From: Pauli Date: Fri, 26 Feb 2021 00:52:13 +0000 (+1000) Subject: evp: add params argument to EVP_RAND_instantiate() X-Git-Tag: openssl-3.0.0-alpha13~108 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=671ff5c74ec135b7c419895983d67c63013ffa9e;p=thirdparty%2Fopenssl.git evp: add params argument to EVP_RAND_instantiate() Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14310) --- diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index bc8c24b3b55..aea9d72ab7a 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -487,22 +487,23 @@ int EVP_RAND_names_do_all(const EVP_RAND *rand, static int evp_rand_instantiate_locked (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len) + const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[]) { return ctx->meth->instantiate(ctx->data, strength, prediction_resistance, - pstr, pstr_len); + pstr, pstr_len, params); } int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len) + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]) { int res; if (!evp_rand_lock(ctx)) return 0; res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance, - pstr, pstr_len); + pstr, pstr_len, params); evp_rand_unlock(ctx); return res; } diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index 88ee739d946..52cf5118d86 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -50,7 +50,8 @@ EVP_RAND_STATE_ERROR - EVP RAND routines int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len); + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]); int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx); int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, unsigned int strength, int prediction_resistance, @@ -78,10 +79,10 @@ If you want to do more, these calls should be used instead of the older RAND and RAND_DRBG functions. After creating a B for the required algorithm using -EVP_RAND_CTX_new(), inputs to the algorithm are supplied -using calls to EVP_RAND_set_ctx_params() before -calling EVP_RAND_instantiate() and then EVP_RAND_generate() to produce -cryptographically secure random bytes. +EVP_RAND_CTX_new(), inputs to the algorithm are supplied either by +passing them as part of the EVP_RAND_instantiate() call or using calls to +EVP_RAND_set_ctx_params() before calling EVP_RAND_instantiate(). Finally, +call EVP_RAND_generate() to produce cryptographically secure random bytes. =head2 Types @@ -123,8 +124,9 @@ I. =head2 Random Number Generator Functions -EVP_RAND_instantiate() instantiates the RAND I with a minimum security -strength of and personalisation string I of length . +EVP_RAND_instantiate() processes any parameters in I and +then instantiates the RAND I with a minimum security strength +of and personalisation string I of length . If I is specified, fresh entropy from a live source will be sought. This call operates as per NIST SP 800-90A and SP 800-90C. diff --git a/include/openssl/evp.h b/include/openssl/evp.h index a6a05b1ba61..96a82827fc4 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1193,7 +1193,8 @@ int EVP_RAND_names_do_all(const EVP_RAND *rand, __owur int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len); + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]); int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx); __owur int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, unsigned int strength,