DRBG: weaken the restriction on allowed digests.

The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).

In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)

diff --git a/crypto/rand/drbg_hash.c b/crypto/rand/drbg_hash.c
index 72068c67c00794a6a827d49d96239d48ca9cc10b..5ff1d117c94f688d2174130be10dcfacf71a43ac 100644 (file)
--- a/crypto/rand/drbg_hash.c
+++ b/crypto/rand/drbg_hash.c
@@ -309,33 +309,10 @@ int drbg_hash_init(RAND_DRBG *drbg)
     RAND_DRBG_HASH *hash = &drbg->data.hash;
 
     /*
     RAND_DRBG_HASH *hash = &drbg->data.hash;
 
     /*

-     * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy
-     * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF
-     * digests (such as SHAKE).
+     * Confirm digest is allowed. We allow all digests that are not XOF
+     * (such as SHAKE).  In FIPS mode, the fetch will fail for non-approved
+     * digests.

      */
      */

-    switch (drbg->type) {
-    default:
-        return 0;
-
-    case NID_sha1:
-    case NID_sha224:
-    case NID_sha256:
-    case NID_sha384:
-    case NID_sha512:
-    case NID_sha512_224:
-    case NID_sha512_256:
-    case NID_sha3_224:
-    case NID_sha3_256:
-    case NID_sha3_384:
-    case NID_sha3_512:
-#ifndef FIPS_MODE
-    case NID_blake2b512:
-    case NID_blake2s256:
-    case NID_sm3:
-#endif
-        break;
-    }
-

     md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
     if (md == NULL)
         return 0;
     md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
     if (md == NULL)
         return 0;

diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c
index 0289070f81ba7f974b4b7bb0b0aa4990614f6565..0047d8c0946c8aee1070e93d78dfe25a4a4eb520 100644 (file)
--- a/crypto/rand/drbg_hmac.c
+++ b/crypto/rand/drbg_hmac.c
@@ -203,33 +203,10 @@ int drbg_hmac_init(RAND_DRBG *drbg)
     RAND_DRBG_HMAC *hmac = &drbg->data.hmac;
 
     /*
     RAND_DRBG_HMAC *hmac = &drbg->data.hmac;
 
     /*

-     * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy
-     * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF
-     * digests (such as SHAKE).
+     * Confirm digest is allowed. We allow all digests that are not XOF
+     * (such as SHAKE).  In FIPS mode, the fetch will fail for non-approved
+     * digests.

      */
      */

-    switch (drbg->type) {
-    default:
-        return 0;
-
-    case NID_sha1:
-    case NID_sha224:
-    case NID_sha256:
-    case NID_sha384:
-    case NID_sha512:
-    case NID_sha512_224:
-    case NID_sha512_256:
-    case NID_sha3_224:
-    case NID_sha3_256:
-    case NID_sha3_384:
-    case NID_sha3_512:
-#ifndef FIPS_MODE
-    case NID_blake2b512:
-    case NID_blake2s256:
-    case NID_sm3:
-#endif
-        break;
-    }
-

     md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
     if (md == NULL)
         return 0;
     md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
     if (md == NULL)
         return 0;