From dad78514853f40bbb1cec87597a740b8fef06756 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 25 Mar 2011 14:38:37 +0000 Subject: [PATCH] Allow setting of get_entropy and get_nonce callbacks outside test mode. Test mode is now set when a DRBG context is initialised. --- fips/rand/fips_drbg_lib.c | 3 +-- fips/rand/fips_drbg_selftest.c | 10 +++++----- fips/rand/fips_drbgvs.c | 4 ++-- fips/rand/fips_rand.h | 4 +++- fips/rand/fips_rand_lcl.h | 2 -- util/libeay.num | 2 +- 6 files changed, 12 insertions(+), 13 deletions(-) diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c index a015da1e4..a848ef2dd 100644 --- a/fips/rand/fips_drbg_lib.c +++ b/fips/rand/fips_drbg_lib.c @@ -400,7 +400,7 @@ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx) return rv; } -int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, +int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, int entropy, size_t min_len, size_t max_len), size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out, @@ -408,7 +408,6 @@ int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, { if (dctx->status != DRBG_STATUS_UNINITIALISED) return 0; - dctx->flags |= DRBG_FLAG_TEST; dctx->get_entropy = get_entropy; dctx->get_nonce = get_nonce; return 1; diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index af21971ba..31b7a0be5 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -82,7 +82,7 @@ typedef struct { size_t katlen; } DRBG_SELFTEST_DATA; -#define make_drbg_test_data(nid, flag, pr) { nid, flag, \ +#define make_drbg_test_data(nid, flag, pr) { nid, flag | DRBG_FLAG_TEST, \ pr##_entropyinput, sizeof(pr##_entropyinput), \ pr##_nonce, sizeof(pr##_nonce), \ pr##_personalizationstring, sizeof(pr##_personalizationstring), \ @@ -762,7 +762,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) unsigned char randout[1024]; if (!FIPS_drbg_init(dctx, td->nid, td->flags)) return 0; - if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce)) + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce)) return 0; FIPS_drbg_set_app_data(dctx, &t); @@ -818,7 +818,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!FIPS_drbg_init(dctx, td->nid, td->flags)) goto err; - if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce)) + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce)) goto err; FIPS_drbg_set_app_data(dctx, &t); @@ -860,7 +860,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) /* Instantiate with valid data. NB: errors now reported again */ if (!FIPS_drbg_init(dctx, td->nid, td->flags)) goto err; - if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce)) + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce)) goto err; FIPS_drbg_set_app_data(dctx, &t); @@ -914,7 +914,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) if (!FIPS_drbg_init(dctx, td->nid, td->flags)) goto err; - if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce)) + if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce)) goto err; FIPS_drbg_set_app_data(dctx, &t); diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c index 0c5839e55..53d443934 100644 --- a/fips/rand/fips_drbgvs.c +++ b/fips/rand/fips_drbgvs.c @@ -245,10 +245,10 @@ int main(int argc,char **argv) if (!strcmp(keyword, "PersonalizationString")) { pers = hex2bin_m(value, &perslen); - dctx = FIPS_drbg_new(nid, df); + dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST); if (!dctx) exit (1); - FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce); + FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce); FIPS_drbg_set_app_data(dctx, &t); randoutlen = (int)FIPS_drbg_get_blocklength(dctx); r = FIPS_drbg_instantiate(dctx, pers, perslen); diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h index c4d1d910b..b332549ff 100644 --- a/fips/rand/fips_rand.h +++ b/fips/rand/fips_rand.h @@ -74,6 +74,8 @@ typedef struct drbg_ctx_st DRBG_CTX; /* Flag for CTR mode only: use derivation function ctr_df */ #define DRBG_FLAG_CTR_USE_DF 0x1 +/* PRNG is in test state */ +#define DRBG_FLAG_TEST 0x2 DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags); int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags); @@ -87,7 +89,7 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); void FIPS_drbg_free(DRBG_CTX *dctx); -int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, +int FIPS_drbg_set_callbacks(DRBG_CTX *dctx, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, int entropy, size_t min_len, size_t max_len), size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out, diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h index 8f97ac00b..4ec4ef85f 100644 --- a/fips/rand/fips_rand_lcl.h +++ b/fips/rand/fips_rand_lcl.h @@ -84,8 +84,6 @@ struct drbg_ctr_ctx_st /* DRBG flags */ -/* PRNG is in test state */ -#define DRBG_FLAG_TEST 0x2 /* Functions shouldn't call err library */ #define DRBG_FLAG_NOERR 0x4 diff --git a/util/libeay.num b/util/libeay.num index a23555333..e80db2565 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4300,7 +4300,7 @@ FIPS_drbg_set_app_data 4669 EXIST:OPENSSL_FIPS:FUNCTION: FIPS_ecdsa_sign_ctx 4670 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA FIPS_ecdsa_sign_digest 4671 EXIST:OPENSSL_FIPS:FUNCTION:ECDSA X509_ALGOR_set_md 4672 EXIST::FUNCTION: -FIPS_drbg_set_test_mode 4673 EXIST:OPENSSL_FIPS:FUNCTION: +FIPS_drbg_set_callbacks 4673 EXIST:OPENSSL_FIPS:FUNCTION: ASN1_SCTX_new 4674 EXIST::FUNCTION: FIPS_set_locking_callbacks 4675 EXIST:OPENSSL_FIPS:FUNCTION: CRYPTO_ctr128_encrypt_ctr32 4676 EXIST::FUNCTION: