There may be some problems in DoPowerUpSelfTest() in 5.1. I may not have
tested the function before releasing that version since 5.1 was not
designed to pass the FIPS validation.
BTW, note to anyone interested in the FIPS validation status: NIST is
refusing to validate Crypto++ as a static library (even though they ok'ed
it verbally a year ago) so now we're re-doing it as a DLL. We're hoping
the validation will be finished by mid August.
On Mon, Jun 30, 2003 at 04:01:27PM -0700, Tonko Juricic wrote:
> I see from past discussions that a real RNG, rather
> that NullRNG(), is required in several cases.
>
> However, when I tried to pass the tests invoked by:
>
> fipstest.cpp:
> void DoPowerUpSelfTest(const char *moduleFilename,
> const byte *expectedModuleSha1Digest)
>
> (I am calling this function with all params 0 like:
> DoPowerUpSelfTest( 0, 0 ); )
>
> I found out that, in order to pass the tests, I have
> to make, IMO, rather cheesy changes to
> NullRNG()function in cryptopp.cpp, as shown below:
>
> #ifdef OS_RNG_AVAILABLE
> #include "des.h"
> #include "osrng.h"
>
> RandomNumberGenerator & NullRNG()
> {
> class NullRNG : public RandomNumberGenerator
> {
> public:
> std::string AlgorithmName() const {return
> "NullRNG";}
> byte GenerateByte() {throw NotImplemented("NullRNG:
> NullRNG should only be passed to functions that don't
> need to generate random bytes");}
> };
>
> #ifdef OS_RNG_AVAILABLE
> static AutoSeededX917RNG<DES_EDE3> s_nullRNG;
> #else
> static NullRNG s_nullRNG;
> #endif
> return s_nullRNG;
> }
>
> The reason is that NullRNG() is callled from such
> locations in library code that #ifdef OS_RNG_AVAILABLE
> in fipstest.cpp alone was not enough.
>
> I wonder is there and what would be a cleaner way to
> do this? Am I missing something or is this simply the
> case of yet unfinished changes to version 5.1 for FIPS
> compliance?
>
> Tony
>
>
>
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
