From e30aad54159aeef15b6386d67d4724242d828d12 Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 26 Sep 2022 15:20:14 +1000 Subject: rand: add set0 calls for the private and public DRBGs The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means the entropy needs to be cooked. This permits this. Reviewed-by: Tomas Mraz Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/19486) --- doc/man3/EVP_RAND.pod | 5 ++++- doc/man3/RAND_get0_primary.pod | 23 ++++++++++++++++++----- 2 files changed, 22 insertions(+), 6 deletions(-) (limited to 'doc') diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index f21b2f69d7..d842fe70d1 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -3,7 +3,7 @@ =head1 NAME EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX, -EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate, +EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_CTX_up_ref, EVP_RAND_instantiate, EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce, EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength, EVP_RAND_get_state, @@ -30,6 +30,7 @@ EVP_RAND_STATE_ERROR - EVP RAND routines void EVP_RAND_free(EVP_RAND *rand); EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent); void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); + int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx); EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx); int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]); @@ -367,6 +368,8 @@ B structure or NULL if an error occurred. EVP_RAND_CTX_free() does not return a value. +EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error. + EVP_RAND_nonce() returns the length of the nonce. EVP_RAND_get_strength() returns the strength of the random number generator diff --git a/doc/man3/RAND_get0_primary.pod b/doc/man3/RAND_get0_primary.pod index 408d02077f..88a2f6c311 100644 --- a/doc/man3/RAND_get0_primary.pod +++ b/doc/man3/RAND_get0_primary.pod @@ -4,7 +4,9 @@ RAND_get0_primary, RAND_get0_public, -RAND_get0_private +RAND_get0_private, +RAND_set0_public, +RAND_set0_private - get access to the global EVP_RAND_CTX instances =head1 SYNOPSIS @@ -14,6 +16,8 @@ RAND_get0_private EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx); EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx); EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx); + int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand); + int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand); =head1 DESCRIPTION @@ -25,7 +29,10 @@ by RAND_bytes() and RAND_priv_bytes(), respectively. The I DRBG is a global instance, which is not intended to be used directly, but is used internally to reseed the other two instances. -These functions here provide access to the shared DRBG instances. +The three get functions provide access to the shared DRBG instances. + +The two set functions allow the public and private DRBG instances to be +replaced by another random number generator. =head1 RETURN VALUES @@ -38,8 +45,8 @@ for the given OSSL_LIB_CTX B. RAND_get0_private() returns a pointer to the I DRBG instance for the given OSSL_LIB_CTX B. -In all the above cases the B parameter can -be NULL in which case the default OSSL_LIB_CTX is used. +RAND_set0_public() and RAND_set0_private() return 1 on success and 0 +on error. =head1 NOTES @@ -61,6 +68,10 @@ To set the type of DRBG that will be instantiated, use the L call before accessing the random number generation infrastructure. +The two set functions, operate on the the current thread. If you want to +use the same random number generator across all threads, each thread +must individually call the set functions. + =head1 SEE ALSO L, @@ -68,7 +79,9 @@ L =head1 HISTORY -These functions were added in OpenSSL 3.0. +RAND_set0_public() and RAND_set0_private() were added in OpenSSL 3.1. + +The remaining functions were added in OpenSSL 3.0. =head1 COPYRIGHT -- cgit v1.2.3