mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-05 14:10:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

ctr-drbg: always use the DF for OpenSSL's DRBGs

Browse Source 
Force the use of the derivation function when creating OpenSSL's internal
DRBGs.

FIPS mandates the use of a derivation function, so 3.4 cannot be validated as
it stands which run counter to the indicator work that was included.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25511)

(cherry picked from commit 0ab796ef96)
This commit is contained in:
Pauli 2024-09-23 14:45:41 +10:00 committed by Tomas Mraz
parent 9d71a6622b
commit 260ecea0d4
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/rand/rand_lib.c
View File

@ -642,7 +642,7 @@ EVP_RAND_CTX *ossl_rand_get0_seed_noncreating(OSSL_LIB_CTX *ctx)
static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent,
unsigned int reseed_interval,
time_t reseed_time_interval, int use_df)
time_t reseed_time_interval)
{
EVP_RAND *rand;
RAND_GLOBAL *dgbl = rand_get_global(libctx);
@ -650,6 +650,7 @@ static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent,
OSSL_PARAM params[8], *p = params;
const OSSL_PARAM *settables;
char *name, *cipher;
int use_df = 1;
if (dgbl == NULL)
return NULL;
@ -763,7 +764,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx)
ERR_pop_to_mark();
}
ret = rand_new_drbg(ctx, dgbl->seed, PRIMARY_RESEED_INTERVAL,
PRIMARY_RESEED_TIME_INTERVAL, 1);
PRIMARY_RESEED_TIME_INTERVAL);
#endif
/*
@ -808,7 +809,7 @@ EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx)
&& !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state))
return NULL;
rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL,
SECONDARY_RESEED_TIME_INTERVAL, 0);
SECONDARY_RESEED_TIME_INTERVAL);
CRYPTO_THREAD_set_local(&dgbl->public, rand);
}
return rand;
@ -841,7 +842,7 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx)
&& !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state))
return NULL;
rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL,
SECONDARY_RESEED_TIME_INTERVAL, 0);
SECONDARY_RESEED_TIME_INTERVAL);
CRYPTO_THREAD_set_local(&dgbl->private, rand);
}
return rand;