diff options
author | Pauli <paul.dale@oracle.com> | 2020-05-08 10:25:19 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-06-24 20:05:42 +1000 |
commit | f000e82898af251442ca52e81fc1ee45996090dc (patch) | |
tree | b378db85b032065a595ce8d7b0422981f09e0d58 /crypto/rand/rand_local.h | |
parent | a998b85a4f0e706fa6a07b7feab557d9e570d372 (diff) |
CTR, HASH and HMAC DRBGs in provider
Move the three different DRBGs to the provider.
As part of the move, the DRBG specific data was pulled out of a common
structure and into their own structures. Only these smaller structures are
securely allocated. This saves quite a bit of secure memory:
+-------------------------------+
| DRBG | Bytes | Secure |
+--------------+-------+--------+
| HASH | 376 | 512 |
| HMAC | 168 | 256 |
| CTR | 176 | 256 |
| Common (new) | 320 | 0 |
| Common (old) | 592 | 1024 |
+--------------+-------+--------+
Bytes is the structure size on the X86/64.
Secure is the number of bytes of secure memory used (power of two allocator).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
Diffstat (limited to 'crypto/rand/rand_local.h')
-rw-r--r-- | crypto/rand/rand_local.h | 72 |
1 files changed, 1 insertions, 71 deletions
diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h index 85158df76f..e46248cf9b 100644 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -18,7 +18,6 @@ # include <openssl/rand_drbg.h> # include "internal/tsan_assist.h" # include "crypto/rand.h" -# include "crypto/rand_pool.h" # include "internal/numbers.h" @@ -31,67 +30,14 @@ # define SLAVE_RESEED_INTERVAL (1 << 16) # define MASTER_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ # define SLAVE_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ - /* - * The number of bytes that constitutes an atomic lump of entropy with respect - * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat - * arbitrary, the smaller the value, the less entropy is consumed on first - * read but the higher the probability of the test failing by accident. - * - * The value is in bytes. - */ -#define CRNGT_BUFSIZ 16 - -/* - * Maximum input size for the DRBG (entropy, nonce, personalization string) - * - * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes. - * - * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes. - */ -# define DRBG_MAX_LENGTH INT32_MAX - -/* DRBG status values */ -typedef enum drbg_status_e { - DRBG_UNINITIALISED, - DRBG_READY, - DRBG_ERROR -} DRBG_STATUS; - -/* instantiate */ -typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx, - const unsigned char *ent, - size_t entlen, - const unsigned char *nonce, - size_t noncelen, - const unsigned char *pers, - size_t perslen); -/* reseed */ -typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx, - const unsigned char *ent, - size_t entlen, - const unsigned char *adin, - size_t adinlen); -/* generate output */ -typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx, - unsigned char *out, - size_t outlen, - const unsigned char *adin, - size_t adinlen); -/* uninstantiate */ -typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx); - - -/* - * The state of all types of DRBGs, even though we only have CTR mode - * right now. + * The state of all types of DRBGs. */ struct rand_drbg_st { CRYPTO_RWLOCK *lock; /* The library context this DRBG is associated with, if any */ OPENSSL_CTX *libctx; RAND_DRBG *parent; - int secure; /* 1: allocated on the secure heap, 0: otherwise */ int type; /* the nid of the underlying algorithm */ unsigned short flags; /* various external flags */ @@ -113,20 +59,4 @@ struct rand_drbg_st { /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD rand_meth; -/* DRBG helpers */ -int rand_drbg_restart(RAND_DRBG *drbg, - const unsigned char *buffer, size_t len, size_t entropy); -size_t rand_drbg_seedlen(RAND_DRBG *drbg); - -/* - * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests. - * These need to be exposed for the unit tests. - */ -int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, RAND_POOL *pool, - unsigned char *buf, unsigned char *md, - unsigned int *md_size); -extern int (*crngt_get_entropy)(OPENSSL_CTX *ctx, RAND_POOL *pool, - unsigned char *buf, unsigned char *md, - unsigned int *md_size); - #endif |