From: Pauli Date: Mon, 26 Jul 2021 06:11:34 +0000 (+1000) Subject: rand: avoid using the derivation function for the public and private DRBGs X-Git-Tag: openssl-3.2.0-alpha1~3614 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=505d44c623c2a883cf015f26a499842cea0161f0;p=thirdparty%2Fopenssl.git rand: avoid using the derivation function for the public and private DRBGs There is no point using it becuase they are getting full quality entropy from the primary DRBG (which remains using the d.f.). Also cleaned up the parameter passing to the DRBGs to not pass parameters that are unknown. Fixes #16117 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/16156) --- diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 8f76c8a5f02..30b6cb817f4 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -552,12 +552,13 @@ static EVP_RAND_CTX *rand_new_seed(OSSL_LIB_CTX *libctx) static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent, unsigned int reseed_interval, - time_t reseed_time_interval) + time_t reseed_time_interval, int use_df) { EVP_RAND *rand; RAND_GLOBAL *dgbl = rand_get_global(libctx); EVP_RAND_CTX *ctx; - OSSL_PARAM params[7], *p = params; + OSSL_PARAM params[8], *p = params; + const OSSL_PARAM *settables; char *name, *cipher; name = dgbl->rng_name != NULL ? dgbl->rng_name : "CTR-DRBG"; @@ -573,20 +574,23 @@ static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent, return NULL; } - /* - * Rather than trying to decode the DRBG settings, just pass them through - * and rely on the other end to ignore those it doesn't care about. - */ - cipher = dgbl->rng_cipher != NULL ? dgbl->rng_cipher : "AES-256-CTR"; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, - cipher, 0); - if (dgbl->rng_digest != NULL) + settables = EVP_RAND_CTX_settable_params(ctx); + if (OSSL_PARAM_locate_const(settables, OSSL_DRBG_PARAM_CIPHER)) { + cipher = dgbl->rng_cipher != NULL ? dgbl->rng_cipher : "AES-256-CTR"; + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, + cipher, 0); + } + if (dgbl->rng_digest != NULL + && OSSL_PARAM_locate_const(settables, OSSL_DRBG_PARAM_DIGEST)) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, dgbl->rng_digest, 0); if (dgbl->rng_propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, dgbl->rng_propq, 0); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC, "HMAC", 0); + if (OSSL_PARAM_locate_const(settables, OSSL_ALG_PARAM_MAC)) + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC, "HMAC", 0); + if (OSSL_PARAM_locate_const(settables, OSSL_DRBG_PARAM_USE_DF)) + *p++ = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_USE_DF, &use_df); *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, &reseed_interval); *p++ = OSSL_PARAM_construct_time_t(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, @@ -641,7 +645,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx) ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed, PRIMARY_RESEED_INTERVAL, - PRIMARY_RESEED_TIME_INTERVAL); + PRIMARY_RESEED_TIME_INTERVAL, 1); /* * The primary DRBG may be shared between multiple threads so we must * enable locking. @@ -683,7 +687,7 @@ EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx) && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) return NULL; rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL); + SECONDARY_RESEED_TIME_INTERVAL, 0); CRYPTO_THREAD_set_local(&dgbl->public, rand); } return rand; @@ -716,7 +720,7 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) return NULL; rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL); + SECONDARY_RESEED_TIME_INTERVAL, 0); CRYPTO_THREAD_set_local(&dgbl->private, rand); } return rand;