From ee1d4f3db4e8963c6472420d0256c2bfd6525137 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 28 Jun 2019 11:24:51 +0100 Subject: [PATCH] Make BIGNUM rand functions available within the FIPS module The BIGNUM rand functions were previously disabled for the FIPS module. We can now re-enable them. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9193) --- crypto/bn/bn_ctx.c | 2 ++ crypto/bn/bn_rand.c | 84 ++++++++++++++++++++------------------------ doc/man3/BN_rand.pod | 37 ++++++++++++++----- include/openssl/bn.h | 4 +++ util/libcrypto.num | 4 +++ 5 files changed, 78 insertions(+), 53 deletions(-) diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 476211411a..cc3c3034a4 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -247,6 +247,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx) OPENSSL_CTX *bn_get_lib_ctx(BN_CTX *ctx) { + if (ctx == NULL) + return NULL; return ctx->libctx; } diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 6967627732..a71e7d49d1 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -10,9 +10,9 @@ #include #include #include "internal/cryptlib.h" +#include "internal/rand_int.h" #include "bn_lcl.h" #include -#include #include #include @@ -20,10 +20,12 @@ typedef enum bnrand_flag_e { NORMAL, TESTING, PRIVATE } BNRAND_FLAG; -static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) +static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom, + BN_CTX *ctx) { unsigned char *buf = NULL; int b, ret = 0, bit, bytes, mask; + OPENSSL_CTX *libctx = bn_get_lib_ctx(ctx); if (bits == 0) { if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) @@ -45,16 +47,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) } /* make a random number and set the top and bottom bits */ - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#if defined(FIPS_MODE) - BNerr(BN_F_BNRAND, ERR_R_INTERNAL_ERROR); - goto err; -#else - b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes); -#endif + b = flag == NORMAL ? rand_bytes_ex(libctx, buf, bytes) + : rand_priv_bytes_ex(libctx, buf, bytes); if (b <= 0) goto err; @@ -66,14 +60,8 @@ static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#if !defined(FIPS_MODE) - if (RAND_bytes(&c, 1) <= 0) + if (rand_bytes_ex(libctx, &c, 1) <= 0) goto err; -#endif if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) @@ -111,23 +99,33 @@ toosmall: return 0; } +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) +{ + return bnrand(NORMAL, rnd, bits, top, bottom, ctx); +} int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(NORMAL, rnd, bits, top, bottom); + return bnrand(NORMAL, rnd, bits, top, bottom, NULL); } int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(TESTING, rnd, bits, top, bottom); + return bnrand(TESTING, rnd, bits, top, bottom, NULL); +} + +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx) +{ + return bnrand(PRIVATE, rnd, bits, top, bottom, ctx); } int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) { - return bnrand(PRIVATE, rnd, bits, top, bottom); + return bnrand(PRIVATE, rnd, bits, top, bottom, NULL); } /* random number r: 0 <= r < range */ -static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) +static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, + BN_CTX *ctx) { int n; int count = 100; @@ -149,7 +147,8 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) * than range */ do { - if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, + ctx)) return 0; /* @@ -176,7 +175,7 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) } else { do { /* range = 11..._2 or range = 101..._2 */ - if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) + if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, ctx)) return 0; if (!--count) { @@ -191,14 +190,24 @@ static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range) return 1; } +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) +{ + return bnrand_range(NORMAL, r, range, ctx); +} + int BN_rand_range(BIGNUM *r, const BIGNUM *range) { - return bnrand_range(NORMAL, r, range); + return bnrand_range(NORMAL, r, range, NULL); +} + +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx) +{ + return bnrand_range(PRIVATE, r, range, ctx); } int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) { - return bnrand_range(PRIVATE, r, range); + return bnrand_range(PRIVATE, r, range, NULL); } int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) @@ -237,18 +246,9 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, unsigned char *k_bytes = NULL; int ret = 0; EVP_MD *md = NULL; - OPENSSL_CTX *libctx = (ctx != NULL) ? bn_get_lib_ctx(ctx) : NULL; - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#ifdef FIPS_MODE - RAND_DRBG *privdrbg = NULL; -#else - RAND_DRBG *privdrbg = OPENSSL_CTX_get0_private_drbg(libctx); -#endif + OPENSSL_CTX *libctx = bn_get_lib_ctx(ctx); - if (mdctx == NULL || privdrbg == NULL) + if (mdctx == NULL) goto err; k_bytes = OPENSSL_malloc(num_k_bytes); @@ -275,14 +275,8 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, goto err; } for (done = 0; done < num_k_bytes;) { - /* - * TODO(3.0): Temporarily disable RAND code in the FIPS module until we - * have made it available there. - */ -#if !defined(FIPS_MODE) - if (!RAND_DRBG_bytes(privdrbg, random_bytes, sizeof(random_bytes))) + if (!rand_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes))) goto err; -#endif if (!EVP_DigestInit_ex(mdctx, md, NULL) || !EVP_DigestUpdate(mdctx, &done, sizeof(done)) diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index 93e8c3f9d4..fc41322f8e 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -2,30 +2,37 @@ =head1 NAME -BN_rand, BN_priv_rand, BN_pseudo_rand, -BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range +BN_rand_ex, BN_rand, BN_priv_rand_ex, BN_priv_rand, BN_pseudo_rand, +BN_rand_range_ex, BN_rand_range, BN_priv_rand_range_ex, BN_priv_rand_range, +BN_pseudo_rand_range - generate pseudo-random number =head1 SYNOPSIS #include + int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); int BN_rand_range(BIGNUM *rnd, BIGNUM *range); + int BN_priv_rand_range_ex(BIGNUM *rnd, BIGNUM *range, BN_CTX *ctx); int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); =head1 DESCRIPTION -BN_rand() generates a cryptographically strong pseudo-random number of -B in length and stores it in B. +BN_rand_ex() generate a cryptographically strong pseudo-random +number of B in length and stores it in B using the random number +generator for the library context associated with B. The parameter B +may be NULL in which case the default library context is used. If B is less than zero, or too small to accommodate the requirements specified by the B and B parameters, an error is returned. @@ -40,11 +47,20 @@ If B is B, the number will be odd; if it is B it can be odd or even. If B is 1 then B cannot also be B. -BN_rand_range() generates a cryptographically strong pseudo-random -number B in the range 0 E= B E B. +BN_rand() is the same as BN_rand_ex() except that the default library context +is always used. -BN_priv_rand() and BN_priv_rand_range() have the same semantics as -BN_rand() and BN_rand_range() respectively. They are intended to be +BN_rand_range_ex() generates a cryptographically strong pseudo-random +number B in the range 0 E= B E B using the random number +generator for the library context associated with B. The parameter B +may be NULL in which case the default library context is used. + +BN_rand_range() is the same as BN_rand_range_ex() except that the default +library context is always used. + +BN_priv_rand_ex(), BN_priv_rand(), BN_priv_rand_rand_ex() and +BN_priv_rand_range() have the same semantics as BN_rand_ex(), BN_rand(), +BN_rand_range_ex() and BN_rand_range() respectively. They are intended to be used for generating values that should remain private, and mirror the same difference between L and L. @@ -85,6 +101,11 @@ a future release. The BN_priv_rand() and BN_priv_rand_range() functions were added in OpenSSL 1.1.1. +=item * + +The BN_rand_ex(), BN_priv_rand_ex(), BN_rand_range_ex() and +BN_priv_rand_range_ex() functions were added in OpenSSL 3.0. + =back =head1 COPYRIGHT diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 377016062d..5c645d58d5 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -206,9 +206,13 @@ void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); +int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, BN_CTX *ctx); int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, BN_CTX *ctx); int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); diff --git a/util/libcrypto.num b/util/libcrypto.num index d0031240dc..49d2f22588 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4674,3 +4674,7 @@ OPENSSL_thread_stop_ex 4779 3_0_0 EXIST::FUNCTION: OSSL_PARAM_locate_const 4780 3_0_0 EXIST::FUNCTION: X509_REQ_set0_sm2_id 4781 3_0_0 EXIST::FUNCTION:SM2 X509_REQ_get0_sm2_id 4782 3_0_0 EXIST::FUNCTION:SM2 +BN_rand_ex 4783 3_0_0 EXIST::FUNCTION: +BN_priv_rand_ex 4784 3_0_0 EXIST::FUNCTION: +BN_rand_range_ex 4785 3_0_0 EXIST::FUNCTION: +BN_priv_rand_range_ex 4786 3_0_0 EXIST::FUNCTION: -- 2.25.1