Allow setting of get_entropy and get_nonce callbacks outside test mode.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 25 Mar 2011 14:38:37 +0000 (14:38 +0000)
Test mode is now set when a DRBG context is initialised.

fips/rand/fips_drbg_lib.c
fips/rand/fips_drbg_selftest.c
fips/rand/fips_drbgvs.c
fips/rand/fips_rand.h
fips/rand/fips_rand_lcl.h
util/libeay.num

index a015da1..a848ef2 100644 (file)
@@ -400,7 +400,7 @@ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
        return rv;
        }
 
-int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
                                int entropy, size_t min_len, size_t max_len),
        size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
@@ -408,7 +408,6 @@ int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
        {
        if (dctx->status != DRBG_STATUS_UNINITIALISED)
                return 0;
-       dctx->flags |= DRBG_FLAG_TEST;
        dctx->get_entropy = get_entropy;
        dctx->get_nonce = get_nonce;
        return 1;
index af21971..31b7a0b 100644 (file)
@@ -82,7 +82,7 @@ typedef struct {
        size_t katlen;
        } DRBG_SELFTEST_DATA;
 
-#define make_drbg_test_data(nid, flag, pr) { nid, flag, \
+#define make_drbg_test_data(nid, flag, pr) { nid, flag | DRBG_FLAG_TEST, \
        pr##_entropyinput, sizeof(pr##_entropyinput), \
        pr##_nonce, sizeof(pr##_nonce), \
        pr##_personalizationstring, sizeof(pr##_personalizationstring), \
@@ -762,7 +762,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        unsigned char randout[1024];
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                return 0;
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                return 0;
 
        FIPS_drbg_set_app_data(dctx, &t);
@@ -818,7 +818,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
 
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                goto err;
 
        FIPS_drbg_set_app_data(dctx, &t);
@@ -860,7 +860,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        /* Instantiate with valid data. NB: errors now reported again */
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                goto err;
        FIPS_drbg_set_app_data(dctx, &t);
 
@@ -914,7 +914,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
 
        if (!FIPS_drbg_init(dctx, td->nid, td->flags))
                goto err;
-       if (!FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce))
+       if (!FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce))
                goto err;
        FIPS_drbg_set_app_data(dctx, &t);
 
index 0c5839e..53d4439 100644 (file)
@@ -245,10 +245,10 @@ int main(int argc,char **argv)
                if (!strcmp(keyword, "PersonalizationString"))
                        {
                        pers = hex2bin_m(value, &perslen);
-                       dctx = FIPS_drbg_new(nid, df);
+                       dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
                        if (!dctx)
                                exit (1);
-                       FIPS_drbg_set_test_mode(dctx, test_entropy, test_nonce);
+                       FIPS_drbg_set_callbacks(dctx, test_entropy, test_nonce);
                        FIPS_drbg_set_app_data(dctx, &t);
                        randoutlen = (int)FIPS_drbg_get_blocklength(dctx);
                        r = FIPS_drbg_instantiate(dctx, pers, perslen);
index c4d1d91..b332549 100644 (file)
@@ -74,6 +74,8 @@ typedef struct drbg_ctx_st DRBG_CTX;
 
 /* Flag for CTR mode only: use derivation function ctr_df */
 #define        DRBG_FLAG_CTR_USE_DF            0x1
+/* PRNG is in test state */
+#define        DRBG_FLAG_TEST                  0x2
 
 DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags);
 int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags);
@@ -87,7 +89,7 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
 int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
 void FIPS_drbg_free(DRBG_CTX *dctx);
 
-int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
+int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
                                int entropy, size_t min_len, size_t max_len),
        size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char *out,
index 8f97ac0..4ec4ef8 100644 (file)
@@ -84,8 +84,6 @@ struct drbg_ctr_ctx_st
 
 /* DRBG flags */
 
-/* PRNG is in test state */
-#define        DRBG_FLAG_TEST                  0x2
 /* Functions shouldn't call err library */
 #define        DRBG_FLAG_NOERR                 0x4
 
index a235553..e80db25 100755 (executable)
@@ -4300,7 +4300,7 @@ FIPS_drbg_set_app_data                  4669      EXIST:OPENSSL_FIPS:FUNCTION:
 FIPS_ecdsa_sign_ctx                     4670   EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
 FIPS_ecdsa_sign_digest                  4671   EXIST:OPENSSL_FIPS:FUNCTION:ECDSA
 X509_ALGOR_set_md                       4672   EXIST::FUNCTION:
-FIPS_drbg_set_test_mode                 4673   EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_drbg_set_callbacks                 4673   EXIST:OPENSSL_FIPS:FUNCTION:
 ASN1_SCTX_new                           4674   EXIST::FUNCTION:
 FIPS_set_locking_callbacks              4675   EXIST:OPENSSL_FIPS:FUNCTION:
 CRYPTO_ctr128_encrypt_ctr32             4676   EXIST::FUNCTION: