generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check requested security strength in DRBG. Add function to retrieve the

Browse Source 
security strength.
This commit is contained in:
Dr. Stephen Henson 2011-03-11 17:42:11 +00:00
parent 329c744f51
commit 1b76fac5ae
5 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/fips_err.h
View File

@ -128,6 +128,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"}, {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
{ERR_REASON(FIPS_R_GENERATE_ERROR) ,"generate error"}, {ERR_REASON(FIPS_R_GENERATE_ERROR) ,"generate error"},
{ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"}, {ERR_REASON(FIPS_R_INSTANTIATE_ERROR) ,"instantiate error"},
{ERR_REASON(FIPS_R_INSUFFICIENT_SECURITY_STRENGTH),"insufficient security strength"},
{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"}, {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
{ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"}, {ERR_REASON(FIPS_R_IN_ERROR_STATE) ,"in error state"},
{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"}, {ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"},

1
fips/fips.h
View File

@ -233,6 +233,7 @@ void ERR_load_FIPS_strings(void);
#define FIPS_R_FIPS_SELFTEST_FAILED 106 #define FIPS_R_FIPS_SELFTEST_FAILED 106
#define FIPS_R_GENERATE_ERROR 124 #define FIPS_R_GENERATE_ERROR 124
#define FIPS_R_INSTANTIATE_ERROR 125 #define FIPS_R_INSTANTIATE_ERROR 125
#define FIPS_R_INSUFFICIENT_SECURITY_STRENGTH 132
#define FIPS_R_INVALID_KEY_LENGTH 109 #define FIPS_R_INVALID_KEY_LENGTH 109
#define FIPS_R_IN_ERROR_STATE 126 #define FIPS_R_IN_ERROR_STATE 126
#define FIPS_R_KEY_TOO_SHORT 108 #define FIPS_R_KEY_TOO_SHORT 108

20
fips/rand/fips_drbg_lib.c
View File

@ -145,6 +145,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
goto end; goto end;
} }
if (strength > dctx->strength)
{
r = FIPS_R_INSUFFICIENT_SECURITY_STRENGTH;
goto end;
}
dctx->status = DRBG_STATUS_ERROR; dctx->status = DRBG_STATUS_ERROR;
entlen = dctx->get_entropy(dctx, dctx->entropy, dctx->strength, entlen = dctx->get_entropy(dctx, dctx->entropy, dctx->strength,
@ -261,7 +267,7 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
int prediction_resistance, int strength, int prediction_resistance,
const unsigned char *adin, size_t adinlen) const unsigned char *adin, size_t adinlen)
{ {
int r = 0; int r = 0;
@ -270,6 +276,13 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG; r = FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG;
return 0; return 0;
} }
if (strength > dctx->strength)
{
r = FIPS_R_INSUFFICIENT_SECURITY_STRENGTH;
goto end;
}
if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance) if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
{ {
if (!FIPS_drbg_reseed(dctx, adin, adinlen)) if (!FIPS_drbg_reseed(dctx, adin, adinlen))
@ -351,3 +364,8 @@ size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx)
{ {
return dctx->blocklength; return dctx->blocklength;
} }
int FIPS_drbg_get_strength(DRBG_CTX *dctx)
{
return dctx->strength;
}

6
fips/rand/fips_drbgvs.c
View File

@ -269,7 +269,7 @@ int main(int argc,char **argv)
adin = hex2bin_m(value, &adinlen); adin = hex2bin_m(value, &adinlen);
if (pr) if (pr)
continue; continue;
r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, r = FIPS_drbg_generate(dctx, randout, randoutlen, 0, 0,
adin, adinlen); adin, adinlen);
if (!r) if (!r)
{ {
@ -291,8 +291,8 @@ int main(int argc,char **argv)
t.ent = ent; t.ent = ent;
t.entlen = entlen; t.entlen = entlen;
r = FIPS_drbg_generate(dctx, r = FIPS_drbg_generate(dctx,
randout, randoutlen, 1, randout, randoutlen,
adin, adinlen); 0, 1, adin, adinlen);
if (!r) if (!r)
{ {
fprintf(stderr, fprintf(stderr,

3
fips/rand/fips_rand.h
View File

@ -80,7 +80,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx, int strength,
const unsigned char *pers, size_t perslen); const unsigned char *pers, size_t perslen);
int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen); int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen);
int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
int prediction_resistance, int strength, int prediction_resistance,
const unsigned char *adin, size_t adinlen); const unsigned char *adin, size_t adinlen);
int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
@ -95,6 +95,7 @@ int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);
int FIPS_drbg_get_strength(DRBG_CTX *dctx);
#ifdef __cplusplus #ifdef __cplusplus
} }