Commit 36f120cd authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Improved error checking for DRBG calls.

New functionality to allow default DRBG type to be set during compilation or during runtime.
parent 0ae7c43f
Loading
Loading
Loading
Loading
+4 −0
Original line number Diff line number Diff line
@@ -120,6 +120,7 @@ int RAND_event(UINT, WPARAM, LPARAM);
#endif

#ifdef OPENSSL_FIPS
void RAND_set_fips_drbg_type(int type, int flags);
int RAND_init_fips(void);
#endif

@@ -133,9 +134,12 @@ void ERR_load_RAND_strings(void);

/* Function codes. */
#define RAND_F_RAND_GET_RAND_METHOD			 101
#define RAND_F_RAND_INIT_FIPS				 102
#define RAND_F_SSLEAY_RAND_BYTES			 100

/* Reason codes. */
#define RAND_R_ERROR_INITIALISING_DRBG			 102
#define RAND_R_ERROR_INSTANTIATING_DRBG			 103
#define RAND_R_NO_FIPS_RANDOM_METHOD_SET		 101
#define RAND_R_PRNG_NOT_SEEDED				 100

+3 −0
Original line number Diff line number Diff line
@@ -71,12 +71,15 @@
static ERR_STRING_DATA RAND_str_functs[]=
	{
{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},
{ERR_FUNC(RAND_F_RAND_INIT_FIPS),	"RAND_init_fips"},
{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
{0,NULL}
	};

static ERR_STRING_DATA RAND_str_reasons[]=
	{
{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
{ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
{0,NULL}
+27 −2
Original line number Diff line number Diff line
@@ -245,13 +245,34 @@ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
	return 1;
	}

#ifndef OPENSSL_DRBG_DEFAULT_TYPE
#define OPENSSL_DRBG_DEFAULT_TYPE	NID_aes_256_ctr
#endif
#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
#define OPENSSL_DRBG_DEFAULT_FLAGS	DRBG_FLAG_CTR_USE_DF
#endif 

static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;

void RAND_set_fips_drbg_type(int type, int flags)
	{
	fips_drbg_type = type;
	fips_drbg_flags = flags;
	}

int RAND_init_fips(void)
	{
	DRBG_CTX *dctx;
	size_t plen;
	unsigned char pers[32], *p;
	dctx = FIPS_get_default_drbg();
        FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
        if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
		{
		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
		return 0;
		}
		
        FIPS_drbg_set_callbacks(dctx,
				drbg_get_entropy, drbg_free_entropy, 20,
				drbg_get_entropy, drbg_free_entropy);
@@ -262,7 +283,11 @@ int RAND_init_fips(void)
	plen = drbg_get_adin(dctx, &p);
	memcpy(pers + 16, p, plen);

        FIPS_drbg_instantiate(dctx, pers, sizeof(pers));
        if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
		{
		RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
		return 0;
		}
        FIPS_rand_set_method(FIPS_drbg_method());
	return 1;
	}