CTR, HASH and HMAC DRBGs in provider

Move the three different DRBGs to the provider. As part of the move, the DRBG specific data was pulled out of a common structure and into their own structures. Only these smaller structures are securely allocated. This saves quite a bit of secure memory: +-------------------------------+ | DRBG | Bytes | Secure | +--------------+-------+--------+ | HASH | 376 | 512 | | HMAC | 168 | 256 | | CTR | 176 | 256 | | Common (new) | 320 | 0 | | Common (old) | 592 | 1024 | +--------------+-------+--------+ Bytes is the structure size on the X86/64. Secure is the number of bytes of secure memory used (power of two allocator). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11682)
author: Pauli <paul.dale@oracle.com> 2020-05-08 10:25:19 +1000
committer: Pauli <paul.dale@oracle.com> 2020-06-24 20:05:42 +1000
commit: f000e82898af251442ca52e81fc1ee45996090dc (patch)
tree: b378db85b032065a595ce8d7b0422981f09e0d58 /crypto/rand/rand_local.h
parent: a998b85a4f0e706fa6a07b7feab557d9e570d372 (diff)
1 files changed, 1 insertions, 71 deletions
diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h
index 85158df76f..e46248cf9b 100644
--- a/crypto/rand/rand_local.h
+++ b/crypto/rand/rand_local.h
@@ -18,7 +18,6 @@
 # include <openssl/rand_drbg.h>
 # include "internal/tsan_assist.h"
 # include "crypto/rand.h"
-# include "crypto/rand_pool.h"
 
 # include "internal/numbers.h"
 
@@ -31,67 +30,14 @@
 # define SLAVE_RESEED_INTERVAL                   (1 << 16)
 # define MASTER_RESEED_TIME_INTERVAL             (60 * 60) /* 1 hour */
 # define SLAVE_RESEED_TIME_INTERVAL              (7 * 60)  /* 7 minutes */
-
 /*
- * The number of bytes that constitutes an atomic lump of entropy with respect
- * to the FIPS 140-2 section 4.9.2 Conditional Tests.  The size is somewhat
- * arbitrary, the smaller the value, the less entropy is consumed on first
- * read but the higher the probability of the test failing by accident.
- *
- * The value is in bytes.
- */
-#define CRNGT_BUFSIZ    16
-
-/*
- * Maximum input size for the DRBG (entropy, nonce, personalization string)
- *
- * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
- *
- * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
- */
-# define DRBG_MAX_LENGTH                         INT32_MAX
-
-/* DRBG status values */
-typedef enum drbg_status_e {
-    DRBG_UNINITIALISED,
-    DRBG_READY,
-    DRBG_ERROR
-} DRBG_STATUS;
-
-/* instantiate */
-typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
-                                        const unsigned char *ent,
-                                        size_t entlen,
-                                        const unsigned char *nonce,
-                                        size_t noncelen,
-                                        const unsigned char *pers,
-                                        size_t perslen);
-/* reseed */
-typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
-                                   const unsigned char *ent,
-                                   size_t entlen,
-                                   const unsigned char *adin,
-                                   size_t adinlen);
-/* generate output */
-typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
-                                     unsigned char *out,
-                                     size_t outlen,
-                                     const unsigned char *adin,
-                                     size_t adinlen);
-/* uninstantiate */
-typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
-
-
-/*
- * The state of all types of DRBGs, even though we only have CTR mode
- * right now.
+ * The state of all types of DRBGs.
  */
 struct rand_drbg_st {
     CRYPTO_RWLOCK *lock;
     /* The library context this DRBG is associated with, if any */
     OPENSSL_CTX *libctx;
     RAND_DRBG *parent;
-    int secure; /* 1: allocated on the secure heap, 0: otherwise */
     int type; /* the nid of the underlying algorithm */
     unsigned short flags; /* various external flags */
 
@@ -113,20 +59,4 @@ struct rand_drbg_st {
 /* The global RAND method, and the global buffer and DRBG instance. */
 extern RAND_METHOD rand_meth;
 
-/* DRBG helpers */
-int rand_drbg_restart(RAND_DRBG *drbg,
-                      const unsigned char *buffer, size_t len, size_t entropy);
-size_t rand_drbg_seedlen(RAND_DRBG *drbg);
-
-/*
- * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
- * These need to be exposed for the unit tests.
- */
-int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, RAND_POOL *pool,
-                              unsigned char *buf, unsigned char *md,
-                              unsigned int *md_size);
-extern int (*crngt_get_entropy)(OPENSSL_CTX *ctx, RAND_POOL *pool,
-                                unsigned char *buf, unsigned char *md,
-                                unsigned int *md_size);
-
 #endif
author	Pauli <paul.dale@oracle.com>	2020-05-08 10:25:19 +1000
committer	Pauli <paul.dale@oracle.com>	2020-06-24 20:05:42 +1000
commit	f000e82898af251442ca52e81fc1ee45996090dc (patch)
tree	b378db85b032065a595ce8d7b0422981f09e0d58 /crypto/rand/rand_local.h
parent	a998b85a4f0e706fa6a07b7feab557d9e570d372 (diff)