Switch from ossl_rand to DRBG rand

If RAND_add wraps around, XOR with existing. Add test to drbgtest that does the wrap-around. Re-order seeding and stop after first success. Add RAND_poll_ex() Use the DF and therefore lower RANDOMNESS_NEEDED. Also, for child DRBG's, mix in the address as the personalization bits. Centralize the entropy callbacks, from drbg_lib to rand_lib. (Conceptually, entropy is part of the enclosing application.) Thanks to Dr. Matthias St Pierre for the suggestion. Various code cleanups: -Make state an enum; inline RANDerr calls. -Add RAND_POLL_RETRIES (thanks Pauli for the idea) -Remove most RAND_seed calls from rest of library -Rename DRBG_CTX to RAND_DRBG, etc. -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the implementation of NIST DRBG. -Remove blocklength Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4019)
author: Rich Salz <rsalz@openssl.org> 2017-08-03 09:23:28 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-03 09:23:28 -0400
commit: 75e2c877650444fb829547bdb58d46eb1297bc1a (patch)
tree: 67ad6280bccdca4ae95cc269b1994ea4c1557aa7 /include
parent: 67dc995eaf538ea309c6292a1a5073465201f55b (diff)
download: openssl-75e2c877650444fb829547bdb58d46eb1297bc1a.tar.gz
3 files changed, 46 insertions, 30 deletions
diff --git a/include/internal/rand.h b/include/internal/rand.h
index 07568ea8b8..2f38095231 100644
--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -10,49 +10,55 @@
 #ifndef HEADER_DRBG_RAND_H
 # define HEADER_DRBG_RAND_H
 
-/* Flag for CTR mode only: use derivation function ctr_df */
+/* In CTR mode, use derivation function ctr_df */
 #define RAND_DRBG_FLAG_CTR_USE_DF            0x2
 
-const RAND_METHOD *RAND_drbg(void);
-
-int RAND_DRBG_set(DRBG_CTX *ctx, int type, unsigned int flags);
-DRBG_CTX *RAND_DRBG_new(int type, unsigned int flags, DRBG_CTX *parent);
-int RAND_DRBG_instantiate(DRBG_CTX *dctx,
+/*
+ * Object lifetime functions.
+ */
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
                           const unsigned char *pers, size_t perslen);
-int RAND_DRBG_uninstantiate(DRBG_CTX *dctx);
-int RAND_DRBG_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
-int RAND_DRBG_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+void RAND_DRBG_free(RAND_DRBG *drbg);
+
+/*
+ * Object "use" functions.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen);
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen);
-void RAND_DRBG_free(DRBG_CTX *dctx);
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, int interval);
+
+/*
+ * EXDATA
+ */
+#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
+int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg);
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx);
 
-typedef size_t (*RAND_DRBG_get_entropy_fn)(DRBG_CTX *ctx, unsigned char **pout,
+/*
+ * Callback functions.  See comments in drbg_lib.c
+ */
+typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
+                                           unsigned char **pout,
                                            int entropy, size_t min_len,
                                            size_t max_len);
-typedef void (*RAND_DRBG_cleanup_entropy_fn)(DRBG_CTX *ctx, unsigned char *out,
-                                             size_t olen);
-typedef size_t (*RAND_DRBG_get_nonce_fn)(DRBG_CTX *ctx, unsigned char **pout,
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
+                                             unsigned char *out);
+typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *ctx, unsigned char **pout,
                                          int entropy, size_t min_len,
                                          size_t max_len);
-typedef void (*RAND_DRBG_cleanup_nonce_fn)(DRBG_CTX *ctx, unsigned char *out,
-                                           size_t olen);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *ctx, unsigned char *out);
 
-int RAND_DRBG_set_callbacks(DRBG_CTX *dctx,
+int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
                             RAND_DRBG_get_entropy_fn get_entropy,
                             RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
                             RAND_DRBG_get_nonce_fn get_nonce,
                             RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
 
-int RAND_DRBG_set_reseed_interval(DRBG_CTX *dctx, int interval);
-
-#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
-    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
-int RAND_DRBG_set_ex_data(DRBG_CTX *dctx, int idx, void *arg);
-void *RAND_DRBG_get_ex_data(const DRBG_CTX *dctx, int idx);
-
-DRBG_CTX *RAND_DRBG_get_default(void);
-
-
 #endif
-
-
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 49bdead4ce..b00777694f 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -114,7 +114,7 @@ typedef struct ec_key_st EC_KEY;
 typedef struct ec_key_method_st EC_KEY_METHOD;
 
 typedef struct rand_meth_st RAND_METHOD;
-typedef struct drbg_ctx_st DRBG_CTX;
+typedef struct rand_drbg_st RAND_DRBG;
 
 typedef struct ssl_dane_st SSL_DANE;
 typedef struct x509_st X509;
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 17bd70daca..2aecbb7bcb 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -33,27 +33,37 @@ const RAND_METHOD *RAND_get_rand_method(void);
 # ifndef OPENSSL_NO_ENGINE
 int RAND_set_rand_engine(ENGINE *engine);
 # endif
+
 RAND_METHOD *RAND_OpenSSL(void);
+
 # if OPENSSL_API_COMPAT < 0x10100000L
 #   define RAND_cleanup() while(0) continue
 # endif
 int RAND_bytes(unsigned char *buf, int num);
 DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
+
 void RAND_seed(const void *buf, int num);
+
 # if defined(__ANDROID__) && defined(__NDK_FPABI__)
 __NDK_FPABI__	/* __attribute__((pcs("aapcs"))) on ARM */
 # endif
+
 void RAND_add(const void *buf, int num, double randomness);
 int RAND_load_file(const char *file, long max_bytes);
 int RAND_write_file(const char *file);
 const char *RAND_file_name(char *file, size_t num);
 int RAND_status(void);
+
 # ifndef OPENSSL_NO_EGD
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
 int RAND_egd(const char *path);
 int RAND_egd_bytes(const char *path, int bytes);
 # endif
+
+typedef void (*RAND_poll_fn)(void *arg,
+                             const void *buf, int num, double randomness);
 int RAND_poll(void);
+int RAND_poll_ex(RAND_poll_fn cb, void *arg);
 
 # if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
 /* application has to include <windows.h> in order to use these */
author	Rich Salz <rsalz@openssl.org>	2017-08-03 09:23:28 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-03 09:23:28 -0400
commit	75e2c877650444fb829547bdb58d46eb1297bc1a (patch)
tree	67ad6280bccdca4ae95cc269b1994ea4c1557aa7 /include
parent	67dc995eaf538ea309c6292a1a5073465201f55b (diff)
download	openssl-75e2c877650444fb829547bdb58d46eb1297bc1a.tar.gz