generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improved error checking for DRBG calls.

Browse Source 
New functionality to allow default DRBG type to be set during compilation or during runtime.
This commit is contained in:
Dr. Stephen Henson 2011-09-16 23:12:34 +00:00
parent 0ae7c43fa5
commit 36f120cd20
3 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/rand/rand.h
View File

@ -120,6 +120,7 @@ int RAND_event(UINT, WPARAM, LPARAM);
#endif #endif
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
void RAND_set_fips_drbg_type(int type, int flags);
int RAND_init_fips(void); int RAND_init_fips(void);
#endif #endif
@ -133,9 +134,12 @@ void ERR_load_RAND_strings(void);
/* Function codes. */ /* Function codes. */
#define RAND_F_RAND_GET_RAND_METHOD 101 #define RAND_F_RAND_GET_RAND_METHOD 101
#define RAND_F_RAND_INIT_FIPS 102
#define RAND_F_SSLEAY_RAND_BYTES 100 #define RAND_F_SSLEAY_RAND_BYTES 100
/* Reason codes. */ /* Reason codes. */
#define RAND_R_ERROR_INITIALISING_DRBG 102
#define RAND_R_ERROR_INSTANTIATING_DRBG 103
#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101
#define RAND_R_PRNG_NOT_SEEDED 100 #define RAND_R_PRNG_NOT_SEEDED 100

3
crypto/rand/rand_err.c
View File

@ -71,12 +71,15 @@
static ERR_STRING_DATA RAND_str_functs[]= static ERR_STRING_DATA RAND_str_functs[]=
{ {
{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
{ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"},
{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
{0,NULL} {0,NULL}
}; };
static ERR_STRING_DATA RAND_str_reasons[]= static ERR_STRING_DATA RAND_str_reasons[]=
{ {
{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"}, {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"}, {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
{0,NULL} {0,NULL}

29
crypto/rand/rand_lib.c
View File

@ -245,13 +245,34 @@ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
return 1; return 1;
} }
#ifndef OPENSSL_DRBG_DEFAULT_TYPE
#define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr
#endif
#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
#define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF
#endif
static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
void RAND_set_fips_drbg_type(int type, int flags)
{
fips_drbg_type = type;
fips_drbg_flags = flags;
}
int RAND_init_fips(void) int RAND_init_fips(void)
{ {
DRBG_CTX *dctx; DRBG_CTX *dctx;
size_t plen; size_t plen;
unsigned char pers[32], *p; unsigned char pers[32], *p;
dctx = FIPS_get_default_drbg(); dctx = FIPS_get_default_drbg();
FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
{
RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
return 0;
}
FIPS_drbg_set_callbacks(dctx, FIPS_drbg_set_callbacks(dctx,
drbg_get_entropy, drbg_free_entropy, 20, drbg_get_entropy, drbg_free_entropy, 20,
drbg_get_entropy, drbg_free_entropy); drbg_get_entropy, drbg_free_entropy);
@ -262,7 +283,11 @@ int RAND_init_fips(void)
plen = drbg_get_adin(dctx, &p); plen = drbg_get_adin(dctx, &p);
memcpy(pers + 16, p, plen); memcpy(pers + 16, p, plen);
FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
{
RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
return 0;
}
FIPS_rand_set_method(FIPS_drbg_method()); FIPS_rand_set_method(FIPS_drbg_method());
return 1; return 1;
} }