From: Pauli <ppzgs1@gmail.com>
Date: Thu, 11 Jul 2024 00:50:16 +0000 (+1000)
Subject: Add FIPS indicator for TEST-RAND
X-Git-Tag: openssl-3.4.0-alpha1~334
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=924321a519861c3e78826c68909c2fe3481421c7;p=thirdparty%2Fopenssl.git

Add FIPS indicator for TEST-RAND

The indicator is always non-FIPS, since this is used for internal tasks and
hasn't been validated.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24851)
---

diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c
index 57b36469caa..72e815bebf2 100644
--- a/providers/implementations/rands/test_rng.c
+++ b/providers/implementations/rands/test_rng.c
@@ -20,6 +20,7 @@
 #include "prov/provider_ctx.h"
 #include "prov/provider_util.h"
 #include "prov/implementations.h"
+#include "prov/fipsindicator.h"
 
 static OSSL_FUNC_rand_newctx_fn test_rng_new;
 static OSSL_FUNC_rand_freectx_fn test_rng_free;
@@ -196,8 +197,14 @@ static int test_rng_get_ctx_params(void *vtest, OSSL_PARAM params[])
         return 0;
 
     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_GENERATE);
-    if (p != NULL && OSSL_PARAM_set_uint(p, t->generate))
+    if (p != NULL && !OSSL_PARAM_set_uint(p, t->generate))
         return 0;
+
+#ifdef FIPS_MODULE
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_FIPS_APPROVED_INDICATOR);
+    if (p != NULL && !OSSL_PARAM_set_int(p, 0))
+        return 0;
+#endif  /* FIPS_MODULE */
     return 1;
 }
 
@@ -209,6 +216,7 @@ static const OSSL_PARAM *test_rng_gettable_ctx_params(ossl_unused void *vtest,
         OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
         OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
         OSSL_PARAM_uint(OSSL_RAND_PARAM_GENERATE, NULL),
+        OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
         OSSL_PARAM_END
     };
     return known_gettable_ctx_params;
diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
index 43eb63f1fd7..8a859dfbf7d 100644
--- a/util/perl/OpenSSL/paramnames.pm
+++ b/util/perl/OpenSSL/paramnames.pm
@@ -202,6 +202,7 @@ my %params = (
     'RAND_PARAM_TEST_ENTROPY' =>            "test_entropy",
     'RAND_PARAM_TEST_NONCE' =>              "test_nonce",
     'RAND_PARAM_GENERATE' =>                "generate",
+    'RAND_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR',
 
 # RAND/DRBG names
     'DRBG_PARAM_RESEED_REQUESTS' =>         "reseed_requests",