diff options
author | Pauli <paul.dale@oracle.com> | 2020-10-30 15:53:22 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-11-20 08:24:21 +1000 |
commit | 03bede0cc8418e056d4ac551fbdc2283e0e9491f (patch) | |
tree | 116154c3e80bb806d6becadaefc35a8e1e7013b8 /include | |
parent | 71febb399225ec5b0f85292fe9487d507fbafb7e (diff) |
rand: move the entropy source out of the FIPS provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/rand.h | 21 | ||||
-rw-r--r-- | include/openssl/core_dispatch.h | 17 | ||||
-rw-r--r-- | include/openssl/core_names.h | 2 | ||||
-rw-r--r-- | include/openssl/randerr.h | 2 |
4 files changed, 40 insertions, 2 deletions
diff --git a/include/crypto/rand.h b/include/crypto/rand.h index a437565fe8..c870245521 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -19,6 +19,7 @@ # define OSSL_CRYPTO_RAND_H # include <openssl/rand.h> +# include "crypto/rand_pool.h" /* * Defines related to seed sources @@ -93,4 +94,24 @@ void rand_pool_keep_random_devices_open(int keep); */ void ossl_random_add_conf_module(void); +/* + * Get and cleanup random seed material. + */ +size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len); +void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len); +size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle, + unsigned char **pout, size_t min_len, size_t max_len, + const void *salt, size_t salt_len); +void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len); + +/* + * Get seeding material from the operating system sources. + */ +size_t ossl_pool_acquire_entropy(RAND_POOL *pool); +int ossl_pool_add_nonce_data(RAND_POOL *pool); + #endif diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index d4d581df57..bbd0429718 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -161,6 +161,23 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) +/* Functions to get seed material from the operating system */ +#define OSSL_FUNC_GET_ENTROPY 101 +#define OSSL_FUNC_CLEANUP_ENTROPY 102 +#define OSSL_FUNC_GET_NONCE 103 +#define OSSL_FUNC_CLEANUP_NONCE 104 +OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, size_t min_len, + size_t max_len, const void *salt, + size_t salt_len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) + /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index f0b0cd0163..d41feeb144 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -219,13 +219,13 @@ extern "C" { /* Known RAND names */ #define OSSL_RAND_PARAM_STATE "state" #define OSSL_RAND_PARAM_STRENGTH "strength" +#define OSSL_RAND_PARAM_MAX_REQUEST "max_request" #define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" #define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" /* RAND/DRBG names */ #define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" #define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" -#define OSSL_DRBG_PARAM_MAX_REQUEST "max_request" #define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen" #define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen" #define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen" diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index 3eef9afdd2..40e5787308 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -102,7 +102,7 @@ int ERR_load_RAND_strings(void); # define RAND_R_UNABLE_TO_FETCH_DRBG 144 # define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER 141 # define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH 138 -# define RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR 142 +# define RAND_R_UNABLE_TO_GET_RESEED_COUNTER 142 # define RAND_R_UNABLE_TO_LOCK_PARENT 140 # define RAND_R_UNSUPPORTED_DRBG_FLAGS 132 # define RAND_R_UNSUPPORTED_DRBG_TYPE 120 |