diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-13 20:28:45 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-13 20:28:45 +0000 |
| commit | 1d55dd86dd00f13384be8cd91bfbbad3a515c337 (patch) | |
| tree | d36868ca5c2f9a95a1e776babb851f4c22a63190 /fips | |
| parent | 38f90d06d7152e51c6f3e56efbd8defd9f951724 (diff) | |
Allow applications to specify alternative FIPS RAND methods if they
are sure they are OK.
API to retrieve FIPS rand method.
Diffstat (limited to 'fips')
| -rw-r--r-- | fips/rand/fips_rand.h | 4 | ||||
| -rw-r--r-- | fips/rand/fips_rand_lib.c | 39 |
2 files changed, 33 insertions, 10 deletions
diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h index 8d886e81db..dca767b943 100644 --- a/fips/rand/fips_rand.h +++ b/fips/rand/fips_rand.h @@ -114,7 +114,11 @@ void FIPS_drbg_set_check_interval(DRBG_CTX *dctx, int interval); DRBG_CTX *FIPS_get_default_drbg(void); const RAND_METHOD *FIPS_drbg_method(void); + int FIPS_rand_set_method(const RAND_METHOD *meth); +const RAND_METHOD *FIPS_rand_get_method(void); + +void FIPS_rand_set_bits(int nbits); int FIPS_rand_strength(void); diff --git a/fips/rand/fips_rand_lib.c b/fips/rand/fips_rand_lib.c index cc8d7179b6..a606d31fbd 100644 --- a/fips/rand/fips_rand_lib.c +++ b/fips/rand/fips_rand_lib.c @@ -62,25 +62,42 @@ static const RAND_METHOD *fips_rand_meth = NULL; static int fips_approved_rand_meth = 0; +static int fips_rand_bits = 0; -int FIPS_rand_set_method(const RAND_METHOD *meth) +/* Allows application to override number of bits and uses non-FIPS methods */ +void FIPS_rand_set_bits(int nbits) { - if (meth == FIPS_drbg_method()) - fips_approved_rand_meth = 1; - else if (meth == FIPS_x931_method()) - fips_approved_rand_meth = 2; - else - fips_approved_rand_meth = 0; + fips_rand_bits = nbits; + } - if (!fips_approved_rand_meth && FIPS_module_mode()) +int FIPS_rand_set_method(const RAND_METHOD *meth) + { + if (!fips_rand_bits) { - FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, FIPS_R_NON_FIPS_METHOD); - return 0; + if (meth == FIPS_drbg_method()) + fips_approved_rand_meth = 1; + else if (meth == FIPS_x931_method()) + fips_approved_rand_meth = 2; + else + { + fips_approved_rand_meth = 0; + if (FIPS_module_mode()) + { + FIPSerr(FIPS_F_FIPS_RAND_SET_METHOD, + FIPS_R_NON_FIPS_METHOD); + return 0; + } + } } fips_rand_meth = meth; return 1; } +const RAND_METHOD *FIPS_rand_get_method(void) + { + return fips_rand_meth; + } + void FIPS_rand_seed(const void *buf, int num) { if (!fips_approved_rand_meth && FIPS_module_mode()) @@ -147,6 +164,8 @@ int FIPS_rand_status(void) int FIPS_rand_strength(void) { + if (fips_rand_bits) + return fips_rand_bits; if (fips_approved_rand_meth == 1) return FIPS_drbg_get_strength(FIPS_get_default_drbg()); else if (fips_approved_rand_meth == 2) |