From a149afe338d61d86985c533cde5e7dbcd31e8698 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 17 Jul 2017 15:52:26 +0200
Subject: gpg,sm: Check compliance of the RNG.

* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--

Under Windows we need to check that the Jitter RNG is active in de-vs
mode.  Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 common/compliance.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'common/compliance.h')

diff --git a/common/compliance.h b/common/compliance.h
index d55bbf3ac..2076e79cb 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -66,6 +66,8 @@ int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
 int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance,
                              int producer,
                              digest_algo_t digest);
+int gnupg_rng_is_compliant (enum gnupg_compliance_mode compliance);
+
 const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode
                                           compliance);
 
-- 
cgit v1.2.3