[openssl-commits] [openssl] master update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Fri Mar 9 23:28:19 UTC 2018
The branch master has been updated
via 4917e91160fac2acef543ad6a74b2da2e1f17625 (commit)
from 9ad9794273f3d069e45cf505fbeaada073a849ce (commit)
- Log -----------------------------------------------------------------
commit 4917e91160fac2acef543ad6a74b2da2e1f17625
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date: Fri Mar 9 18:24:23 2018 +0100
RAND_DRBG: add a function for setting the reseeding defaults
The introduction of thread local public and private DRBG instances (#5547)
makes it very cumbersome to change the reseeding (time) intervals for
those instances. This commit provides a function to set the default
values for all subsequently created DRBG instances.
int RAND_DRBG_set_reseed_defaults(
unsigned int master_reseed_interval,
unsigned int slave_reseed_interval,
time_t master_reseed_time_interval,
time_t slave_reseed_time_interval
);
The function is intended only to be used during application initialization,
before any threads are created and before any random bytes are generated.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5576)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/drbg_ctr.c | 2 +-
crypto/rand/drbg_lib.c | 55 ++++++++++++++++++++++++++++++++++++++++++-------
include/internal/rand.h | 7 +++++++
util/libcrypto.num | 1 +
4 files changed, 56 insertions(+), 9 deletions(-)
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c
index 99cd997..0496cb0 100644
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -366,6 +366,6 @@ int drbg_ctr_init(RAND_DRBG *drbg)
}
drbg->max_request = 1 << 16;
- drbg->reseed_interval = MAX_RESEED_INTERVAL;
+
return 1;
}
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index daac770..12070d7 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -113,6 +113,12 @@ static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
+static unsigned int slave_reseed_interval = SLAVE_RESEED_INTERVAL;
+
+static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
+static time_t slave_reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL;
+
static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
static RAND_DRBG *rand_drbg_new(int secure,
@@ -175,6 +181,15 @@ static RAND_DRBG *rand_drbg_new(int secure,
drbg->secure = secure && CRYPTO_secure_allocated(drbg);
drbg->fork_count = rand_fork_count;
drbg->parent = parent;
+
+ if (parent == NULL) {
+ drbg->reseed_interval = master_reseed_interval;
+ drbg->reseed_time_interval = master_reseed_time_interval;
+ } else {
+ drbg->reseed_interval = slave_reseed_interval;
+ drbg->reseed_time_interval = slave_reseed_time_interval;
+ }
+
if (RAND_DRBG_set(drbg, type, flags) == 0)
goto err;
@@ -710,6 +725,38 @@ int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval)
return 1;
}
+/*
+ * Set the default values for reseed (time) intervals of new DRBG instances
+ *
+ * The default values can be set independently for master DRBG instances
+ * (without a parent) and slave DRBG instances (with parent).
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+
+int RAND_DRBG_set_reseed_defaults(
+ unsigned int _master_reseed_interval,
+ unsigned int _slave_reseed_interval,
+ time_t _master_reseed_time_interval,
+ time_t _slave_reseed_time_interval
+ )
+{
+ if (_master_reseed_interval > MAX_RESEED_INTERVAL
+ || _slave_reseed_interval > MAX_RESEED_INTERVAL)
+ return 0;
+
+ if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
+ || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
+ return 0;
+
+ master_reseed_interval = _master_reseed_interval;
+ slave_reseed_interval = _slave_reseed_interval;
+
+ master_reseed_time_interval = _master_reseed_time_interval;
+ slave_reseed_time_interval = _slave_reseed_time_interval;
+
+ return 1;
+}
/*
* Locks the given drbg. Locking a drbg which does not have locking
@@ -809,14 +856,6 @@ static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
if (rand_drbg_enable_locking(drbg) == 0)
goto err;
- if (parent == NULL) {
- drbg->reseed_interval = MASTER_RESEED_INTERVAL;
- drbg->reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
- } else {
- drbg->reseed_interval = SLAVE_RESEED_INTERVAL;
- drbg->reseed_time_interval = SLAVE_RESEED_TIME_INTERVAL;
- }
-
/* enable seed propagation */
drbg->reseed_counter = 1;
diff --git a/include/internal/rand.h b/include/internal/rand.h
index 471b6b5..9f6b1ab 100644
--- a/include/internal/rand.h
+++ b/include/internal/rand.h
@@ -56,6 +56,13 @@ int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
+int RAND_DRBG_set_reseed_defaults(
+ unsigned int master_reseed_interval,
+ unsigned int slave_reseed_interval,
+ time_t master_reseed_time_interval,
+ time_t slave_reseed_time_interval
+ );
+
RAND_DRBG *RAND_DRBG_get0_master(void);
RAND_DRBG *RAND_DRBG_get0_public(void);
RAND_DRBG *RAND_DRBG_get0_private(void);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index bd94e27..a96bd2f 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4521,3 +4521,4 @@ OSSL_STORE_SEARCH_by_alias 4462 1_1_1 EXIST::FUNCTION:
OSSL_STORE_LOADER_set_find 4463 1_1_1 EXIST::FUNCTION:
OSSL_STORE_SEARCH_free 4464 1_1_1 EXIST::FUNCTION:
OSSL_STORE_SEARCH_get0_digest 4465 1_1_1 EXIST::FUNCTION:
+RAND_DRBG_set_reseed_defaults 4466 1_1_1 EXIST::FUNCTION:
More information about the openssl-commits
mailing list