forked from wolfSSL/wolfssl
FIPSv2: RNG Update
1. Update the SEED_BLOCK_SZ to 4 for non-FIPS builds.
2. Change fips-check.sh to skip copying over the random.{c,h} files for
now. Need the tagged versions of the other files and the new random for
now.
This commit is contained in:
John Safranek
@ -161,6 +161,8 @@ linuxv2)
|
|||||||
CRYPT_VERSION=$LINUXV2_CRYPT_VERSION
|
CRYPT_VERSION=$LINUXV2_CRYPT_VERSION
|
||||||
CRYPT_INC_PATH=wolfssl/wolfcrypt
|
CRYPT_INC_PATH=wolfssl/wolfcrypt
|
||||||
CRYPT_SRC_PATH=wolfcrypt/src
|
CRYPT_SRC_PATH=wolfcrypt/src
|
||||||
|
# Replace the WC_MODS list for now. Do not want to copy over random.c yet.
|
||||||
|
WC_MODS=( aes des3 sha sha256 sha512 rsa hmac )
|
||||||
WC_MODS+=( cmac dh ecc )
|
WC_MODS+=( cmac dh ecc )
|
||||||
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
|
FIPS_SRCS+=( wolfcrypt_first.c wolfcrypt_last.c )
|
||||||
FIPS_INCS=( fips.h )
|
FIPS_INCS=( fips.h )
|
||||||
|
|||||||
@ -225,9 +225,8 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
|
|||||||
/* RDSEED outputs in blocks of 64-bits. */
|
/* RDSEED outputs in blocks of 64-bits. */
|
||||||
#define SEED_BLOCK_SZ sizeof(word64)
|
#define SEED_BLOCK_SZ sizeof(word64)
|
||||||
#else
|
#else
|
||||||
/* Setting the default to 2. It is not unreasonable for /dev/random
|
/* Setting the default to 4. */
|
||||||
* or /dev/urandom to return two bytes that are the same. */
|
#define SEED_BLOCK_SZ 4
|
||||||
#define SEED_BLOCK_SZ 2
|
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user