Commit 311276ff authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

Return error when trying to use prediction resistance 



There is a requirements of having access to a live entropy source
which we can't do with the default callbacks. If you need prediction
resistance you need to set up your own callbacks that follow the
requirements of NIST SP 800-90C.

Reviewed-by: default avatarDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5402
parent eb238134

crypto/err/openssl.txt

+2 −0
Original line number Diff line number Diff line
@@ -2310,6 +2310,8 @@ RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected 
RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled

RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak

RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long

RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\

	prediction resistance not supported

RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded

RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow

RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg

crypto/rand/rand_err.c

+2 −0
Original line number Diff line number Diff line
@@ -94,6 +94,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = { 
    "parent strength too weak"},

    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),

    "personalisation string too long"},

    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED),

    "prediction resistance not supported"},

    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},

    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW),

    "random pool overflow"},

crypto/rand/rand_lib.c

+12 −1
Original line number Diff line number Diff line
@@ -217,7 +217,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, 
            rand_drbg_lock(drbg->parent);

            if (RAND_DRBG_generate(drbg->parent,

                                   buffer, bytes_needed,

                                   0,

                                   prediction_resistance,

                                   (unsigned char *)drbg, sizeof(*drbg)) != 0)

                bytes = bytes_needed;

            rand_drbg_unlock(drbg->parent);
@@ -226,6 +226,17 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, 
        }



    } else {

        if (prediction_resistance) {

            /*

             * We don't have any entropy sources that comply with the NIST

             * standard to provide prediction resistance (see NIST SP 800-90C,

             * Section 5.4).

             */

            RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,

                    RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);

            return 0;

        }



        /* Get entropy by polling system entropy sources. */

        entropy_available = rand_pool_acquire_entropy(pool);

    }

include/openssl/randerr.h

+1 −0
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ int ERR_load_RAND_strings(void); 
# define RAND_R_PARENT_LOCKING_NOT_ENABLED                130

# define RAND_R_PARENT_STRENGTH_TOO_WEAK                  131

# define RAND_R_PERSONALISATION_STRING_TOO_LONG           116

# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED       133

# define RAND_R_PRNG_NOT_SEEDED                           100

# define RAND_R_RANDOM_POOL_OVERFLOW                      125

# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG                117