Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
6653c6f2
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
6653c6f2
编写于
4月 06, 2011
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update OpenSSL DRBG support code. Use date time vector as additional data.
Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD.
上级
4c8855b9
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
41 addition
and
14 deletion
+41
-14
crypto/rand/rand_lib.c
crypto/rand/rand_lib.c
+31
-5
fips/fips.h
fips/fips.h
+2
-0
fips/rand/fips_rand.c
fips/rand/fips_rand.c
+8
-9
未找到文件。
crypto/rand/rand_lib.c
浏览文件 @
6653c6f2
...
...
@@ -65,6 +65,11 @@
#include <openssl/engine.h>
#endif
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#endif
#ifndef OPENSSL_NO_ENGINE
/* non-NULL if default_RAND_meth is ENGINE-provided */
static
ENGINE
*
funct_ref
=
NULL
;
...
...
@@ -73,6 +78,10 @@ static const RAND_METHOD *default_RAND_meth = NULL;
int
RAND_set_rand_method
(
const
RAND_METHOD
*
meth
)
{
#ifdef OPENSSL_FIPS
if
(
!
FIPS_rand_set_method
(
meth
))
return
0
;
#endif
#ifndef OPENSSL_NO_ENGINE
if
(
funct_ref
)
{
...
...
@@ -178,9 +187,6 @@ int RAND_status(void)
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
/* FIPS DRBG initialisation code. This sets up the DRBG for use by the
* rest of OpenSSL.
*/
...
...
@@ -210,6 +216,20 @@ static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
OPENSSL_free
(
out
);
}
/* Set "additional input" when generating random data. This uses the
* current PID, a time value and a counter.
*/
static
size_t
drbg_get_adin
(
DRBG_CTX
*
ctx
,
unsigned
char
**
pout
)
{
/* Use of static variables is OK as this happens under a lock */
static
unsigned
char
buf
[
16
];
static
unsigned
long
counter
;
FIPS_get_timevec
(
buf
,
&
counter
);
*
pout
=
buf
;
return
sizeof
(
buf
);
}
/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
* correctly seeded by RAND_poll().
*/
...
...
@@ -228,14 +248,20 @@ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
int
RAND_init_fips
(
void
)
{
DRBG_CTX
*
dctx
;
unsigned
char
pers
[
16
]
=
{
0
,
0
,
0
};
size_t
plen
;
unsigned
char
pers
[
32
],
*
p
;
dctx
=
FIPS_get_default_drbg
();
FIPS_drbg_init
(
dctx
,
NID_aes_256_ctr
,
DRBG_FLAG_CTR_USE_DF
);
FIPS_drbg_set_callbacks
(
dctx
,
drbg_get_entropy
,
drbg_free_entropy
,
drbg_get_entropy
,
drbg_free_entropy
);
FIPS_drbg_set_rand_callbacks
(
dctx
,
0
,
0
,
FIPS_drbg_set_rand_callbacks
(
dctx
,
drbg_get_adin
,
0
,
drbg_rand_seed
,
drbg_rand_add
);
/* Personalisation string: a string followed by date time vector */
strcpy
((
char
*
)
pers
,
"OpenSSL DRBG2.0"
);
plen
=
drbg_get_adin
(
dctx
,
&
p
);
memcpy
(
pers
+
16
,
p
,
plen
);
FIPS_drbg_instantiate
(
dctx
,
pers
,
sizeof
(
pers
));
FIPS_rand_set_method
(
FIPS_drbg_method
());
return
1
;
...
...
fips/fips.h
浏览文件 @
6653c6f2
...
...
@@ -127,6 +127,8 @@ void FIPS_set_malloc_callbacks(
void
*
(
*
malloc_cb
)(
int
num
,
const
char
*
file
,
int
line
),
void
(
*
free_cb
)(
void
*
));
void
FIPS_get_timevec
(
unsigned
char
*
buf
,
unsigned
long
*
pctr
);
#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
alg " previous FIPS forbidden algorithm error ignored");
...
...
fips/rand/fips_rand.c
浏览文件 @
6653c6f2
...
...
@@ -221,14 +221,13 @@ int FIPS_x931_set_dt(unsigned char *dt)
return
1
;
}
static
void
fips_get_dt
(
FIPS_PRNG_CTX
*
ctx
)
void
FIPS_get_timevec
(
unsigned
char
*
buf
,
unsigned
long
*
pctr
)
{
#ifdef OPENSSL_SYS_WIN32
FILETIME
ft
;
#else
struct
timeval
tv
;
#endif
unsigned
char
*
buf
=
ctx
->
DT
;
#ifndef GETPID_IS_MEANINGLESS
unsigned
long
pid
;
...
...
@@ -255,12 +254,12 @@ static void fips_get_dt(FIPS_PRNG_CTX *ctx)
buf
[
6
]
=
(
unsigned
char
)
((
tv
.
tv_usec
>>
16
)
&
0xff
);
buf
[
7
]
=
(
unsigned
char
)
((
tv
.
tv_usec
>>
24
)
&
0xff
);
#endif
buf
[
8
]
=
(
unsigned
char
)
(
ctx
->
counte
r
&
0xff
);
buf
[
9
]
=
(
unsigned
char
)
((
ctx
->
counte
r
>>
8
)
&
0xff
);
buf
[
10
]
=
(
unsigned
char
)
((
ctx
->
counte
r
>>
16
)
&
0xff
);
buf
[
11
]
=
(
unsigned
char
)
((
ctx
->
counte
r
>>
24
)
&
0xff
);
buf
[
8
]
=
(
unsigned
char
)
(
*
pct
r
&
0xff
);
buf
[
9
]
=
(
unsigned
char
)
((
*
pct
r
>>
8
)
&
0xff
);
buf
[
10
]
=
(
unsigned
char
)
((
*
pct
r
>>
16
)
&
0xff
);
buf
[
11
]
=
(
unsigned
char
)
((
*
pct
r
>>
24
)
&
0xff
);
ctx
->
counter
++
;
(
*
pctr
)
++
;
#ifndef GETPID_IS_MEANINGLESS
...
...
@@ -296,7 +295,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
for
(;;)
{
if
(
!
ctx
->
test_mode
)
fips_get_dt
(
ctx
);
FIPS_get_timevec
(
ctx
->
DT
,
&
ctx
->
counter
);
AES_encrypt
(
ctx
->
DT
,
I
,
&
ctx
->
ks
);
for
(
i
=
0
;
i
<
AES_BLOCK_LENGTH
;
i
++
)
tmp
[
i
]
=
I
[
i
]
^
ctx
->
V
[
i
];
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录