From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 8 Nov 2019 12:16:12 +0000 (+0100)
Subject: drbg: The drbg instance owns the entropy rng
X-Git-Tag: 5.8.2rc1~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11e9d2b8d12388db0e59386b4a2e9f665300aa03;p=thirdparty%2Fstrongswan.git

drbg: The drbg instance owns the entropy rng
---

diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index 87e2cd2b6d..3901cce805 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -159,7 +159,7 @@ struct crypto_factory_t {
 	 *
 	 * @param type					DRBG type to use
 	 * @param strength				security strength in bits
-	 * @param entropy				entropy source to be used
+	 * @param entropy				entropy source to be used (adopted)
 	 * @param personalization_str	optional personalization string
 	 * @return						drbg_t instance, NULL if not supported
 	 */
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index a04543ebca..04ed2288c0 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -1279,7 +1279,6 @@ METHOD(crypto_tester_t, test_drbg, bool,
 
 failure:
 		drbg->destroy(drbg);
-		entropy->destroy(entropy);
 		chunk_free(&out);
 		if (failed)
 		{
diff --git a/src/libstrongswan/plugins/drbg/drbg_ctr.c b/src/libstrongswan/plugins/drbg/drbg_ctr.c
index 39801b6db6..a85116621e 100644
--- a/src/libstrongswan/plugins/drbg/drbg_ctr.c
+++ b/src/libstrongswan/plugins/drbg/drbg_ctr.c
@@ -236,6 +236,7 @@ METHOD(drbg_t, destroy, void,
 {
 	if (ref_put(&this->ref))
 	{
+		DESTROY_IF(this->entropy);
 		this->crypter->destroy(this->crypter);
 		chunk_clear(&this->key);
 		chunk_clear(&this->value);
@@ -318,7 +319,6 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 		},
 		.type = type,
 		.strength = strength,
-		.entropy = entropy,
 		.crypter = crypter,
 		.key = chunk_alloc(key_len),
 		.value = chunk_alloc(out_len),
@@ -333,7 +333,7 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 	seed = chunk_alloc(seed_len);
 	DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed_len);
 
-	if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr))
+	if (!entropy->get_bytes(entropy, seed.len, seed.ptr))
 	{
 		chunk_free(&seed);
 		destroy(this);
@@ -351,5 +351,8 @@ drbg_ctr_t *drbg_ctr_create(drbg_type_t type, uint32_t strength,
 		return NULL;
 	}
 
+	/* ownership of entropy source is transferred to DRBG */
+	this->entropy = entropy;
+
 	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/drbg/drbg_hmac.c b/src/libstrongswan/plugins/drbg/drbg_hmac.c
index 2006e10965..353cdcf476 100644
--- a/src/libstrongswan/plugins/drbg/drbg_hmac.c
+++ b/src/libstrongswan/plugins/drbg/drbg_hmac.c
@@ -206,6 +206,7 @@ METHOD(drbg_t, destroy, void,
 {
 	if (ref_put(&this->ref))
 	{
+		DESTROY_IF(this->entropy);
 		this->prf->destroy(this->prf);
 		chunk_clear(&this->key);
 		chunk_clear(&this->value);
@@ -280,7 +281,6 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
 		},
 		.type = type,
 		.strength = strength,
-		.entropy = entropy,
 		.prf = prf,
 		.key = chunk_alloc(out_len),
 		.value = chunk_alloc(out_len),
@@ -296,7 +296,7 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
 	seed = chunk_alloc(entropy_len + personalization_str.len);
 	DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len);
 
-	if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr))
+	if (!entropy->get_bytes(entropy, entropy_len, seed.ptr))
 	{
 		chunk_free(&seed);
 		destroy(this);
@@ -315,5 +315,8 @@ drbg_hmac_t *drbg_hmac_create(drbg_type_t type, uint32_t strength,
 		return NULL;
 	}
 
+	/* ownership of entropy source is transferred to DRBG */
+	this->entropy = entropy;
+
 	return &this->public;
 }
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 852e2359a5..3c5c31be5a 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -817,7 +817,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 	}
 	key_size = key_size / BITS_PER_BYTE;
 
-	/* Initiate a NIST SP 800-90A DRBG fed by a true random generator */
+	/* Initiate a NIST SP 800-90A DRBG fed by a true rng owned by the drbg */
 	rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
 	if (!rng)
 	{
@@ -837,7 +837,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 	if (compute_prime(drbg, key_size/2, safe_prime, &p, &p1) != SUCCESS)
 	{
 		drbg->destroy(drbg);
-		rng->destroy(rng);
 		return NULL;
 	}
 	if (compute_prime(drbg, key_size/2, safe_prime, &q, &q1) != SUCCESS)
@@ -845,7 +844,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 		mpz_clear(p);
 		mpz_clear(p1);
 		drbg->destroy(drbg);
-		rng->destroy(rng);
 		return NULL;
 	}
 
@@ -930,7 +928,6 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args)
 	mpz_clear_sensitive(p1);
 	mpz_clear_sensitive(q1);
 	drbg->destroy(drbg);
-	rng->destroy(rng);
 
 	if (drbg_failed || invert_failed)
 	{
diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
index 7fb443983a..60a2b5adb5 100644
--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
+++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
@@ -231,7 +231,6 @@ METHOD(diffie_hellman_t, destroy, void,
 	DESTROY_IF(this->privkey);
 	DESTROY_IF(this->pubkey);
 	this->drbg->destroy(this->drbg);
-	this->entropy->destroy(this->entropy);
 	chunk_free(&this->ciphertext);
 	chunk_clear(&this->shared_secret);
 	free(this);
@@ -294,6 +293,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p)
 	DBG1(DBG_LIB, "%u bit %s NTRU parameter set %N selected", strength,
 				   parameter_set, ntru_param_set_id_names, param_set_id);
 
+	/* entropy will be owned by drbg */
 	entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
 	if (!entropy)
 	{
diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c
index 1867639c4f..2144d1dd3f 100644
--- a/src/libstrongswan/tests/suites/test_ntru.c
+++ b/src/libstrongswan/tests/suites/test_ntru.c
@@ -715,6 +715,8 @@ START_TEST(test_ntru_privkey)
 	params = TEST_FUNCTION(ntru, ntru_param_set_get_by_id,
 						   privkey_tests[_i].id);
 	strength = params->sec_strength_len * BITS_PER_BYTE;
+
+	/* entropy rng will be owned by drbg */
 	entropy = rng_tester_create(privkey_tests[_i].entropy);
 	drbg = lib->crypto->create_drbg(lib->crypto, DRBG_HMAC_SHA256, strength,
 									entropy, chunk_from_str("IKE NTRU-KE"));
@@ -802,7 +804,6 @@ START_TEST(test_ntru_privkey)
 	privkey->destroy(privkey);
 	pubkey->destroy(pubkey);
 	drbg->destroy(drbg);
-	entropy->destroy(entropy);
 }
 END_TEST