rand: add a strength argument to the BN and RAND RNG calls

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15513)
2025-01-12 13:36:28 +08:00 · 2021-05-28 14:45:06 +10:00 · 2021-05-28 14:45:06 +10:00 · 508258caa0
commit 508258caa0
parent e587bccdf9
4 changed files with 55 additions and 35 deletions
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@ -21,7 +21,7 @@ typedef enum bnrand_flag_e {
 } BNRAND_FLAG;

 static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
-                  BN_CTX *ctx)
+                  unsigned int strength, BN_CTX *ctx)
 {
    unsigned char *buf = NULL;
    int b, ret = 0, bit, bytes, mask;
@ -47,8 +47,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
    }

    /* make a random number and set the top and bottom bits */
-    b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes)
-                       : RAND_priv_bytes_ex(libctx, buf, bytes);
+    b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes, strength)
+                       : RAND_priv_bytes_ex(libctx, buf, bytes, strength);
    if (b <= 0)
        goto err;

@ -60,7 +60,7 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom,
        unsigned char c;

        for (i = 0; i < bytes; i++) {
-            if (RAND_bytes_ex(libctx, &c, 1) <= 0)
+            if (RAND_bytes_ex(libctx, &c, 1, strength) <= 0)
                goto err;
            if (c >= 128 && i > 0)
                buf[i] = buf[i - 1];
@ -99,37 +99,39 @@ toosmall:
    return 0;
 }

-int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+               unsigned int strength, BN_CTX *ctx)
 {
-    return bnrand(NORMAL, rnd, bits, top, bottom, ctx);
+    return bnrand(NORMAL, rnd, bits, top, bottom, strength, ctx);
 }
 #ifndef FIPS_MODULE
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(NORMAL, rnd, bits, top, bottom, NULL);
+    return bnrand(NORMAL, rnd, bits, top, bottom, 0, NULL);
 }

 int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(TESTING, rnd, bits, top, bottom, NULL);
+    return bnrand(TESTING, rnd, bits, top, bottom, 0, NULL);
 }
 #endif

-int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx)
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                    unsigned int strength, BN_CTX *ctx)
 {
-    return bnrand(PRIVATE, rnd, bits, top, bottom, ctx);
+    return bnrand(PRIVATE, rnd, bits, top, bottom, strength, ctx);
 }

 #ifndef FIPS_MODULE
 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
 {
-    return bnrand(PRIVATE, rnd, bits, top, bottom, NULL);
+    return bnrand(PRIVATE, rnd, bits, top, bottom, 0, NULL);
 }
 #endif

 /* random number r:  0 <= r < range */
 static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
-                        BN_CTX *ctx)
+                        unsigned int strength, BN_CTX *ctx)
 {
    int n;
    int count = 100;
@ -152,7 +154,7 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
         */
        do {
            if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY,
-                        ctx))
+                        strength, ctx))
                return 0;

            /*
@ -179,7 +181,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
    } else {
        do {
            /* range = 11..._2  or  range = 101..._2 */
-            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx))
+            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0,
+                        ctx))
                return 0;

            if (!--count) {
@ -194,27 +197,29 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range,
    return 1;
 }

-int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                     BN_CTX *ctx)
 {
-    return bnrand_range(NORMAL, r, range, ctx);
+    return bnrand_range(NORMAL, r, range, strength, ctx);
 }

 #ifndef FIPS_MODULE
 int BN_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bnrand_range(NORMAL, r, range, NULL);
+    return bnrand_range(NORMAL, r, range, 0, NULL);
 }
 #endif

-int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx)
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                          BN_CTX *ctx)
 {
-    return bnrand_range(PRIVATE, r, range, ctx);
+    return bnrand_range(PRIVATE, r, range, strength, ctx);
 }

 #ifndef FIPS_MODULE
 int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
 {
-    return bnrand_range(PRIVATE, r, range, NULL);
+    return bnrand_range(PRIVATE, r, range, 0, NULL);
 }

 # ifndef OPENSSL_NO_DEPRECATED_3_0
@ -282,7 +287,7 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
        goto err;
    }
    for (done = 0; done < num_k_bytes;) {
-        if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes)))
+        if (!RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0))
            goto err;

        if (!EVP_DigestInit_ex(mdctx, md, NULL)
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@ -315,7 +315,8 @@ const RAND_METHOD *RAND_get_rand_method(void)
 * the default method, then just call RAND_bytes().  Otherwise make
 * sure we're instantiated and use the private DRBG.
 */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                       unsigned int strength)
 {
    EVP_RAND_CTX *rand;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@ -331,17 +332,18 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)

    rand = RAND_get0_private(ctx);
    if (rand != NULL)
-        return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+        return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);

    return 0;
 }

 int RAND_priv_bytes(unsigned char *buf, int num)
 {
-    return RAND_priv_bytes_ex(NULL, buf, num);
+    return RAND_priv_bytes_ex(NULL, buf, num, 0);
 }

-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                  unsigned int strength)
 {
    EVP_RAND_CTX *rand;
 #ifndef OPENSSL_NO_DEPRECATED_3_0
@ -357,14 +359,14 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)

    rand = RAND_get0_public(ctx);
    if (rand != NULL)
-        return EVP_RAND_generate(rand, buf, num, 0, 0, NULL, 0);
+        return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0);

    return 0;
 }

 int RAND_bytes(unsigned char *buf, int num)
 {
-    return RAND_bytes_ex(NULL, buf, num);
+    return RAND_bytes_ex(NULL, buf, num, 0);
 }

 typedef struct rand_global_st {
--- a/include/openssl/bn.h
+++ b/include/openssl/bn.h
@ -214,13 +214,17 @@ void BN_CTX_free(BN_CTX *c);
 void BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);
 void BN_CTX_end(BN_CTX *ctx);
-int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+               unsigned int strength, BN_CTX *ctx);
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx);
+int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom,
+                    unsigned int strength, BN_CTX *ctx);
 int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
-int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
+int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength,
+                     BN_CTX *ctx);
 int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx);
+int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range,
+                          unsigned int strength, BN_CTX *ctx);
 int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 OSSL_DEPRECATEDIN_3_0
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@ -61,11 +61,20 @@ OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void);
 int RAND_bytes(unsigned char *buf, int num);
 int RAND_priv_bytes(unsigned char *buf, int num);

-/* Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX */
-int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
+/*
+ * Equivalent of RAND_priv_bytes() but additionally taking an OSSL_LIB_CTX and
+ * a strength.
+ */
+int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                       unsigned int strength);
+
+/*
+ * Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX and
+ * a strength.
+ */
+int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num,
+                  unsigned int strength);

-/* Equivalent of RAND_bytes() but additionally taking an OSSL_LIB_CTX */
-int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num);
 # ifndef OPENSSL_NO_DEPRECATED_1_1_0
 OSSL_DEPRECATEDIN_1_1_0 int RAND_pseudo_bytes(unsigned char *buf, int num);
 # endif