Commit 75e2c877 authored by Rich Salz's avatar Rich Salz
Browse files

Switch from ossl_rand to DRBG rand 



If RAND_add wraps around, XOR with existing. Add test to drbgtest that
does the wrap-around.

Re-order seeding and stop after first success.

Add RAND_poll_ex()

Use the DF and therefore lower RANDOMNESS_NEEDED.  Also, for child DRBG's,
mix in the address as the personalization bits.

Centralize the entropy callbacks, from drbg_lib to rand_lib.
(Conceptually, entropy is part of the enclosing application.)
Thanks to Dr. Matthias St Pierre for the suggestion.

Various code cleanups:
    -Make state an enum; inline RANDerr calls.
    -Add RAND_POLL_RETRIES (thanks Pauli for the idea)
    -Remove most RAND_seed calls from rest of library
    -Rename DRBG_CTX to RAND_DRBG, etc.
    -Move some code from drbg_lib to drbg_rand; drbg_lib is now only the
     implementation of NIST DRBG.
    -Remove blocklength

Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4019)
parent 67dc995e

apps/speed.c

+0 −14
Original line number Diff line number Diff line
@@ -247,11 +247,6 @@ static double ecdsa_results[EC_NUM][2]; 
static double ecdh_results[EC_NUM][1];

#endif



#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)

static const char rnd_seed[] =

    "string to make the random number generator think it has randomness";

#endif



#ifdef SIGALRM

# if defined(__STDC__) || defined(sgi) || defined(_AIX)

#  define SIGRETTYPE void
@@ -2397,9 +2392,6 @@ int speed_main(int argc, char **argv) 
        RAND_bytes(loopargs[i].buf, 36);



#ifndef OPENSSL_NO_DSA

    if (RAND_status() != 1) {

        RAND_seed(rnd_seed, sizeof rnd_seed);

    }

    for (testnum = 0; testnum < DSA_NUM; testnum++) {

        int st = 0;

        if (!dsa_doit[testnum])
@@ -2467,9 +2459,6 @@ int speed_main(int argc, char **argv) 
#endif                          /* OPENSSL_NO_DSA */



#ifndef OPENSSL_NO_EC

    if (RAND_status() != 1) {

        RAND_seed(rnd_seed, sizeof rnd_seed);

    }

    for (testnum = 0; testnum < EC_NUM; testnum++) {

        int st = 1;
@@ -2554,9 +2543,6 @@ int speed_main(int argc, char **argv) 
        }

    }



    if (RAND_status() != 1) {

        RAND_seed(rnd_seed, sizeof rnd_seed);

    }

    for (testnum = 0; testnum < EC_NUM; testnum++) {

        int ecdh_checks = 1;

crypto/bn/bn_rand.c

+0 −4
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ static int bnrand(int testing, BIGNUM *rnd, int bits, int top, int bottom) 
{

    unsigned char *buf = NULL;

    int ret = 0, bit, bytes, mask;

    time_t tim;



    if (bits == 0) {

        if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
@@ -40,9 +39,6 @@ static int bnrand(int testing, BIGNUM *rnd, int bits, int top, int bottom) 
    }



    /* make a random number and set the top and bottom bits */

    time(&tim);

    RAND_add(&tim, sizeof(tim), 0.0);



    if (RAND_bytes(buf, bytes) <= 0)

        goto err;

crypto/dsa/dsa_asn1.c

+1 −1
Original line number Diff line number Diff line
@@ -111,7 +111,7 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, 
             unsigned char *sig, unsigned int *siglen, DSA *dsa)

{

    DSA_SIG *s;

    RAND_seed(dgst, dlen);



    s = DSA_do_sign(dgst, dlen, dsa);

    if (s == NULL) {

        *siglen = 0;

crypto/ec/ecdsa_ossl.c

+1 −1
Original line number Diff line number Diff line
@@ -20,7 +20,7 @@ int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, 
                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)

{

    ECDSA_SIG *s;

    RAND_seed(dgst, dlen);



    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);

    if (s == NULL) {

        *siglen = 0;

crypto/evp/evp_pkey.c

+0 −1
Original line number Diff line number Diff line
@@ -80,7 +80,6 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) 
        EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);

        goto error;

    }

    RAND_add(p8->pkey->data, p8->pkey->length, 0.0);

    return p8;

 error:

    PKCS8_PRIV_KEY_INFO_free(p8);