[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sat Nov 2 05:11:45 UTC 2019
The branch master has been updated
via 5d0cf102e038013d6d89ea406562b52f73a67bdd (commit)
via 9fff0a4b0d6f3b7499f85cbd30e599db7f1b723b (commit)
from c47a56d615a7baf974de85e7f609cacbf5297dd5 (commit)
- Log -----------------------------------------------------------------
commit 5d0cf102e038013d6d89ea406562b52f73a67bdd
Author: Pauli <paul.dale at oracle.com>
Date: Fri Nov 1 21:07:08 2019 +1000
DRBG: add check for XOF so these can be disallowed by the DRBGs
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
commit 9fff0a4b0d6f3b7499f85cbd30e599db7f1b723b
Author: Pauli <paul.dale at oracle.com>
Date: Fri Nov 1 12:47:06 2019 +1000
DRBG: weaken the restriction on allowed digests.
The artificial restriction of digests for the HMAC and HASH DRBGs is lifted.
Any fetchable digest is acceptable except XOF ones (such as SHAKE).
In FIPS mode, the fetch remains internal to the provider so only a FIPS
validated digest will be located.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10321)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/drbg_hash.c | 31 +++++--------------------------
crypto/rand/drbg_hmac.c | 32 ++++++--------------------------
2 files changed, 11 insertions(+), 52 deletions(-)
diff --git a/crypto/rand/drbg_hash.c b/crypto/rand/drbg_hash.c
index 72068c67c0..f087d88965 100644
--- a/crypto/rand/drbg_hash.c
+++ b/crypto/rand/drbg_hash.c
@@ -309,37 +309,16 @@ int drbg_hash_init(RAND_DRBG *drbg)
RAND_DRBG_HASH *hash = &drbg->data.hash;
/*
- * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy
- * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF
- * digests (such as SHAKE).
+ * Confirm digest is allowed. We allow all digests that are not XOF
+ * (such as SHAKE). In FIPS mode, the fetch will fail for non-approved
+ * digests.
*/
- switch (drbg->type) {
- default:
- return 0;
-
- case NID_sha1:
- case NID_sha224:
- case NID_sha256:
- case NID_sha384:
- case NID_sha512:
- case NID_sha512_224:
- case NID_sha512_256:
- case NID_sha3_224:
- case NID_sha3_256:
- case NID_sha3_384:
- case NID_sha3_512:
-#ifndef FIPS_MODE
- case NID_blake2b512:
- case NID_blake2s256:
- case NID_sm3:
-#endif
- break;
- }
-
md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
if (md == NULL)
return 0;
+ if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+ return 0;
drbg->meth = &drbg_hash_meth;
diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c
index 0289070f81..3bda6c0d05 100644
--- a/crypto/rand/drbg_hmac.c
+++ b/crypto/rand/drbg_hmac.c
@@ -203,37 +203,17 @@ int drbg_hmac_init(RAND_DRBG *drbg)
RAND_DRBG_HMAC *hmac = &drbg->data.hmac;
/*
- * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy
- * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF
- * digests (such as SHAKE).
+ * Confirm digest is allowed. We allow all digests that are not XOF
+ * (such as SHAKE). In FIPS mode, the fetch will fail for non-approved
+ * digests.
*/
- switch (drbg->type) {
- default:
- return 0;
-
- case NID_sha1:
- case NID_sha224:
- case NID_sha256:
- case NID_sha384:
- case NID_sha512:
- case NID_sha512_224:
- case NID_sha512_256:
- case NID_sha3_224:
- case NID_sha3_256:
- case NID_sha3_384:
- case NID_sha3_512:
-#ifndef FIPS_MODE
- case NID_blake2b512:
- case NID_blake2s256:
- case NID_sm3:
-#endif
- break;
- }
-
md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
if (md == NULL)
return 0;
+ if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+ return 0;
+
drbg->meth = &drbg_hmac_meth;
if (hmac->ctx == NULL) {
More information about the openssl-commits
mailing list