I see from past discussions that a real RNG, rather
that NullRNG(), is required in several cases.
However, when I tried to pass the tests invoked by:
fipstest.cpp:
void DoPowerUpSelfTest(const char *moduleFilename,
const byte *expectedModuleSha1Digest)
(I am calling this function with all params 0 like:
DoPowerUpSelfTest( 0, 0 ); )
I found out that, in order to pass the tests, I have
to make, IMO, rather cheesy changes to
NullRNG()function in cryptopp.cpp, as shown below:
#ifdef OS_RNG_AVAILABLE
#include "des.h"
#include "osrng.h"
RandomNumberGenerator & NullRNG()
{
class NullRNG : public RandomNumberGenerator
{
public:
std::string AlgorithmName() const {return
"NullRNG";}
byte GenerateByte() {throw NotImplemented("NullRNG:
NullRNG should only be passed to functions that don't
need to generate random bytes");}
};
#ifdef OS_RNG_AVAILABLE
static AutoSeededX917RNG<DES_EDE3> s_nullRNG;
#else
static NullRNG s_nullRNG;
#endif
return s_nullRNG;
}
The reason is that NullRNG() is callled from such
locations in library code that #ifdef OS_RNG_AVAILABLE
in fipstest.cpp alone was not enough.
I wonder is there and what would be a cleaner way to
do this? Am I missing something or is this simply the
case of yet unfinished changes to version 5.1 for FIPS
compliance?
Tony
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
