diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-02-18 19:26:55 +0100 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2018-03-17 11:35:33 +0100 |
commit | eb238134e0a0fb5ac5c8239ade1dfe77a815aba5 (patch) | |
tree | d4d25057d1c5fb2532f0c1e2d8a05924ebe970cb /crypto | |
parent | a080c3e816e923680e57e647b5cbc3896e8e8106 (diff) |
Propagate the request for prediction resistance to the get entropy call
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/include/internal/rand_int.h | 3 | ||||
-rw-r--r-- | crypto/rand/drbg_lib.c | 14 | ||||
-rw-r--r-- | crypto/rand/rand_lib.c | 5 |
3 files changed, 14 insertions, 8 deletions
diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h index d90d9c5f63..27ca703fcf 100644 --- a/crypto/include/internal/rand_int.h +++ b/crypto/include/internal/rand_int.h @@ -34,7 +34,8 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool); /* DRBG entropy callbacks. */ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, unsigned char **pout, - int entropy, size_t min_len, size_t max_len); + int entropy, size_t min_len, size_t max_len, + int prediction_resistance); void rand_drbg_cleanup_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen); size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len); diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index 02ad071ad4..360ea7ce3d 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -327,7 +327,8 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, drbg->state = DRBG_ERROR; if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen); + drbg->min_entropylen, + drbg->max_entropylen, 0); if (entropylen < drbg->min_entropylen || entropylen > drbg->max_entropylen) { RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY); @@ -411,7 +412,8 @@ int RAND_DRBG_uninstantiate(RAND_DRBG *drbg) * Returns 1 on success, 0 on failure. */ int RAND_DRBG_reseed(RAND_DRBG *drbg, - const unsigned char *adin, size_t adinlen) + const unsigned char *adin, size_t adinlen, + int prediction_resistance) { unsigned char *entropy = NULL; size_t entropylen = 0; @@ -435,7 +437,9 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, drbg->state = DRBG_ERROR; if (drbg->get_entropy != NULL) entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength, - drbg->min_entropylen, drbg->max_entropylen); + drbg->min_entropylen, + drbg->max_entropylen, + prediction_resistance); if (entropylen < drbg->min_entropylen || entropylen > drbg->max_entropylen) { RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY); @@ -551,7 +555,7 @@ int rand_drbg_restart(RAND_DRBG *drbg, drbg->meth->reseed(drbg, adin, adinlen, NULL, 0); } else if (reseeded == 0) { /* do a full reseeding if it has not been done yet above */ - RAND_DRBG_reseed(drbg, NULL, 0); + RAND_DRBG_reseed(drbg, NULL, 0, 0); } } @@ -627,7 +631,7 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, } if (reseed_required || prediction_resistance) { - if (!RAND_DRBG_reseed(drbg, adin, adinlen)) { + if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) { RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR); return 0; } diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 76d5767ccd..1e60ec4bb6 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -171,8 +171,9 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool) * its entropy will be used up first. */ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, - unsigned char **pout, - int entropy, size_t min_len, size_t max_len) + unsigned char **pout, + int entropy, size_t min_len, size_t max_len, + int prediction_resistance) { size_t ret = 0; size_t entropy_available = 0; |