Allow setting of get_entropy and get_nonce callbacks outside test mode.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c

index a015da1e41cf5c26fa81aaccd84ca358942d75be..a848ef2dd16fd3822697fe819537ead2c2f11566 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -400,7 +400,7 @@ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
         return rv;
         }
  
-int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
         size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
                                 int entropy, size_t min_len, size_t max_len),
         size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
@@ -408,7 +408,6 @@ int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
         {
         if (dctx->status != DRBG_STATUS_UNINITIALISED)
                 return 0;
-       dctx->flags |= DRBG_FLAG_TEST;
         dctx->get_entropy = get_entropy;
         dctx->get_nonce = get_nonce;
         return 1;
diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c

index af21971ba0a2a7ffc2563ae17390295ce5132d8c..31b7a0be58529f0a34ab3f9bbac7aa7e44c3e256 100644 (file)
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -82,7 +82,7 @@ typedef struct {
         size_t katlen;
         } DRBG_SELFTEST_DATA;
  
-#define make_drbg_test_data(nid, flag, pr) { nid, flag, \
+#define make_drbg_test_data(nid, flag, pr) { nid, flag | DRBG_FLAG_TEST, \
         pr##_entropyinput, sizeof(pr##_entropyinput), \
         pr##_nonce, sizeof(pr##_nonce), \
         pr##_personalizationstring, sizeof(pr##_personalizationstring), \
@@ -762,7 +762,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
         unsigned char randout[1024];
         if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                 return 0;
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                 return 0;
  
         FIPS_drbg_set_app_data(dctx, &t);
@@ -818,7 +818,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
         if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                 goto err;
  
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                 goto err;
  
         FIPS_drbg_set_app_data(dctx, &t);
@@ -860,7 +860,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
         /* Instantiate with valid data. NB: errors now reported again */
         if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                 goto err;
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                 goto err;
         FIPS_drbg_set_app_data(dctx, &t);
  
@@ -914,7 +914,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
  
         if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                 goto err;
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                 goto err;
         FIPS_drbg_set_app_data(dctx, &t);
  
diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c

index 0c5839e5530b0386d153a826b263fe061bfcc806..53d4439342ced245b95a3fabbc53111bd8dbbcc1 100644 (file)
--- a/fips/rand/fips_drbgvs.c
+++ b/fips/rand/fips_drbgvs.c
@@ -245,10 +245,10 @@ int main(int argc,char **argv)
                 if (!strcmp(keyword, "PersonalizationString"))
                         {
                         pers = hex2bin_m(value, &perslen);
-                       dctx = FIPS_drbg_new(nid, df);
+                       dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
                         if (!dctx)
                                 exit (1);
-                       FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce);
+                       FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce);
                         FIPS_drbg_set_app_data(dctx, &t);
                         randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
                         r = FIPS_drbg_instantiate(dctx, pers, perslen);
diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h

index c4d1d910ba136699507a2154bc939a02966d5412..b332549ff271a046075bf9852702dc62d9ecc8bc 100644 (file)
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -74,6 +74,8 @@ typedef struct drbg_ctx_st DRBG_CTX;
  
  /* Flag for CTR mode only: use derivation function ctr_df */
  #define        DRBG_FLAG_CTR_USE_DF            0x1
+/* PRNG is in test state */
+#define        DRBG_FLAG_TEST                  0x2
  
  DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
  int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
@@ -87,7 +89,7 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
  int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
  void FIPS_drbg_free(DRBG_CTX *dctx);
  
-int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
         size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
                                 int entropy, size_t min_len, size_t max_len),
         size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h

index 8f97ac00bec61f6f33b5d80191261d7aa3d79786..4ec4ef85f50811794a109a91c67e238debe13bd3 100644 (file)
--- a/fips/rand/fips_rand_lcl.h
+++ b/fips/rand/fips_rand_lcl.h
@@ -84,8 +84,6 @@ struct drbg_ctr_ctx_st
  
  /* DRBG flags */
  
-/* PRNG is in test state */
-#define        DRBG_FLAG_TEST                  0x2
  /* Functions shouldn't call err library */
  #define        DRBG_FLAG_NOERR                 0x4
  
diff --git a/util/libeay.num b/util/libeay.num

index a23555333de08a14810a3ce78ce0e1d0d4661d40..e80db25650ffbd3078fcce428e366a3d843968ac 100755 (executable)
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4300,7 +4300,7 @@ FIPS_drbg_set_app_data                  4669      EXIST:OPENSSL_FIPS:FUNCTION:
  FIPS_ecdsa_sign_ctx                     4670   EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
  FIPS_ecdsa_sign_digest                  4671   EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
  X509_ALGOR_set_md                       4672   EXIST::FUNCTION:
-FIPS_drbg_set_test_mode                 4673   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_drbg_set_callbacks                 4673   EXIST:OPENSSL_FIPS:FUNCTION:
  ASN1_SCTX_new                           4674   EXIST::FUNCTION:
  FIPS_set_locking_callbacks              4675   EXIST:OPENSSL_FIPS:FUNCTION:
  CRYPTO_ctr128_encrypt_ctr32             4676   EXIST::FUNCTION:
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
fips/rand/fips_drbg_lib.c		patch \| blob \| history
fips/rand/fips_drbg_selftest.c		patch \| blob \| history
fips/rand/fips_drbgvs.c		patch \| blob \| history
fips/rand/fips_rand.h		patch \| blob \| history
fips/rand/fips_rand_lcl.h		patch \| blob \| history
util/libeay.num		patch \| blob \| history