Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
b8b6a13a
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
b8b6a13a
编写于
4月 21, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add continuous RNG test to entropy source. Entropy callbacks now need
to specify a "block length".
上级
76089788
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
77 addition
and
13 deletion
+77
-13
crypto/fips_err.h
crypto/fips_err.h
+2
-0
crypto/rand/rand_lib.c
crypto/rand/rand_lib.c
+1
-1
fips/fips.h
fips/fips.h
+2
-0
fips/fips_test_suite.c
fips/fips_test_suite.c
+5
-1
fips/fips_utl.h
fips/fips_utl.h
+14
-2
fips/rand/fips_drbg_lib.c
fips/rand/fips_drbg_lib.c
+44
-4
fips/rand/fips_drbg_selftest.c
fips/rand/fips_drbg_selftest.c
+4
-4
fips/rand/fips_drbgvs.c
fips/rand/fips_drbgvs.c
+1
-1
fips/rand/fips_rand.h
fips/rand/fips_rand.h
+1
-0
fips/rand/fips_rand_lcl.h
fips/rand/fips_rand_lcl.h
+3
-0
未找到文件。
crypto/fips_err.h
浏览文件 @
b8b6a13a
...
...
@@ -91,6 +91,7 @@ static ERR_STRING_DATA FIPS_str_functs[]=
{
ERR_FUNC
(
FIPS_F_FIPS_DRBG_NEW
),
"FIPS_drbg_new"
},
{
ERR_FUNC
(
FIPS_F_FIPS_DRBG_RESEED
),
"FIPS_drbg_reseed"
},
{
ERR_FUNC
(
FIPS_F_FIPS_DRBG_SINGLE_KAT
),
"FIPS_DRBG_SINGLE_KAT"
},
{
ERR_FUNC
(
FIPS_F_FIPS_GET_ENTROPY
),
"FIPS_GET_ENTROPY"
},
{
ERR_FUNC
(
FIPS_F_FIPS_MODE_SET
),
"FIPS_mode_set"
},
{
ERR_FUNC
(
FIPS_F_FIPS_PKEY_SIGNATURE_TEST
),
"fips_pkey_signature_test"
},
{
ERR_FUNC
(
FIPS_F_FIPS_RAND_ADD
),
"FIPS_rand_add"
},
...
...
@@ -128,6 +129,7 @@ static ERR_STRING_DATA FIPS_str_reasons[]=
{
ERR_REASON
(
FIPS_R_DRBG_STUCK
)
,
"drbg stuck"
},
{
ERR_REASON
(
FIPS_R_ENTROPY_ERROR_UNDETECTED
),
"entropy error undetected"
},
{
ERR_REASON
(
FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED
),
"entropy not requested for reseed"
},
{
ERR_REASON
(
FIPS_R_ENTROPY_SOURCE_STUCK
)
,
"entropy source stuck"
},
{
ERR_REASON
(
FIPS_R_ERROR_INITIALISING_DRBG
),
"error initialising drbg"
},
{
ERR_REASON
(
FIPS_R_ERROR_INSTANTIATING_DRBG
),
"error instantiating drbg"
},
{
ERR_REASON
(
FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT
),
"error retrieving additional input"
},
...
...
crypto/rand/rand_lib.c
浏览文件 @
b8b6a13a
...
...
@@ -253,7 +253,7 @@ int RAND_init_fips(void)
dctx
=
FIPS_get_default_drbg
();
FIPS_drbg_init
(
dctx
,
NID_aes_256_ctr
,
DRBG_FLAG_CTR_USE_DF
);
FIPS_drbg_set_callbacks
(
dctx
,
drbg_get_entropy
,
drbg_free_entropy
,
drbg_get_entropy
,
drbg_free_entropy
,
20
,
drbg_get_entropy
,
drbg_free_entropy
);
FIPS_drbg_set_rand_callbacks
(
dctx
,
drbg_get_adin
,
0
,
drbg_rand_seed
,
drbg_rand_add
);
...
...
fips/fips.h
浏览文件 @
b8b6a13a
...
...
@@ -253,6 +253,7 @@ void ERR_load_FIPS_strings(void);
#define FIPS_F_FIPS_DRBG_NEW 117
#define FIPS_F_FIPS_DRBG_RESEED 118
#define FIPS_F_FIPS_DRBG_SINGLE_KAT 119
#define FIPS_F_FIPS_GET_ENTROPY 147
#define FIPS_F_FIPS_MODE_SET 120
#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 121
#define FIPS_F_FIPS_RAND_ADD 122
...
...
@@ -287,6 +288,7 @@ void ERR_load_FIPS_strings(void);
#define FIPS_R_DRBG_STUCK 103
#define FIPS_R_ENTROPY_ERROR_UNDETECTED 104
#define FIPS_R_ENTROPY_NOT_REQUESTED_FOR_RESEED 105
#define FIPS_R_ENTROPY_SOURCE_STUCK 142
#define FIPS_R_ERROR_INITIALISING_DRBG 106
#define FIPS_R_ERROR_INSTANTIATING_DRBG 107
#define FIPS_R_ERROR_RETRIEVING_ADDITIONAL_INPUT 108
...
...
fips/fips_test_suite.c
浏览文件 @
b8b6a13a
...
...
@@ -847,7 +847,6 @@ int main(int argc,char **argv)
int
do_drbg_stick
=
0
;
int
no_exit
=
0
;
fips_algtest_init_nofips
();
FIPS_post_set_callback
(
post_cb
);
...
...
@@ -910,6 +909,8 @@ int main(int argc,char **argv)
do_rng_stick
=
1
;
no_exit
=
1
;
printf
(
"RNG test with stuck continuous test...
\n
"
);
}
else
if
(
!
strcmp
(
argv
[
1
],
"drbgentstick"
))
{
do_entropy_stick
();
}
else
if
(
!
strcmp
(
argv
[
1
],
"drbgstick"
))
{
do_drbg_stick
=
1
;
no_exit
=
1
;
...
...
@@ -919,6 +920,7 @@ int main(int argc,char **argv)
exit
(
1
);
}
if
(
!
no_exit
)
{
fips_algtest_init_nofips
();
if
(
!
FIPS_mode_set
(
1
))
{
printf
(
"Power-up self test failed
\n
"
);
exit
(
1
);
...
...
@@ -928,6 +930,8 @@ int main(int argc,char **argv)
}
}
fips_algtest_init_nofips
();
/* Non-Approved cryptographic operation
*/
printf
(
"1. Non-Approved cryptographic operation test...
\n
"
);
...
...
fips/fips_utl.h
浏览文件 @
b8b6a13a
...
...
@@ -67,6 +67,7 @@ int bin2bint(const unsigned char *in,int len,char *out);
void
PrintValue
(
char
*
tag
,
unsigned
char
*
val
,
int
len
);
void
OutputValue
(
char
*
tag
,
unsigned
char
*
val
,
int
len
,
FILE
*
rfp
,
int
bitmode
);
void
fips_algtest_init
(
void
);
void
do_entropy_stick
(
void
);
static
int
no_err
;
...
...
@@ -109,18 +110,29 @@ static size_t dummy_cb(DRBG_CTX *ctx, unsigned char **pout,
return
min_len
;
}
static
int
entropy_stick
=
0
;
static
void
fips_algtest_init_nofips
(
void
)
{
DRBG_CTX
*
ctx
;
size_t
i
;
FIPS_set_error_callbacks
(
put_err_cb
,
add_err_cb
);
OPENSSL_cleanse
(
dummy_entropy
,
1024
);
for
(
i
=
0
;
i
<
sizeof
(
dummy_entropy
);
i
++
)
dummy_entropy
[
i
]
=
i
&
0xff
;
if
(
entropy_stick
)
memcpy
(
dummy_entropy
+
32
,
dummy_entropy
+
16
,
16
);
ctx
=
FIPS_get_default_drbg
();
FIPS_drbg_init
(
ctx
,
NID_aes_256_ctr
,
DRBG_FLAG_CTR_USE_DF
);
FIPS_drbg_set_callbacks
(
ctx
,
dummy_cb
,
0
,
dummy_cb
,
0
);
FIPS_drbg_set_callbacks
(
ctx
,
dummy_cb
,
0
,
16
,
dummy_cb
,
0
);
FIPS_drbg_instantiate
(
ctx
,
dummy_entropy
,
10
);
FIPS_rand_set_method
(
FIPS_drbg_method
());
}
void
do_entropy_stick
(
void
)
{
entropy_stick
=
1
;
}
void
fips_algtest_init
(
void
)
{
fips_algtest_init_nofips
();
...
...
fips/rand/fips_drbg_lib.c
浏览文件 @
b8b6a13a
...
...
@@ -71,6 +71,7 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
dctx
->
flags
=
flags
;
dctx
->
type
=
type
;
dctx
->
entropy_blocklen
=
0
;
dctx
->
health_check_cnt
=
0
;
dctx
->
health_check_interval
=
DRBG_HEALTH_INTERVAL
;
...
...
@@ -131,6 +132,43 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
OPENSSL_free
(
dctx
);
}
static
size_t
fips_get_entropy
(
DRBG_CTX
*
dctx
,
unsigned
char
**
pout
,
int
entropy
,
size_t
min_len
,
size_t
max_len
)
{
unsigned
char
*
tout
,
*
p
;
size_t
bl
=
dctx
->
entropy_blocklen
,
rv
;
if
(
dctx
->
flags
&
DRBG_FLAG_TEST
||
!
bl
)
return
dctx
->
get_entropy
(
dctx
,
pout
,
entropy
,
min_len
,
max_len
);
rv
=
dctx
->
get_entropy
(
dctx
,
&
tout
,
entropy
+
bl
,
min_len
+
bl
,
max_len
+
bl
);
*
pout
=
tout
+
bl
;
if
(
rv
<
(
min_len
+
bl
)
||
(
rv
%
bl
))
return
0
;
/* Compare consecutive blocks for continuous PRNG test */
for
(
p
=
tout
;
p
<
tout
+
rv
;
p
+=
bl
)
{
if
(
!
memcmp
(
p
,
p
+
bl
,
bl
))
{
FIPSerr
(
FIPS_F_FIPS_GET_ENTROPY
,
FIPS_R_ENTROPY_SOURCE_STUCK
);
return
0
;
}
}
return
rv
-
bl
;
}
static
void
fips_cleanup_entropy
(
DRBG_CTX
*
dctx
,
unsigned
char
*
out
,
size_t
olen
)
{
size_t
bl
;
if
(
dctx
->
flags
&
DRBG_FLAG_TEST
)
bl
=
0
;
else
bl
=
dctx
->
entropy_blocklen
;
/* Call cleanup with original arguments */
dctx
->
cleanup_entropy
(
dctx
,
out
-
bl
,
olen
+
bl
);
}
int
FIPS_drbg_instantiate
(
DRBG_CTX
*
dctx
,
const
unsigned
char
*
pers
,
size_t
perslen
)
{
...
...
@@ -167,7 +205,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
dctx
->
status
=
DRBG_STATUS_ERROR
;
entlen
=
dctx
->
get_entropy
(
dctx
,
&
entropy
,
dctx
->
strength
,
entlen
=
fips_
get_entropy
(
dctx
,
&
entropy
,
dctx
->
strength
,
dctx
->
min_entropy
,
dctx
->
max_entropy
);
if
(
entlen
<
dctx
->
min_entropy
||
entlen
>
dctx
->
max_entropy
)
...
...
@@ -206,7 +244,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
end:
if
(
entropy
&&
dctx
->
cleanup_entropy
)
dctx
->
cleanup_entropy
(
dctx
,
entropy
,
entlen
);
fips_
cleanup_entropy
(
dctx
,
entropy
,
entlen
);
if
(
nonce
&&
dctx
->
cleanup_nonce
)
dctx
->
cleanup_nonce
(
dctx
,
nonce
,
noncelen
);
...
...
@@ -252,7 +290,7 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
dctx
->
status
=
DRBG_STATUS_ERROR
;
entlen
=
dctx
->
get_entropy
(
dctx
,
&
entropy
,
dctx
->
strength
,
entlen
=
fips_
get_entropy
(
dctx
,
&
entropy
,
dctx
->
strength
,
dctx
->
min_entropy
,
dctx
->
max_entropy
);
if
(
entlen
<
dctx
->
min_entropy
||
entlen
>
dctx
->
max_entropy
)
...
...
@@ -269,7 +307,7 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
end:
if
(
entropy
&&
dctx
->
cleanup_entropy
)
dctx
->
cleanup_entropy
(
dctx
,
entropy
,
entlen
);
fips_
cleanup_entropy
(
dctx
,
entropy
,
entlen
);
if
(
dctx
->
status
==
DRBG_STATUS_READY
)
return
1
;
...
...
@@ -383,12 +421,14 @@ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
size_t
(
*
get_entropy
)(
DRBG_CTX
*
ctx
,
unsigned
char
**
pout
,
int
entropy
,
size_t
min_len
,
size_t
max_len
),
void
(
*
cleanup_entropy
)(
DRBG_CTX
*
ctx
,
unsigned
char
*
out
,
size_t
olen
),
size_t
entropy_blocklen
,
size_t
(
*
get_nonce
)(
DRBG_CTX
*
ctx
,
unsigned
char
**
pout
,
int
entropy
,
size_t
min_len
,
size_t
max_len
),
void
(
*
cleanup_nonce
)(
DRBG_CTX
*
ctx
,
unsigned
char
*
out
,
size_t
olen
))
{
if
(
dctx
->
status
!=
DRBG_STATUS_UNINITIALISED
)
return
0
;
dctx
->
entropy_blocklen
=
entropy_blocklen
;
dctx
->
get_entropy
=
get_entropy
;
dctx
->
cleanup_entropy
=
cleanup_entropy
;
dctx
->
get_nonce
=
get_nonce
;
...
...
fips/rand/fips_drbg_selftest.c
浏览文件 @
b8b6a13a
...
...
@@ -759,7 +759,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
unsigned
char
randout
[
1024
];
if
(
!
FIPS_drbg_init
(
dctx
,
td
->
nid
,
td
->
flags
))
return
0
;
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
test_nonce
,
0
))
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
))
return
0
;
FIPS_drbg_set_app_data
(
dctx
,
&
t
);
...
...
@@ -825,7 +825,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
if
(
!
FIPS_drbg_init
(
dctx
,
td
->
nid
,
td
->
flags
))
goto
err
;
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
test_nonce
,
0
))
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
))
goto
err
;
FIPS_drbg_set_app_data
(
dctx
,
&
t
);
...
...
@@ -874,7 +874,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
/* Instantiate with valid data. NB: errors now reported again */
if
(
!
FIPS_drbg_init
(
dctx
,
td
->
nid
,
td
->
flags
))
goto
err
;
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
test_nonce
,
0
))
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
))
goto
err
;
FIPS_drbg_set_app_data
(
dctx
,
&
t
);
...
...
@@ -936,7 +936,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
if
(
!
FIPS_drbg_init
(
dctx
,
td
->
nid
,
td
->
flags
))
goto
err
;
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
test_nonce
,
0
))
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
))
goto
err
;
FIPS_drbg_set_app_data
(
dctx
,
&
t
);
...
...
fips/rand/fips_drbgvs.c
浏览文件 @
b8b6a13a
...
...
@@ -248,7 +248,7 @@ int main(int argc,char **argv)
dctx
=
FIPS_drbg_new
(
nid
,
df
|
DRBG_FLAG_TEST
);
if
(
!
dctx
)
exit
(
1
);
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
);
FIPS_drbg_set_app_data
(
dctx
,
&
t
);
randoutlen
=
(
int
)
FIPS_drbg_get_blocklength
(
dctx
);
...
...
fips/rand/fips_rand.h
浏览文件 @
b8b6a13a
...
...
@@ -93,6 +93,7 @@ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
size_t
(
*
get_entropy
)(
DRBG_CTX
*
ctx
,
unsigned
char
**
pout
,
int
entropy
,
size_t
min_len
,
size_t
max_len
),
void
(
*
cleanup_entropy
)(
DRBG_CTX
*
ctx
,
unsigned
char
*
out
,
size_t
olen
),
size_t
entropy_blocklen
,
size_t
(
*
get_nonce
)(
DRBG_CTX
*
ctx
,
unsigned
char
**
pout
,
int
entropy
,
size_t
min_len
,
size_t
max_len
),
void
(
*
cleanup_nonce
)(
DRBG_CTX
*
ctx
,
unsigned
char
*
out
,
size_t
olen
));
...
...
fips/rand/fips_rand_lcl.h
浏览文件 @
b8b6a13a
...
...
@@ -157,6 +157,9 @@ struct drbg_ctx_st
/* uninstantiate */
int
(
*
uninstantiate
)(
DRBG_CTX
*
ctx
);
/* Entropy source block length */
size_t
entropy_blocklen
;
/* entropy gathering function */
size_t
(
*
get_entropy
)(
DRBG_CTX
*
ctx
,
unsigned
char
**
pout
,
int
entropy
,
size_t
min_len
,
size_t
max_len
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录