# include <openssl/rand_drbg.h>
# include "internal/tsan_assist.h"
# include "crypto/rand.h"
-# include "crypto/rand_pool.h"
# include "internal/numbers.h"
# define SLAVE_RESEED_INTERVAL (1 << 16)
# define MASTER_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */
# define SLAVE_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */
-
/*
- * The number of bytes that constitutes an atomic lump of entropy with respect
- * to the FIPS 140-2 section 4.9.2 Conditional Tests. The size is somewhat
- * arbitrary, the smaller the value, the less entropy is consumed on first
- * read but the higher the probability of the test failing by accident.
- *
- * The value is in bytes.
- */
-#define CRNGT_BUFSIZ 16
-
-/*
- * Maximum input size for the DRBG (entropy, nonce, personalization string)
- *
- * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
- *
- * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
- */
-# define DRBG_MAX_LENGTH INT32_MAX
-
-/* DRBG status values */
-typedef enum drbg_status_e {
- DRBG_UNINITIALISED,
- DRBG_READY,
- DRBG_ERROR
-} DRBG_STATUS;
-
-/* instantiate */
-typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
- const unsigned char *ent,
- size_t entlen,
- const unsigned char *nonce,
- size_t noncelen,
- const unsigned char *pers,
- size_t perslen);
-/* reseed */
-typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
- const unsigned char *ent,
- size_t entlen,
- const unsigned char *adin,
- size_t adinlen);
-/* generate output */
-typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
- unsigned char *out,
- size_t outlen,
- const unsigned char *adin,
- size_t adinlen);
-/* uninstantiate */
-typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
-
-
-/*
- * The state of all types of DRBGs, even though we only have CTR mode
- * right now.
+ * The state of all types of DRBGs.
*/
struct rand_drbg_st {
CRYPTO_RWLOCK *lock;
/* The library context this DRBG is associated with, if any */
OPENSSL_CTX *libctx;
RAND_DRBG *parent;
- int secure; /* 1: allocated on the secure heap, 0: otherwise */
int type; /* the nid of the underlying algorithm */
unsigned short flags; /* various external flags */
/* The global RAND method, and the global buffer and DRBG instance. */
extern RAND_METHOD rand_meth;
-/* DRBG helpers */
-int rand_drbg_restart(RAND_DRBG *drbg,
- const unsigned char *buffer, size_t len, size_t entropy);
-size_t rand_drbg_seedlen(RAND_DRBG *drbg);
-
-/*
- * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
- * These need to be exposed for the unit tests.
- */
-int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, RAND_POOL *pool,
- unsigned char *buf, unsigned char *md,
- unsigned int *md_size);
-extern int (*crngt_get_entropy)(OPENSSL_CTX *ctx, RAND_POOL *pool,
- unsigned char *buf, unsigned char *md,
- unsigned int *md_size);
-
#endif