RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed
RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
+RAND_F_RAND_DRBG_SET_DEFAULTS:121:RAND_DRBG_set_defaults
RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
RAND_F_RAND_LOAD_FILE:111:RAND_load_file
RAND_F_RAND_POOL_ADD:103:rand_pool_add
RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg
RAND_R_RESEED_ERROR:118:reseed error
RAND_R_SELFTEST_FAILURE:119:selftest failure
+RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags
RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type
RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch
RSA_R_BAD_E_VALUE:101:bad e value
RAND_DRBG_CTR *ctr = &drbg->data.ctr;
size_t keylen;
- switch (drbg->nid) {
+ switch (drbg->type) {
default:
/* This can't happen, but silence the compiler warning. */
return 0;
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+
+
+static int rand_drbg_type = RAND_DRBG_TYPE;
+static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS;
+
static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL;
RAND_DRBG *parent);
/*
- * Set/initialize |drbg| to be of type |nid|, with optional |flags|.
+ * Set/initialize |drbg| to be of type |type|, with optional |flags|.
+ *
+ * If |type| and |flags| are zero, use the defaults
*
* Returns 1 on success, 0 on failure.
*/
-int RAND_DRBG_set(RAND_DRBG *drbg, int nid, unsigned int flags)
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
{
int ret = 1;
+ if (type == 0 && flags == 0) {
+ type = rand_drbg_type;
+ flags = rand_drbg_flags;
+ }
+
drbg->state = DRBG_UNINITIALISED;
drbg->flags = flags;
- drbg->nid = nid;
+ drbg->type = type;
- switch (nid) {
+ switch (type) {
default:
RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
return 0;
return ret;
}
+/*
+ * Set/initialize default |type| and |flag| for new drbg instances.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_defaults(int type, unsigned int flags)
+{
+ int ret = 1;
+
+ switch (type) {
+ default:
+ RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE);
+ return 0;
+ case NID_aes_128_ctr:
+ case NID_aes_192_ctr:
+ case NID_aes_256_ctr:
+ break;
+ }
+
+ if ((flags & ~RAND_DRBG_USED_FLAGS) != 0) {
+ RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
+ return 0;
+ }
+
+ rand_drbg_type = type;
+ rand_drbg_flags = flags;
+
+ return ret;
+}
+
+
/*
* Allocate memory and initialize a new DRBG. The DRBG is allocated on
* the secure heap if |secure| is nonzero and the secure heap is enabled.
* initial values.
*/
drbg->meth->uninstantiate(drbg);
- return RAND_DRBG_set(drbg, drbg->nid, drbg->flags);
+ return RAND_DRBG_set(drbg, drbg->type, drbg->flags);
}
/*
{
RAND_DRBG *drbg;
- drbg = RAND_DRBG_secure_new(RAND_DRBG_NID, 0, parent);
+ drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent);
if (drbg == NULL)
return NULL;
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0),
+ "RAND_DRBG_set_defaults"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
"RAND_DRBG_uninstantiate"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
"request too large for drbg"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"},
+ {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
+ "unsupported drbg flags"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE),
"unsupported drbg type"},
{0, NULL}
CRYPTO_RWLOCK *lock;
RAND_DRBG *parent;
int secure; /* 1: allocated on the secure heap, 0: otherwise */
- int nid; /* the underlying algorithm */
+ int type; /* the nid of the underlying algorithm */
int fork_count;
unsigned short flags; /* various external flags */
/* In CTR mode, disable derivation function ctr_df */
# define RAND_DRBG_FLAG_CTR_NO_DF 0x1
+/* A logical OR of all used flag bits (currently there is only one) */
+# define RAND_DRBG_USED_FLAGS ( \
+ RAND_DRBG_FLAG_CTR_NO_DF \
+ )
+
/*
* Default security strength (in the sense of [NIST SP 800-90Ar1])
*
*
* Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
* NID_aes_256_ctr
- *
- * TODO(DRBG): would be nice to have the NID and strength configurable
*/
# define RAND_DRBG_STRENGTH 256
-# define RAND_DRBG_NID NID_aes_256_ctr
+# define RAND_DRBG_TYPE NID_aes_256_ctr
+# define RAND_DRBG_FLAGS 0
# ifdef __cplusplus
RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
+int RAND_DRBG_set_defaults(int type, unsigned int flags);
int RAND_DRBG_instantiate(RAND_DRBG *drbg,
const unsigned char *pers, size_t perslen);
int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
# define RAND_F_RAND_DRBG_RESEED 110
# define RAND_F_RAND_DRBG_RESTART 102
# define RAND_F_RAND_DRBG_SET 104
+# define RAND_F_RAND_DRBG_SET_DEFAULTS 121
# define RAND_F_RAND_DRBG_UNINSTANTIATE 118
# define RAND_F_RAND_LOAD_FILE 111
# define RAND_F_RAND_POOL_ADD 103
# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG 117
# define RAND_R_RESEED_ERROR 118
# define RAND_R_SELFTEST_FAILURE 119
+# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132
# define RAND_R_UNSUPPORTED_DRBG_TYPE 120
#endif
*/
if (RAND_get_rand_method() == RAND_OpenSSL()) {
s->drbg =
- RAND_DRBG_new(RAND_DRBG_NID, 0, RAND_DRBG_get0_public());
+ RAND_DRBG_new(0, 0, RAND_DRBG_get0_public());
if (s->drbg == NULL
|| RAND_DRBG_instantiate(s->drbg,
(const unsigned char *) SSL_version_str,
EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION:
EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION:
+RAND_DRBG_set_defaults 4458 1_1_1 EXIST::FUNCTION:
projects / oweals / openssl.git / commitdiff