diff options
| author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2017-08-31 23:16:22 +0200 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2017-10-18 08:39:20 -0500 |
| commit | c16de9d8329d41a2433d0f273c080d9d06ad7a87 (patch) | |
| tree | 3bdcf5e354efd8991aa1f7d83921655e81db726b /util/libcrypto.num | |
| parent | af1d638730bdfad85a7fa8c3f157b2828eda7c1d (diff) | |
Fix reseeding issues of the public RAND_DRBG
Reseeding is handled very differently by the classic RAND_METHOD API
and the new RAND_DRBG api. These differences led to some problems when
the new RAND_DRBG was made the default OpenSSL RNG. In particular,
RAND_add() did not work as expected anymore. These issues are discussed
on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API'
and in Pull Request #4328. This commit fixes the mentioned issues,
introducing the following changes:
- Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which
facilitates collecting entropy by the get_entropy() callback.
- Don't use RAND_poll()/RAND_add() for collecting entropy from the
get_entropy() callback anymore. Instead, replace RAND_poll() by
RAND_POOL_acquire_entropy().
- Add a new function rand_drbg_restart() which tries to get the DRBG
in an instantiated state by all means, regardless of the current
state (uninstantiated, error, ...) the DRBG is in. If the caller
provides entropy or additional input, it will be used for reseeding.
- Restore the original documented behaviour of RAND_add() and RAND_poll()
(namely to reseed the DRBG immediately) by a new implementation based
on rand_drbg_restart().
- Add automatic error recovery from temporary failures of the entropy
source to RAND_DRBG_generate() using the rand_drbg_restart() function.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4328)
Diffstat (limited to 'util/libcrypto.num')
| -rw-r--r-- | util/libcrypto.num | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/util/libcrypto.num b/util/libcrypto.num index 0a29e8cfca..96990ed959 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4371,7 +4371,6 @@ SCRYPT_PARAMS_it 4314 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION: CRYPTO_secure_clear_free 4315 1_1_0g EXIST::FUNCTION: EVP_PKEY_meth_get0 4316 1_1_1 EXIST::FUNCTION: EVP_PKEY_meth_get_count 4317 1_1_1 EXIST::FUNCTION: -RAND_poll_ex 4318 1_1_1 EXIST::FUNCTION: RAND_DRBG_get0_global 4319 1_1_1 EXIST::FUNCTION: RAND_priv_bytes 4320 1_1_1 EXIST::FUNCTION: BN_priv_rand 4321 1_1_1 EXIST::FUNCTION: @@ -4404,3 +4403,17 @@ EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE DH_new_by_nid 4348 1_1_1 EXIST::FUNCTION:DH DH_get_nid 4349 1_1_1 EXIST::FUNCTION:DH CRYPTO_get_alloc_counts 4350 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG +RAND_POOL_new 4351 1_1_1 EXIST::FUNCTION: +RAND_POOL_free 4352 1_1_1 EXIST::FUNCTION: +RAND_POOL_buffer 4353 1_1_1 EXIST::FUNCTION: +RAND_POOL_detach 4354 1_1_1 EXIST::FUNCTION: +RAND_POOL_entropy 4355 1_1_1 EXIST::FUNCTION: +RAND_POOL_length 4356 1_1_1 EXIST::FUNCTION: +RAND_POOL_entropy_available 4357 1_1_1 EXIST::FUNCTION: +RAND_POOL_entropy_needed 4358 1_1_1 EXIST::FUNCTION: +RAND_POOL_bytes_needed 4359 1_1_1 EXIST::FUNCTION: +RAND_POOL_bytes_remaining 4360 1_1_1 EXIST::FUNCTION: +RAND_POOL_add 4361 1_1_1 EXIST::FUNCTION: +RAND_POOL_add_begin 4362 1_1_1 EXIST::FUNCTION: +RAND_POOL_add_end 4363 1_1_1 EXIST::FUNCTION: +RAND_POOL_acquire_entropy 4364 1_1_1 EXIST::FUNCTION: |