Propagate the request for prediction resistance to the get entropy call (eb238134) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/include/internal/rand_int.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -34,7 +34,8 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
		/* DRBG entropy callbacks. */
		size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
		unsigned char **pout,
		int entropy, size_t min_len, size_t max_len);
		int entropy, size_t min_len, size_t max_len,
		int prediction_resistance);
		void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
		unsigned char *out, size_t outlen);
		size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);

crypto/rand/drbg_lib.c

+9 −5

Original line number	Diff line number	Diff line
		@@ -327,7 +327,8 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
		drbg->state = DRBG_ERROR;
		if (drbg->get_entropy != NULL)
		entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
		drbg->min_entropylen, drbg->max_entropylen);
		drbg->min_entropylen,
		drbg->max_entropylen, 0);
		if (entropylen < drbg->min_entropylen
		\|\| entropylen > drbg->max_entropylen) {
		RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
		@@ -411,7 +412,8 @@ int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
		* Returns 1 on success, 0 on failure.
		*/
		int RAND_DRBG_reseed(RAND_DRBG *drbg,
		const unsigned char *adin, size_t adinlen)
		const unsigned char *adin, size_t adinlen,
		int prediction_resistance)
		{
		unsigned char *entropy = NULL;
		size_t entropylen = 0;
		@@ -435,7 +437,9 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
		drbg->state = DRBG_ERROR;
		if (drbg->get_entropy != NULL)
		entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
		drbg->min_entropylen, drbg->max_entropylen);
		drbg->min_entropylen,
		drbg->max_entropylen,
		prediction_resistance);
		if (entropylen < drbg->min_entropylen
		\|\| entropylen > drbg->max_entropylen) {
		RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
		@@ -551,7 +555,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
		drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
		} else if (reseeded == 0) {
		/* do a full reseeding if it has not been done yet above */
		RAND_DRBG_reseed(drbg, NULL, 0);
		RAND_DRBG_reseed(drbg, NULL, 0, 0);
		}
		}

		@@ -627,7 +631,7 @@ int RAND_DRBG_generate(RAND_DRBG drbg, unsigned char out, size_t outlen,
		}

		if (reseed_required \|\| prediction_resistance) {
		if (!RAND_DRBG_reseed(drbg, adin, adinlen)) {
		if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
		RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
		return 0;
		}

crypto/rand/rand_lib.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -172,7 +172,8 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
		*/
		size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
		unsigned char **pout,
		int entropy, size_t min_len, size_t max_len)
		int entropy, size_t min_len, size_t max_len,
		int prediction_resistance)
		{
		size_t ret = 0;
		size_t entropy_available = 0;

include/openssl/rand_drbg.h

+4 −2

Original line number	Diff line number	Diff line
		@@ -61,7 +61,8 @@ void RAND_DRBG_free(RAND_DRBG *drbg);
		* Object "use" functions.
		*/
		int RAND_DRBG_reseed(RAND_DRBG *drbg,
		const unsigned char *adin, size_t adinlen);
		const unsigned char *adin, size_t adinlen,
		int prediction_resistance);
		int RAND_DRBG_generate(RAND_DRBG drbg, unsigned char out, size_t outlen,
		int prediction_resistance,
		const unsigned char *adin, size_t adinlen);
		@@ -95,7 +96,8 @@ void RAND_DRBG_get_ex_data(const RAND_DRBG dctx, int idx);
		typedef size_t (RAND_DRBG_get_entropy_fn)(RAND_DRBG ctx,
		unsigned char **pout,
		int entropy, size_t min_len,
		size_t max_len);
		size_t max_len,
		int prediction_resistance);
		typedef void (RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG ctx,
		unsigned char *out, size_t outlen);
		typedef size_t (RAND_DRBG_get_nonce_fn)(RAND_DRBG ctx, unsigned char **pout,

test/drbgtest.c

+11 −9

Original line number	Diff line number	Diff line
		@@ -118,7 +118,8 @@ typedef struct test_ctx_st {
		} TEST_CTX;

		static size_t kat_entropy(RAND_DRBG drbg, unsigned char *pout,
		int entropy, size_t min_len, size_t max_len)
		int entropy, size_t min_len, size_t max_len,
		int prediction_resistance)
		{
		TEST_CTX t = (TEST_CTX )RAND_DRBG_get_ex_data(drbg, app_data_index);

		@@ -182,7 +183,7 @@ static int single_kat(DRBG_SELFTEST_DATA *td)
		/* Reseed DRBG with test entropy and additional input */
		t.entropy = td->entropyreseed;
		t.entropylen = td->entropyreseedlen;
		if (!TEST_true(RAND_DRBG_reseed(drbg, td->adinreseed, td->adinreseedlen)
		if (!TEST_true(RAND_DRBG_reseed(drbg, td->adinreseed, td->adinreseedlen, 0)
		\|\| !TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len, 0,
		td->adin2, td->adin2len))
		\|\| !TEST_mem_eq(td->kat2, td->kat2len, buff, td->kat2len)))
		@@ -415,12 +416,12 @@ static int error_check(DRBG_SELFTEST_DATA *td)

		/* Test explicit reseed with too large additional input */
		if (!init(drbg, td, &t)
		\|\| RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1) > 0)
		\|\| RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0)
		goto err;

		/* Test explicit reseed with entropy source failure */
		t.entropylen = 0;
		if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen), 0)
		if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
		\|\| !uninstantiate(drbg))
		goto err;

		@@ -428,7 +429,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
		if (!init(drbg, td, &t))
		goto err;
		t.entropylen = drbg->max_entropylen + 1;
		if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen), 0)
		if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
		\|\| !uninstantiate(drbg))
		goto err;

		@@ -436,7 +437,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
		if (!init(drbg, td, &t))
		goto err;
		t.entropylen = drbg->min_entropylen - 1;
		if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen), 0)
		if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
		\|\| !uninstantiate(drbg))
		goto err;

		@@ -504,7 +505,8 @@ static HOOK_CTX get_hook_ctx(RAND_DRBG drbg)

		/* Intercepts and counts calls to the get_entropy() callback */
		static size_t get_entropy_hook(RAND_DRBG drbg, unsigned char *pout,
		int entropy, size_t min_len, size_t max_len)
		int entropy, size_t min_len, size_t max_len,
		int prediction_resistance)
		{
		size_t ret;
		HOOK_CTX *ctx = get_hook_ctx(drbg);
		@@ -512,8 +514,8 @@ static size_t get_entropy_hook(RAND_DRBG drbg, unsigned char *pout,
		if (ctx->fail != 0)
		return 0;

		ret = ctx->get_entropy(
		drbg, pout, entropy, min_len, max_len);
		ret = ctx->get_entropy(drbg, pout, entropy, min_len, max_len,
		prediction_resistance);

		if (ret != 0)
		ctx->reseed_count++;