From: Dr. Stephen Henson Date: Wed, 6 Apr 2011 23:40:22 +0000 (+0000) Subject: Update OpenSSL DRBG support code. Use date time vector as additional data. X-Git-Tag: OpenSSL-fips-2_0-rc1~588 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=6653c6f2e86a8e180bca4c5cd1ea9fd81aab3db1;p=oweals%2Fopenssl.git Update OpenSSL DRBG support code. Use date time vector as additional data. Set FIPS RAND_METHOD at same time as OpenSSL RAND_METHOD. --- diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index ef10dd507e..c653d38c8a 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -65,6 +65,11 @@ #include #endif +#ifdef OPENSSL_FIPS +#include +#include +#endif + #ifndef OPENSSL_NO_ENGINE /* non-NULL if default_RAND_meth is ENGINE-provided */ static ENGINE *funct_ref =NULL; @@ -73,6 +78,10 @@ static const RAND_METHOD *default_RAND_meth = NULL; int RAND_set_rand_method(const RAND_METHOD *meth) { +#ifdef OPENSSL_FIPS + if (!FIPS_rand_set_method(meth)) + return 0; +#endif #ifndef OPENSSL_NO_ENGINE if(funct_ref) { @@ -178,9 +187,6 @@ int RAND_status(void) #ifdef OPENSSL_FIPS -#include -#include - /* FIPS DRBG initialisation code. This sets up the DRBG for use by the * rest of OpenSSL. */ @@ -210,6 +216,20 @@ static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) OPENSSL_free(out); } +/* Set "additional input" when generating random data. This uses the + * current PID, a time value and a counter. + */ + +static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) + { + /* Use of static variables is OK as this happens under a lock */ + static unsigned char buf[16]; + static unsigned long counter; + FIPS_get_timevec(buf, &counter); + *pout = buf; + return sizeof(buf); + } + /* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is * correctly seeded by RAND_poll(). */ @@ -228,14 +248,20 @@ static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) int RAND_init_fips(void) { DRBG_CTX *dctx; - unsigned char pers[16] = {0,0,0}; + size_t plen; + unsigned char pers[32], *p; dctx = FIPS_get_default_drbg(); FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); FIPS_drbg_set_callbacks(dctx, drbg_get_entropy, drbg_free_entropy, drbg_get_entropy, drbg_free_entropy); - FIPS_drbg_set_rand_callbacks(dctx, 0, 0, + FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, drbg_rand_seed, drbg_rand_add); + /* Personalisation string: a string followed by date time vector */ + strcpy((char *)pers, "OpenSSL DRBG2.0"); + plen = drbg_get_adin(dctx, &p); + memcpy(pers + 16, p, plen); + FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); FIPS_rand_set_method(FIPS_drbg_method()); return 1; diff --git a/fips/fips.h b/fips/fips.h index 53bc12fe9a..29fd814350 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -127,6 +127,8 @@ void FIPS_set_malloc_callbacks( void *(*malloc_cb)(int num, const char *file, int line), void (*free_cb)(void *)); +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr); + #define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ alg " previous FIPS forbidden algorithm error ignored"); diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c index a8ebdb85c0..2cbe16bfd5 100644 --- a/fips/rand/fips_rand.c +++ b/fips/rand/fips_rand.c @@ -221,14 +221,13 @@ int FIPS_x931_set_dt(unsigned char *dt) return 1; } -static void fips_get_dt(FIPS_PRNG_CTX *ctx) - { +void FIPS_get_timevec(unsigned char *buf, unsigned long *pctr) + { #ifdef OPENSSL_SYS_WIN32 FILETIME ft; #else struct timeval tv; #endif - unsigned char *buf = ctx->DT; #ifndef GETPID_IS_MEANINGLESS unsigned long pid; @@ -255,12 +254,12 @@ static void fips_get_dt(FIPS_PRNG_CTX *ctx) buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff); buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff); #endif - buf[8] = (unsigned char) (ctx->counter & 0xff); - buf[9] = (unsigned char) ((ctx->counter >> 8) & 0xff); - buf[10] = (unsigned char) ((ctx->counter >> 16) & 0xff); - buf[11] = (unsigned char) ((ctx->counter >> 24) & 0xff); + buf[8] = (unsigned char) (*pctr & 0xff); + buf[9] = (unsigned char) ((*pctr >> 8) & 0xff); + buf[10] = (unsigned char) ((*pctr >> 16) & 0xff); + buf[11] = (unsigned char) ((*pctr >> 24) & 0xff); - ctx->counter++; + (*pctr)++; #ifndef GETPID_IS_MEANINGLESS @@ -296,7 +295,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx, for (;;) { if (!ctx->test_mode) - fips_get_dt(ctx); + FIPS_get_timevec(ctx->DT, &ctx->counter); AES_encrypt(ctx->DT, I, &ctx->ks); for (i = 0; i < AES_BLOCK_LENGTH; i++) tmp[i] = I[i] ^ ctx->V[i];