wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Tell the ciphers which DRBG to use for generating random bytes.

Browse source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #4672
This commit is contained in:
Kurt Roeckx 2017-11-05 14:37:15 +01:00
parent b3f9064cc6
commit d91f45688c
15 changed files with 114 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
crypto/evp/e_aes.c
View file

@ -17,6 +17,7 @@
#include "internal/evp_int.h"
#include "modes_lcl.h"
#include <openssl/rand.h>
#include <internal/rand.h>
#include "evp_locl.h"
typedef struct {
@ -1404,8 +1405,14 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
memcpy(gctx->iv, ptr, arg);
enc = EVP_CIPHER_CTX_encrypting(c);
if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
return 0;
if (enc) {
if (c->drbg != NULL) {
if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0)
return 0;
} else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
return 0;
}
}
gctx->iv_gen = 1;
return 1;
@ -2632,9 +2639,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
if (EVP_CIPHER_CTX_encrypting(c)
&& RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
return 0;
if (EVP_CIPHER_CTX_encrypting(c)) {
if (c->drbg != NULL) {
if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0)
return 0;
} else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
return 0;
}
}
gctx->iv_gen = 1;
return 1;

15
crypto/evp/e_aes_cbc_hmac_sha1.c
View file

@ -17,9 +17,11 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include <internal/rand.h>
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
#include "evp_locl.h"
typedef struct {
AES_KEY ks;
@ -154,7 +156,8 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
unsigned char *out,
const unsigned char *inp,
size_t inp_len, int n4x)
size_t inp_len, int n4x,
RAND_DRBG *drbg)
{ /* n4x is 1 or 2 */
HASH_DESC hash_d[8], edges[8];
CIPH_DESC ciph_d[8];
@ -174,8 +177,13 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
# endif
/* ask for IVs in bulk */
if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
IVs = blocks[0].c;
if (drbg != NULL) {
if (RAND_DRBG_bytes(drbg, IVs, 16 * x4) == 0)
return 0;
} else if (RAND_bytes(IVs, 16 * x4) <= 0) {
return 0;
}
ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
@ -893,7 +901,8 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return (int)tls1_1_multi_block_encrypt(key, param->out,
param->inp, param->len,
param->interleave / 4);
param->interleave / 4,
ctx->drbg);
}
case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
# endif

15
crypto/evp/e_aes_cbc_hmac_sha256.c
View file

@ -18,9 +18,11 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
#include <internal/rand.h>
#include "modes_lcl.h"
#include "internal/constant_time_locl.h"
#include "internal/evp_int.h"
#include "evp_locl.h"
typedef struct {
AES_KEY ks;
@ -150,7 +152,8 @@ void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
unsigned char *out,
const unsigned char *inp,
size_t inp_len, int n4x)
size_t inp_len, int n4x,
RAND_DRBG *drbg)
{ /* n4x is 1 or 2 */
HASH_DESC hash_d[8], edges[8];
CIPH_DESC ciph_d[8];
@ -170,8 +173,13 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
# endif
/* ask for IVs in bulk */
if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
IVs = blocks[0].c;
if (drbg != NULL) {
if (RAND_DRBG_bytes(drbg, IVs, 16 * x4) == 0)
return 0;
} else if (RAND_bytes(IVs, 16 * x4) <= 0) {
return 0;
}
/* align */
ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32));
@ -877,7 +885,8 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return (int)tls1_1_multi_block_encrypt(key, param->out,
param->inp, param->len,
param->interleave / 4);
param->interleave / 4,
ctx->drbg);
}
case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
# endif

12
crypto/evp/e_aria.c
View file

@ -15,6 +15,7 @@
# include <openssl/rand.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
# include "internal/rand.h"
# include "modes_lcl.h"
# include "evp_locl.h"
@ -301,9 +302,14 @@ static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
return 0;
if (arg)
memcpy(gctx->iv, ptr, arg);
if (EVP_CIPHER_CTX_encrypting(c)
&& RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
return 0;
if (EVP_CIPHER_CTX_encrypting(c)) {
if (c->drbg != NULL) {
if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0)
return 0;
} else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) {
return 0;
}
}
gctx->iv_gen = 1;
return 1;

8
crypto/evp/e_des.c
View file

@ -15,6 +15,8 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include <internal/rand.h>
# include "evp_locl.h"
typedef struct {
union {
@ -229,8 +231,12 @@ static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
switch (type) {
case EVP_CTRL_RAND_KEY:
if (RAND_bytes(ptr, 8) <= 0)
if (c->drbg != NULL) {
if (RAND_DRBG_bytes(c->drbg, ptr, 8) == 0)
return 0;
} else if (RAND_bytes(ptr, 8) <= 0) {
return 0;
}
DES_set_odd_parity((DES_cblock *)ptr);
return 1;

13
crypto/evp/e_des3.c
View file

@ -15,6 +15,7 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
# include <internal/rand.h>
# include "evp_locl.h"
typedef struct {
@ -283,8 +284,12 @@ static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
switch (type) {
case EVP_CTRL_RAND_KEY:
if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
if (ctx->drbg != NULL) {
if (RAND_DRBG_bytes(ctx->drbg, ptr, EVP_CIPHER_CTX_key_length(ctx)) == 0)
return 0;
} else if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) {
return 0;
}
DES_set_odd_parity(deskey);
if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
DES_set_odd_parity(deskey + 1);
@ -372,8 +377,12 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
memcpy(out + inl + 8, sha1tmp, 8);
OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
/* Generate random IV */
if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
if (ctx->drbg != NULL) {
if (RAND_DRBG_bytes(ctx->drbg, EVP_CIPHER_CTX_iv_noconst(ctx), 8) == 0)
return -1;
} else if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) {
return -1;
}
memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
/* Encrypt everything after IV in place */
des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);

16
crypto/evp/evp_enc.c
View file

@ -15,6 +15,7 @@
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
#include "internal/rand.h"
#include "evp_locl.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
@ -577,6 +578,15 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
{
int ret;
if (type == EVP_CTRL_GET_DRBG) {
*(RAND_DRBG **)ptr = ctx->drbg;
return 1;
}
if (type == EVP_CTRL_SET_DRBG) {
ctx->drbg = ptr;
return 1;
}
if (!ctx->cipher) {
EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
return 0;
@ -600,8 +610,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
{
if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
if (RAND_bytes(key, ctx->key_len) <= 0)
if (ctx->drbg) {
if (RAND_DRBG_bytes(ctx->drbg, key, ctx->key_len) == 0)
return 0;
} else if (RAND_bytes(key, ctx->key_len) <= 0) {
return 0;
}
return 1;
}

1
crypto/evp/evp_locl.h
View file

@ -39,6 +39,7 @@ struct evp_cipher_ctx_st {
int final_used;
int block_mask;
unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
RAND_DRBG *drbg;
} /* EVP_CIPHER_CTX */ ;
int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,

13
crypto/evp/p_seal.c
View file

@ -14,6 +14,8 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <internal/rand.h>
#include "evp_locl.h"
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char **ek, int *ekl, unsigned char *iv,
@ -31,9 +33,14 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
return 1;
if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
return 0;
if (EVP_CIPHER_CTX_iv_length(ctx)
&& RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
return 0;
if (EVP_CIPHER_CTX_iv_length(ctx)) {
if (ctx->drbg) {
if (RAND_DRBG_bytes(ctx->drbg, iv, EVP_CIPHER_CTX_iv_length(ctx)) == 0)
return 0;
} else if (RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) {
return 0;
}
}
if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
return 0;

14
doc/man3/EVP_EncryptInit.pod
View file

@ -457,6 +457,20 @@ This call is only valid when decrypting data.
=back
=head1 Random numbers
The following can be used to select the DRBG that is used to generate the random
numbers:
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_DRBG, 0, drbg)
The following can be used to get the DRBG:
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_DRBG, 0, &drbg)
By default it's set to NULL which results in RAND_bytes() being used.
=head1 NOTES
Where possible the B<EVP> interface to symmetric ciphers should be used in

2
include/openssl/evp.h
View file

@ -344,6 +344,8 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23
/* Set the input buffer lengths to use for a pipelined operation */
# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24
# define EVP_CTRL_GET_DRBG 0x25
# define EVP_CTRL_SET_DRBG 0x26
/* Padding modes */
#define EVP_PADDING_PKCS7 1

1
ssl/s3_enc.c
View file

@ -167,6 +167,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
*/
EVP_CIPHER_CTX_reset(s->enc_write_ctx);
}
EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
dd = s->enc_write_ctx;
if (ssl_replace_hash(&s->write_hash, m) == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,

1
ssl/statem/statem_srvr.c
View file

@ -3753,6 +3753,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
p = senc;
if (!i2d_SSL_SESSION(s->session, &p)) {

1
ssl/t1_enc.c
View file

@ -170,6 +170,7 @@ int tls1_change_cipher_state(SSL *s, int which)
ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
dd = s->enc_write_ctx;
if (SSL_IS_DTLS(s)) {
mac_ctx = EVP_MD_CTX_new();

1
ssl/tls13_enc.c
View file

@ -406,6 +406,7 @@ int tls13_change_cipher_state(SSL *s, int which)
SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
goto err;
}
EVP_CIPHER_CTX_ctrl(s->enc_write_ctx, EVP_CTRL_SET_DRBG, 0, s->drbg);
}
ciph_ctx = s->enc_write_ctx;
iv = s->write_iv;