[PATCH 4/8] Invoke DRBG from common libgcrypt RNG code
Stephan Mueller
smueller at chronox.de
Sun Mar 2 14:08:44 CET 2014
Integrate the DRBG invocation with the common libgcrypt RNG code. This
integration replaces the old ANSI X9.31 RNG invocation. As the ANSI
X9.31 shall only be invoked in FIPS mode and it is sunset at the end of
2014 for FIPS purposes, a complete replacement with the DRBG is
considered appropriate. The DRBG is FIPS approved deterministic random
number generator for the forseeable future.
Signed-off-by: Stephan Mueller <smueller at chronox.de>
---
random/random.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/random/random.c b/random/random.c
index 41d4cb3..e5c7cde 100644
--- a/random/random.c
+++ b/random/random.c
@@ -140,11 +140,11 @@ void
_gcry_random_initialize (int full)
{
if (fips_mode ())
- _gcry_rngfips_initialize (full);
+ _gcry_drbg_init(full);
else if (rng_types.standard)
_gcry_rngcsprng_initialize (full);
else if (rng_types.fips)
- _gcry_rngfips_initialize (full);
+ _gcry_drbg_init(full);
else if (rng_types.system)
_gcry_rngsystem_initialize (full);
else
@@ -161,11 +161,11 @@ _gcry_random_close_fds (void)
the entropy gatherer. */
if (fips_mode ())
- _gcry_rngfips_close_fds ();
+ _gcry_drbg_close_fds ();
else if (rng_types.standard)
_gcry_rngcsprng_close_fds ();
else if (rng_types.fips)
- _gcry_rngfips_close_fds ();
+ _gcry_drbg_close_fds ();
else if (rng_types.system)
_gcry_rngsystem_close_fds ();
else
@@ -199,7 +199,7 @@ void
_gcry_random_dump_stats (void)
{
if (fips_mode ())
- _gcry_rngfips_dump_stats ();
+ _gcry_drbg_dump_stats ();
else
_gcry_rngcsprng_dump_stats ();
}
@@ -258,7 +258,7 @@ int
_gcry_random_is_faked (void)
{
if (fips_mode ())
- return _gcry_rngfips_is_faked ();
+ return _gcry_drbg_is_faked ();
else
return _gcry_rngcsprng_is_faked ();
}
@@ -288,11 +288,11 @@ static void
do_randomize (void *buffer, size_t length, enum gcry_random_level level)
{
if (fips_mode ())
- _gcry_rngfips_randomize (buffer, length, level);
+ _gcry_drbg_randomize (buffer, length, level);
else if (rng_types.standard)
_gcry_rngcsprng_randomize (buffer, length, level);
else if (rng_types.fips)
- _gcry_rngfips_randomize (buffer, length, level);
+ _gcry_drbg_randomize (buffer, length, level);
else if (rng_types.system)
_gcry_rngsystem_randomize (buffer, length, level);
else /* default */
@@ -424,7 +424,7 @@ _gcry_create_nonce (void *buffer, size_t length)
nonce generator which is seeded by the RNG actual in use. */
if (fips_mode ())
{
- _gcry_rngfips_create_nonce (buffer, length);
+ _gcry_drbg_randomize (buffer, length, GCRY_WEAK_RANDOM);
return;
}
@@ -501,7 +501,7 @@ gpg_error_t
_gcry_random_selftest (selftest_report_func_t report)
{
if (fips_mode ())
- return _gcry_rngfips_selftest (report);
+ return _gcry_drbg_selftest (report);
else
return 0; /* No selftests yet. */
}
@@ -517,6 +517,7 @@ _gcry_random_init_external_test (void **r_context,
const void *seed, size_t seedlen,
const void *dt, size_t dtlen)
{
+ return GPG_ERR_NOT_SUPPORTED;
(void)flags;
if (fips_mode ())
return _gcry_rngfips_init_external_test (r_context, flags, key, keylen,
@@ -531,6 +532,7 @@ _gcry_random_init_external_test (void **r_context,
gcry_err_code_t
_gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
{
+ return GPG_ERR_NOT_SUPPORTED;
if (fips_mode ())
return _gcry_rngfips_run_external_test (context, buffer, buflen);
else
@@ -541,6 +543,7 @@ _gcry_random_run_external_test (void *context, char *buffer, size_t buflen)
void
_gcry_random_deinit_external_test (void *context)
{
+ return;
if (fips_mode ())
_gcry_rngfips_deinit_external_test (context);
}
--
1.8.5.3
More information about the Gcrypt-devel
mailing list