diff options
author | Rich Salz <rsalz@openssl.org> | 2017-06-27 12:04:37 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-07-19 03:25:16 -0400 |
commit | 12fb8c3d2dd00f3d4f1b084385403d26ed64a596 (patch) | |
tree | 7fc90f8f80e16ab4e8b79def2162a56dd2d704dc /include | |
parent | 0299f3f790437d124d15f60489c774407325f82b (diff) | |
download | openssl-12fb8c3d2dd00f3d4f1b084385403d26ed64a596.tar.gz |
Add DRBG random method
Ported from the last FIPS release, with DUAL_EC and SHA1 and the
self-tests removed. Since only AES-CTR is supported, other code
simplifications were done. Removed the "entropy blocklen" concept.
Moved internal functions to new include/internal/rand.h.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3789)
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/rand.h | 50 | ||||
-rw-r--r-- | include/openssl/crypto.h | 3 | ||||
-rw-r--r-- | include/openssl/ossl_typ.h | 1 | ||||
-rw-r--r-- | include/openssl/rand.h | 19 | ||||
-rw-r--r-- | include/openssl/randerr.h | 35 |
5 files changed, 93 insertions, 15 deletions
diff --git a/include/internal/rand.h b/include/internal/rand.h new file mode 100644 index 0000000000..95ad712573 --- /dev/null +++ b/include/internal/rand.h @@ -0,0 +1,50 @@ +/* + * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_DRBG_RAND_H +# define HEADER_DRBG_RAND_H + +/* Flag for CTR mode only: use derivation function ctr_df */ +#define RAND_DRBG_FLAG_CTR_USE_DF 0x2 + +const RAND_METHOD *RAND_drbg(void); + +int RAND_DRBG_set(DRBG_CTX *ctx, int type, unsigned int flags); +DRBG_CTX *RAND_DRBG_new(int type, unsigned int flags, DRBG_CTX *parent); +int RAND_DRBG_instantiate(DRBG_CTX *dctx, + const unsigned char *pers, size_t perslen); +int RAND_DRBG_uninstantiate(DRBG_CTX *dctx); +int RAND_DRBG_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen); +int RAND_DRBG_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen); +void RAND_DRBG_free(DRBG_CTX *dctx); + +int RAND_DRBG_set_callbacks(DRBG_CTX *dctx, + size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char **pout, + int entropy, size_t min_len, size_t max_len), + void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen), + size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout, + int entropy, size_t min_len, size_t max_len), + void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen) + ); + +void RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval); + +#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef) +int RAND_DRBG_set_ex_data(DRBG_CTX *dctx, int idx, void *arg); +void *RAND_DRBG_get_ex_data(const DRBG_CTX *dctx, int idx); + +DRBG_CTX *RAND_DRBG_get_default(void); + + +#endif + + diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index ad2cfe5f07..f0bc98f320 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -107,7 +107,8 @@ DEFINE_STACK_OF(void) # define CRYPTO_EX_INDEX_BIO 12 # define CRYPTO_EX_INDEX_APP 13 # define CRYPTO_EX_INDEX_UI_METHOD 14 -# define CRYPTO_EX_INDEX__COUNT 15 +# define CRYPTO_EX_INDEX_DRBG 15 +# define CRYPTO_EX_INDEX__COUNT 16 /* * This is the default callbacks, but we can have others as well: this is diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 173a42d3ff..49bdead4ce 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -114,6 +114,7 @@ typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; typedef struct rand_meth_st RAND_METHOD; +typedef struct drbg_ctx_st DRBG_CTX; typedef struct ssl_dane_st SSL_DANE; typedef struct x509_st X509; diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 5cda71b792..b6b33cf37a 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -38,15 +38,15 @@ const RAND_METHOD *RAND_get_rand_method(void); int RAND_set_rand_engine(ENGINE *engine); # endif RAND_METHOD *RAND_OpenSSL(void); -#if OPENSSL_API_COMPAT < 0x10100000L -# define RAND_cleanup() while(0) continue -#endif +# if OPENSSL_API_COMPAT < 0x10100000L +# define RAND_cleanup() while(0) continue +# endif int RAND_bytes(unsigned char *buf, int num); DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) void RAND_seed(const void *buf, int num); -#if defined(__ANDROID__) && defined(__NDK_FPABI__) +# if defined(__ANDROID__) && defined(__NDK_FPABI__) __NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ -#endif +# endif void RAND_add(const void *buf, int num, double randomness); int RAND_load_file(const char *file, long max_bytes); int RAND_write_file(const char *file); @@ -59,15 +59,16 @@ int RAND_egd_bytes(const char *path, int bytes); # endif int RAND_poll(void); -#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) /* application has to include <windows.h> in order to use these */ DEPRECATEDIN_1_1_0(void RAND_screen(void)) DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) -#endif +# endif int ERR_load_RAND_strings(void); -# ifdef __cplusplus +#ifdef __cplusplus } -# endif +#endif + #endif diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 244fd0e4b4..79c652fcdf 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -22,17 +22,42 @@ int ERR_load_RAND_strings(void); /* * RAND function codes. */ +# define RAND_F_DRBG_BYTES 101 +# define RAND_F_DRBG_GET_ENTROPY 105 +# define RAND_F_GET_ENTROPY 106 # define RAND_F_RAND_BYTES 100 -# define RAND_F_RAND_LOAD_FILE 101 -# define RAND_F_RAND_WRITE_FILE 102 +# define RAND_F_RAND_DRBG_GENERATE 107 +# define RAND_F_RAND_DRBG_INSTANTIATE 108 +# define RAND_F_RAND_DRBG_NEW 109 +# define RAND_F_RAND_DRBG_RESEED 110 +# define RAND_F_RAND_DRBG_SET 104 +# define RAND_F_RAND_LOAD_FILE 111 +# define RAND_F_RAND_WRITE_FILE 112 /* * RAND reason codes. */ -# define RAND_R_CANNOT_OPEN_FILE 102 +# define RAND_R_ADDITIONAL_INPUT_TOO_LONG 102 +# define RAND_R_ALREADY_INSTANTIATED 103 +# define RAND_R_CANNOT_OPEN_FILE 121 +# define RAND_R_DRBG_NOT_INITIALISED 104 +# define RAND_R_ERROR_INITIALISING_DRBG 107 +# define RAND_R_ERROR_INSTANTIATING_DRBG 108 +# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 109 +# define RAND_R_ERROR_RETRIEVING_ENTROPY 110 +# define RAND_R_ERROR_RETRIEVING_NONCE 111 # define RAND_R_FUNC_NOT_IMPLEMENTED 101 -# define RAND_R_FWRITE_ERROR 103 -# define RAND_R_NOT_A_REGULAR_FILE 104 +# define RAND_R_FWRITE_ERROR 123 +# define RAND_R_GENERATE_ERROR 112 +# define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_IN_ERROR_STATE 114 +# define RAND_R_NOT_A_REGULAR_FILE 122 +# define RAND_R_NOT_INSTANTIATED 115 +# define RAND_R_PERSONALISATION_STRING_TOO_LONG 116 # define RAND_R_PRNG_NOT_SEEDED 100 +# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117 +# define RAND_R_RESEED_ERROR 118 +# define RAND_R_SELFTEST_FAILURE 119 +# define RAND_R_UNSUPPORTED_DRBG_TYPE 120 #endif |