|
considered appropriate. The DRBG is FIPS approved deterministic random
|
||
|
number generator for the forseeable future.
|
||
|
|
||
|
Signed-off-by: Stephan Mueller <smueller@chronox.de>
|
||
|
---
|
||
|
Index: libgcrypt-1.6.1/random/random.c
|
||
|
===================================================================
|
||
|
--- libgcrypt-1.6.1.orig/random/random.c 2014-01-29 10:48:38.000000000 +0100
|
||
|
+++ libgcrypt-1.6.1/random/random.c 2014-05-06 14:51:42.350644283 +0200
|
||
|
@@ -153,11 +153,13 @@ _gcry_random_initialize (int full)
|
||
|
}
|
||
|
|
||
|
if (fips_mode ())
|
||
|
- _gcry_rngfips_initialize (full);
|
||
|
+ //_gcry_rngfips_initialize (full);
|
||
|
+ _gcry_drbg_init(full);
|
||
|
else if (rng_types.standard)
|
||
|
_gcry_rngcsprng_initialize (full);
|
||
|
else if (rng_types.fips)
|
||
|
- _gcry_rngfips_initialize (full);
|
||
|
+ _gcry_drbg_init(full);
|
||
|
+ //_gcry_rngfips_initialize (full);
|
||
|
else if (rng_types.system)
|
||
|
_gcry_rngsystem_initialize (full);
|
||
|
else
|
||
|
@@ -174,11 +176,13 @@ _gcry_random_close_fds (void)
|
||
|
the entropy gatherer. */
|
||
|
|
||
|
if (fips_mode ())
|
||
|
- _gcry_rngfips_close_fds ();
|
||
|
+ //_gcry_rngfips_close_fds ();
|
||
|
+ _gcry_drbg_close_fds ();
|
||
|
else if (rng_types.standard)
|
||
|
_gcry_rngcsprng_close_fds ();
|
||
|
else if (rng_types.fips)
|
||
|
- _gcry_rngfips_close_fds ();
|
||
|
+ //_gcry_rngfips_close_fds ();
|
||
|
+ _gcry_drbg_close_fds ();
|
||
|
else if (rng_types.system)
|
||
|
_gcry_rngsystem_close_fds ();
|
||
|
else
|
||
|
@@ -212,7 +216,8 @@ void
|
||
|
_gcry_random_dump_stats (void)
|
||
|
{
|
||
|
if (fips_mode ())
|
||
|
- _gcry_rngfips_dump_stats ();
|
||
|
+ //_gcry_rngfips_dump_stats ();
|
||
|
+ _gcry_drbg_dump_stats ();
|
||
|
else
|
||
|
_gcry_rngcsprng_dump_stats ();
|
||
|
}
|
||
|
@@ -271,7 +276,8 @@ int
|
||
|
_gcry_random_is_faked (void)
|
||
|
{
|
||
|
if (fips_mode ())
|
||
|
- return _gcry_rngfips_is_faked ();
|
||
|
+ //return _gcry_rngfips_is_faked ();
|
||
|
+ return _gcry_drbg_is_faked ();
|
||
|
else
|
||
|
return _gcry_rngcsprng_is_faked ();
|
||
|
}
|
||
|
@@ -301,11 +307,13 @@ static void
|
||
|
do_randomize (void *buffer, size_t length, enum gcry_random_level level)
|
||
|
{
|
||
|
if (fips_mode ())
|
||
|
- _gcry_rngfips_randomize (buffer, length, level);
|
||
|
+ //_gcry_rngfips_randomize (buffer, length, level);
|
||
|
+ _gcry_drbg_randomize (buffer, length, level);
|
||
|
else if (rng_types.standard)
|
||
|
_gcry_rngcsprng_randomize (buffer, length, level);
|
||
|
else if (rng_types.fips)
|
||
|
- _gcry_rngfips_randomize (buffer, length, level);
|
||
|
+ //_gcry_rngfips_randomize (buffer, length, level);
|
||
|
+ _gcry_drbg_randomize (buffer, length, level);
|
||
|
else if (rng_types.system)
|
||
|
_gcry_rngsystem_randomize (buffer, length, level);
|
||
|
else /* default */
|
||
|
@@ -437,7 +445,8 @@ _gcry_create_nonce (void *buffer, size_t
|
||
|
nonce generator which is seeded by the RNG actual in use. */
|
||
|
if (fips_mode ())
|
||
|
{
|
||
|
- _gcry_rngfips_create_nonce (buffer, length);
|
||
|
+ //_gcry_rngfips_create_nonce (buffer, length);
|
||
|
+ _gcry_drbg_randomize (buffer, length, GCRY_WEAK_RANDOM);
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
@@ -514,7 +523,8 @@ gpg_error_t
|
||
|
_gcry_random_selftest (selftest_report_func_t report)
|
||
|
{
|
||
|
if (fips_mode ())
|
||
|
- return _gcry_rngfips_selftest (report);
|
||
|
+ //return _gcry_rngfips_selftest (report);
|
||
|
+ return _gcry_drbg_selftest (report);
|
||
|
else
|
||
|
return 0; /* No selftests yet. */
|
||
|
}
|
||
|
@@ -530,6 +540,7 @@ _gcry_random_init_external_test (void **
|
||
|
const void *seed, size_t seedlen,
|
||
|
const void *dt, size_t dtlen)
|
||
|
{
|
||
|
+ return GPG_ERR_NOT_SUPPORTED;
|
||
|
(void)flags;
|
||
|
if (fips_mode ())
|
||
|
return _gcry_rngfips_init_external_test (r_context, flags, key, keylen,
|
||
|
@@ -544,6 +555,7 @@ _gcry_random_init_external_test (void **
|
||
|
gcry_err_code_t
|
||
|
_gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
|
||
|
{
|
||
|
+ return GPG_ERR_NOT_SUPPORTED;
|
||
|
if (fips_mode ())
|
||
|
return _gcry_rngfips_run_external_test (context, buffer, buflen);
|
||
|
else
|
||
|
@@ -554,6 +566,7 @@ _gcry_random_run_external_test (void *co
|
||
|
void
|
||
|
_gcry_random_deinit_external_test (void *context)
|
||
|
{
|
||
|
+ return;
|
||
|
if (fips_mode ())
|
||
|
_gcry_rngfips_deinit_external_test (context);
|
||
|
}
|