1. 04 1月, 2018 1 次提交
    • D
      crypto/rand: restore the generic DRBG implementation · 8212d505
      Dr. Matthias St. Pierre 提交于
      The DRGB concept described in NIST SP 800-90A provides for having different
      algorithms to generate random output. In fact, the FIPS object module used to
      implement three of them, CTR DRBG, HASH DRBG and HMAC DRBG.
      
      When the FIPS code was ported to master in #4019, two of the three algorithms
      were dropped, and together with those the entire code that made RAND_DRBG
      generic was removed, since only one concrete implementation was left.
      
      This commit restores the original generic implementation of the DRBG, making it
      possible again to add additional implementations using different algorithms
      (like RAND_DRBG_CHACHA20) in the future.
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      Reviewed-by: NTim Hudson <tjh@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4998)
      8212d505
  2. 18 12月, 2017 2 次提交
  3. 18 10月, 2017 1 次提交
    • D
      Fix reseeding issues of the public RAND_DRBG · c16de9d8
      Dr. Matthias St. Pierre 提交于
      Reseeding is handled very differently by the classic RAND_METHOD API
      and the new RAND_DRBG api. These differences led to some problems when
      the new RAND_DRBG was made the default OpenSSL RNG. In particular,
      RAND_add() did not work as expected anymore. These issues are discussed
      on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API'
      and in Pull Request #4328. This commit fixes the mentioned issues,
      introducing the following changes:
      
      - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which
        facilitates collecting entropy by the get_entropy() callback.
      - Don't use RAND_poll()/RAND_add() for collecting entropy from the
        get_entropy() callback anymore. Instead, replace RAND_poll() by
        RAND_POOL_acquire_entropy().
      - Add a new function rand_drbg_restart() which tries to get the DRBG
        in an instantiated state by all means, regardless of the current
        state (uninstantiated, error, ...) the DRBG is in. If the caller
        provides entropy or additional input, it will be used for reseeding.
      - Restore the original documented behaviour of RAND_add() and RAND_poll()
        (namely to reseed the DRBG immediately) by a new implementation based
        on rand_drbg_restart().
      - Add automatic error recovery from temporary failures of the entropy
        source to RAND_DRBG_generate() using the rand_drbg_restart() function.
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      Reviewed-by: NBen Kaduk <kaduk@mit.edu>
      (Merged from https://github.com/openssl/openssl/pull/4328)
      c16de9d8
  4. 28 8月, 2017 1 次提交
    • D
      DRBG: clarify difference between entropy counts and buffer lengths · aa048aef
      Dr. Matthias St. Pierre 提交于
      Unlike the NIST DRBG standard, entropy counts are in bits and
      buffer lengths are in bytes. This has lead to some confusion and
      errors in the past, see my comment on PR 3789.
      
      To clarify the destinction between entropy counts and buffer lengths,
      a 'len' suffix has been added to all member names of RAND_DRBG which
      represent buffer lengths:
      
      -   {min,max}_{entropy,adin,nonce,pers}
      +   {min,max}_{entropy,adin,nonce,pers}len
      
      This change makes naming also more consistent, as can be seen in the
      diffs, for example:
      
      -    else if (adinlen > drbg->max_adin) {
      +    else if (adinlen > drbg->max_adinlen) {
      
      Also replaced all 'ent's by 'entropy's, following a suggestion of Paul Dale.
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/4266)
      aa048aef
  5. 22 8月, 2017 1 次提交
  6. 18 8月, 2017 1 次提交
  7. 16 8月, 2017 1 次提交
  8. 03 8月, 2017 1 次提交
    • R
      Switch from ossl_rand to DRBG rand · 75e2c877
      Rich Salz 提交于
      If RAND_add wraps around, XOR with existing. Add test to drbgtest that
      does the wrap-around.
      
      Re-order seeding and stop after first success.
      
      Add RAND_poll_ex()
      
      Use the DF and therefore lower RANDOMNESS_NEEDED.  Also, for child DRBG's,
      mix in the address as the personalization bits.
      
      Centralize the entropy callbacks, from drbg_lib to rand_lib.
      (Conceptually, entropy is part of the enclosing application.)
      Thanks to Dr. Matthias St Pierre for the suggestion.
      
      Various code cleanups:
          -Make state an enum; inline RANDerr calls.
          -Add RAND_POLL_RETRIES (thanks Pauli for the idea)
          -Remove most RAND_seed calls from rest of library
          -Rename DRBG_CTX to RAND_DRBG, etc.
          -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
           implementation of NIST DRBG.
          -Remove blocklength
      Reviewed-by: NPaul Dale <paul.dale@oracle.com>
      (Merged from https://github.com/openssl/openssl/pull/4019)
      75e2c877
  9. 27 7月, 2017 1 次提交
    • P
      Update the test framework so that the need for test_main is removed. Everything · ad887416
      Pauli 提交于
      that needed test_main now works using the same infrastructure as tests that used
      register_tests.
      
      This meant:
      * renaming register_tests to setup_tests and giving it a success/failure return.
      * renaming the init_test function to setup_test_framework.
      * renaming the finish_test function to pulldown_test_framework.
      * adding a user provided global_init function that runs before the test frame
          work is initialised.  It returns a failure indication that stops the stest.
      * adding helper functions that permit tests to access their command line args.
      * spliting the BIO initialisation and finalisation out from the test setup and
          teardown.
      * hiding some of the now test internal functions.
      * fix the comments in testutil.h
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      (Merged from https://github.com/openssl/openssl/pull/3953)
      ad887416
  10. 21 7月, 2017 1 次提交
  11. 19 7月, 2017 1 次提交