diff options
author | Pauli <paul.dale@oracle.com> | 2020-05-08 10:25:03 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-06-24 20:05:41 +1000 |
commit | 4bffc025fd1b75b690f50552f443cbd3b1f1cbaf (patch) | |
tree | 06639e838c233e4ab695c775973376a5b068c807 /providers | |
parent | bcc4ae675edd66242aa27f3ed3b7d1bf6f1005e3 (diff) |
CRNGT: continuous DRBG tests for providers
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/rands/build.info | 4 | ||||
-rw-r--r-- | providers/implementations/rands/crngt.c (renamed from providers/implementations/rands/rand_crng_test.c) | 71 |
2 files changed, 14 insertions, 61 deletions
diff --git a/providers/implementations/rands/build.info b/providers/implementations/rands/build.info index 29f7238c1a..00f62e523e 100644 --- a/providers/implementations/rands/build.info +++ b/providers/implementations/rands/build.info @@ -3,5 +3,5 @@ SOURCE[../../libfips.a]=drbg.c SOURCE[../../libnonfips.a]=drbg.c -# Missing: drbg_hmac.c crngt.c -SOURCE[../../libimplementations.a]=test_rng.c drbg_hash.c +# Missing: drbg_hmac.c +SOURCE[../../libimplementations.a]=test_rng.c drbg_hash.c crngt.c diff --git a/providers/implementations/rands/rand_crng_test.c b/providers/implementations/rands/crngt.c index b348b40d82..2680f7b644 100644 --- a/providers/implementations/rands/rand_crng_test.c +++ b/providers/implementations/rands/crngt.c @@ -14,12 +14,13 @@ #include <string.h> #include <openssl/evp.h> -#include "crypto/rand.h" -#include "internal/thread_once.h" +#include <openssl/core_numbers.h> +#include <openssl/params.h> +#include "prov/providercommon.h" +#include "prov/provider_ctx.h" #include "internal/cryptlib.h" -#include "crypto/rand_pool.h" +#include "prov/rand_pool.h" #include "drbg_local.h" -#include "crypto/rand_pool.h" #include "seeding/seeding.h" typedef struct crng_test_global_st { @@ -34,13 +35,14 @@ static int crngt_get_entropy(OPENSSL_CTX *ctx, RAND_POOL *pool, int r; size_t n; unsigned char *p; + EVP_MD *fmd; if (pool == NULL) return 0; n = prov_pool_acquire_entropy(pool); if (n >= CRNGT_BUFSIZ) { - EVP_MD *fmd = EVP_MD_fetch(ctx, "SHA256", ""); + fmd = EVP_MD_fetch(ctx, "SHA256", ""); if (fmd == NULL) return 0; p = rand_pool_detach(pool); @@ -90,36 +92,7 @@ static const OPENSSL_CTX_METHOD rand_crng_ossl_ctx_method = { rand_crng_ossl_ctx_free, }; -int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, - RAND_POOL *pool, - unsigned char *buf, - unsigned char *md, - unsigned int *md_size) -{ - int r; - size_t n; - unsigned char *p; - - if (pool == NULL) - return 0; - - n = rand_pool_acquire_entropy(pool); - if (n >= CRNGT_BUFSIZ) { - EVP_MD *fmd = EVP_MD_fetch(ctx, "SHA256", ""); - if (fmd == NULL) - return 0; - p = rand_pool_detach(pool); - r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, fmd, NULL); - if (r != 0) - memcpy(buf, p, CRNGT_BUFSIZ); - rand_pool_reattach(pool, p); - EVP_MD_free(fmd); - return r; - } - return 0; -} - -size_t rand_crngt_get_entropy(RAND_DRBG *drbg, +size_t prov_crngt_get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy, size_t min_len, size_t max_len, int prediction_resistance) @@ -129,8 +102,9 @@ size_t rand_crngt_get_entropy(RAND_DRBG *drbg, RAND_POOL *pool; size_t q, r = 0, s, t = 0; int attempts = 3; + OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(drbg->provctx); CRNG_TEST_GLOBAL *crngt_glob - = openssl_ctx_get_data(drbg->libctx, OPENSSL_CTX_RAND_CRNGT_INDEX, + = openssl_ctx_get_data(libctx, OPENSSL_CTX_RAND_CRNGT_INDEX, &rand_crng_ossl_ctx_method); if (crngt_glob == NULL) @@ -141,7 +115,7 @@ size_t rand_crngt_get_entropy(RAND_DRBG *drbg, while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) { s = q > sizeof(buf) ? sizeof(buf) : q; - if (!crngt_get_entropy(drbg->libctx, crngt_glob->crngt_pool, buf, md, + if (!crngt_get_entropy(libctx, crngt_glob->crngt_pool, buf, md, &sz) || memcmp(crngt_glob->crngt_prev, md, sz) == 0 || !rand_pool_add(pool, buf, s, s * 8)) @@ -158,29 +132,8 @@ err: return r; } -void rand_crngt_cleanup_entropy(RAND_DRBG *drbg, +void prov_crngt_cleanup_entropy(PROV_DRBG *drbg, unsigned char *out, size_t outlen) { OPENSSL_secure_clear_free(out, outlen); } - -#if 0 -const OSSL_DISPATCH crngt_functions[] = { - { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))crngt_new }, - { OSSL_FUNC_RAND_FREECTX, (void(*)(void))crngt_free }, - { OSSL_FUNC_RAND_INSTANTIATE, (void(*)(void))crngt_instantiate }, - { OSSL_FUNC_RAND_UNINSTANTIATE, (void(*)(void))crngt_uninstantiate }, - { OSSL_FUNC_RAND_GENERATE, (void(*)(void))crngt_generate }, - { OSSL_FUNC_RAND_RESEED, (void(*)(void))crngt_reseed }, - { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))drbg_enable_locking }, - { OSSL_FUNC_RAND_LOCK, (void(*)(void))drbg_lock }, - { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))drbg_unlock }, - { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS, - (void(*)(void))crngt_settable_ctx_params }, - { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))crngt_set_ctx_params }, - { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, - (void(*)(void))crngt_gettable_ctx_params }, - { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))crngt_get_ctx_params }, - { 0, NULL } -}; -#endif |