From: Matt Caswell Date: Thu, 20 Jun 2019 12:17:22 +0000 (+0100) Subject: Change the DRBG HMAC implementation to lookup allowed digest names X-Git-Tag: openssl-3.0.0-alpha1~1846 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=53a11c6da09988efba93eccfdd10bf7edf1d53b2 Change the DRBG HMAC implementation to lookup allowed digest names As per the previous commit we make the same change for DRBG HMAC and more closely align the FIPS_MODE and non FIPS_MODE implementations. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9035) --- diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c index a6ed58bf6c..baafc59064 100644 --- a/crypto/rand/drbg_hmac.c +++ b/crypto/rand/drbg_hmac.c @@ -13,6 +13,7 @@ #include #include #include "internal/thread_once.h" +#include "internal/providercommon.h" #include "rand_lcl.h" /* @@ -201,19 +202,35 @@ int drbg_hmac_init(RAND_DRBG *drbg) EVP_MD *md = NULL; RAND_DRBG_HMAC *hmac = &drbg->data.hmac; -#ifndef FIPS_MODE - /* Any approved digest is allowed - assume we pass digest (not NID_hmac*) */ - md = EVP_MD_meth_dup(EVP_get_digestbynid(drbg->type)); -#else - /* TODO(3.0): Fill this out with the complete list of allowed digests */ + /* + * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy + * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF + * digests (such as SHAKE). + */ switch (drbg->type) { default: return 0; + + case NID_sha1: + case NID_sha224: case NID_sha256: - md = EVP_MD_fetch(drbg->libctx, "SHA256", ""); + case NID_sha384: + case NID_sha512: + case NID_sha512_224: + case NID_sha512_256: + case NID_sha3_224: + case NID_sha3_256: + case NID_sha3_384: + case NID_sha3_512: +#ifndef FIPS_MODE + case NID_blake2b512: + case NID_blake2s256: + case NID_sm3: +#endif break; } -#endif + + md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), ""); if (md == NULL) return 0;