mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 04:53:52 +08:00
Allow setting of get_entropy and get_nonce callbacks outside test mode.
Test mode is now set when a DRBG context is initialised.
This commit is contained in:
Dr. Stephen Henson
parent
9db6974f77
commit
dad7851485
@ -400,7 +400,7 @@ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
|
|||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
|
int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
|
||||||
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
|
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
|
||||||
int entropy, size_t min_len, size_t max_len),
|
int entropy, size_t min_len, size_t max_len),
|
||||||
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
|
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
|
||||||
@ -408,7 +408,6 @@ int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
|
|||||||
{
|
{
|
||||||
if (dctx->status != DRBG_STATUS_UNINITIALISED)
|
if (dctx->status != DRBG_STATUS_UNINITIALISED)
|
||||||
return 0;
|
return 0;
|
||||||
dctx->flags |= DRBG_FLAG_TEST;
|
|
||||||
dctx->get_entropy = get_entropy;
|
dctx->get_entropy = get_entropy;
|
||||||
dctx->get_nonce = get_nonce;
|
dctx->get_nonce = get_nonce;
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@ -82,7 +82,7 @@ typedef struct {
|
|||||||
size_t katlen;
|
size_t katlen;
|
||||||
} DRBG_SELFTEST_DATA;
|
} DRBG_SELFTEST_DATA;
|
||||||
|
|
||||||
#define make_drbg_test_data(nid, flag, pr) { nid, flag, \
|
#define make_drbg_test_data(nid, flag, pr) { nid, flag | DRBG_FLAG_TEST, \
|
||||||
pr##_entropyinput, sizeof(pr##_entropyinput), \
|
pr##_entropyinput, sizeof(pr##_entropyinput), \
|
||||||
pr##_nonce, sizeof(pr##_nonce), \
|
pr##_nonce, sizeof(pr##_nonce), \
|
||||||
pr##_personalizationstring, sizeof(pr##_personalizationstring), \
|
pr##_personalizationstring, sizeof(pr##_personalizationstring), \
|
||||||
@ -762,7 +762,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
|
|||||||
unsigned char randout[1024];
|
unsigned char randout[1024];
|
||||||
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
||||||
return 0;
|
return 0;
|
||||||
if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
|
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
FIPS_drbg_set_app_data(dctx, &t);
|
FIPS_drbg_set_app_data(dctx, &t);
|
||||||
@ -818,7 +818,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
|
|||||||
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
|
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
FIPS_drbg_set_app_data(dctx, &t);
|
FIPS_drbg_set_app_data(dctx, &t);
|
||||||
@ -860,7 +860,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
|
|||||||
/* Instantiate with valid data. NB: errors now reported again */
|
/* Instantiate with valid data. NB: errors now reported again */
|
||||||
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
||||||
goto err;
|
goto err;
|
||||||
if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
|
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
|
||||||
goto err;
|
goto err;
|
||||||
FIPS_drbg_set_app_data(dctx, &t);
|
FIPS_drbg_set_app_data(dctx, &t);
|
||||||
|
|
||||||
@ -914,7 +914,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
|
|||||||
|
|
||||||
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
if (!FIPS_drbg_init(dctx, td->nid, td->flags))
|
||||||
goto err;
|
goto err;
|
||||||
if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
|
if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
|
||||||
goto err;
|
goto err;
|
||||||
FIPS_drbg_set_app_data(dctx, &t);
|
FIPS_drbg_set_app_data(dctx, &t);
|
||||||
|
|
||||||
|
|||||||
@ -245,10 +245,10 @@ int main(int argc,char **argv)
|
|||||||
if (!strcmp(keyword, "PersonalizationString"))
|
if (!strcmp(keyword, "PersonalizationString"))
|
||||||
{
|
{
|
||||||
pers = hex2bin_m(value, &perslen);
|
pers = hex2bin_m(value, &perslen);
|
||||||
dctx = FIPS_drbg_new(nid, df);
|
dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
|
||||||
if (!dctx)
|
if (!dctx)
|
||||||
exit (1);
|
exit (1);
|
||||||
FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce);
|
FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce);
|
||||||
FIPS_drbg_set_app_data(dctx, &t);
|
FIPS_drbg_set_app_data(dctx, &t);
|
||||||
randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
|
randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
|
||||||
r = FIPS_drbg_instantiate(dctx, pers, perslen);
|
r = FIPS_drbg_instantiate(dctx, pers, perslen);
|
||||||
|
|||||||
@ -74,6 +74,8 @@ typedef struct drbg_ctx_st DRBG_CTX;
|
|||||||
|
|
||||||
/* Flag for CTR mode only: use derivation function ctr_df */
|
/* Flag for CTR mode only: use derivation function ctr_df */
|
||||||
#define DRBG_FLAG_CTR_USE_DF 0x1
|
#define DRBG_FLAG_CTR_USE_DF 0x1
|
||||||
|
/* PRNG is in test state */
|
||||||
|
#define DRBG_FLAG_TEST 0x2
|
||||||
|
|
||||||
DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
|
DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
|
||||||
int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
|
int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
|
||||||
@ -87,7 +89,7 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
|
|||||||
int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
|
int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
|
||||||
void FIPS_drbg_free(DRBG_CTX *dctx);
|
void FIPS_drbg_free(DRBG_CTX *dctx);
|
||||||
|
|
||||||
int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
|
int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
|
||||||
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
|
size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
|
||||||
int entropy, size_t min_len, size_t max_len),
|
int entropy, size_t min_len, size_t max_len),
|
||||||
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
|
size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
|
||||||
|
|||||||
@ -84,8 +84,6 @@ struct drbg_ctr_ctx_st
|
|||||||
|
|
||||||
/* DRBG flags */
|
/* DRBG flags */
|
||||||
|
|
||||||
/* PRNG is in test state */
|
|
||||||
#define DRBG_FLAG_TEST 0x2
|
|
||||||
/* Functions shouldn't call err library */
|
/* Functions shouldn't call err library */
|
||||||
#define DRBG_FLAG_NOERR 0x4
|
#define DRBG_FLAG_NOERR 0x4
|
||||||
|
|
||||||
|
|||||||
@ -4300,7 +4300,7 @@ FIPS_drbg_set_app_data 4669 EXIST:OPENSSL_FIPS:FUNCTION:
|
|||||||
FIPS_ecdsa_sign_ctx 4670 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
|
FIPS_ecdsa_sign_ctx 4670 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
|
||||||
FIPS_ecdsa_sign_digest 4671 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
|
FIPS_ecdsa_sign_digest 4671 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
|
||||||
X509_ALGOR_set_md 4672 EXIST::FUNCTION:
|
X509_ALGOR_set_md 4672 EXIST::FUNCTION:
|
||||||
FIPS_drbg_set_test_mode 4673 EXIST:OPENSSL_FIPS:FUNCTION:
|
FIPS_drbg_set_callbacks 4673 EXIST:OPENSSL_FIPS:FUNCTION:
|
||||||
ASN1_SCTX_new 4674 EXIST::FUNCTION:
|
ASN1_SCTX_new 4674 EXIST::FUNCTION:
|
||||||
FIPS_set_locking_callbacks 4675 EXIST:OPENSSL_FIPS:FUNCTION:
|
FIPS_set_locking_callbacks 4675 EXIST:OPENSSL_FIPS:FUNCTION:
|
||||||
CRYPTO_ctr128_encrypt_ctr32 4676 EXIST::FUNCTION:
|
CRYPTO_ctr128_encrypt_ctr32 4676 EXIST::FUNCTION:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user