diff options
author | Pauli <pauli@openssl.org> | 2022-09-26 15:20:14 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-11-02 08:41:05 +1100 |
commit | e30aad54159aeef15b6386d67d4724242d828d12 (patch) | |
tree | e83d6f8f17d3475800ff65686f2084bfba18e1bc /crypto | |
parent | 5e244a93778a59e756f626e3135455923ce29a22 (diff) | |
download | openssl-new-e30aad54159aeef15b6386d67d4724242d828d12.tar.gz |
rand: add set0 calls for the private and public DRBGs
The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked. This permits this.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/evp/evp_rand.c | 4 | ||||
-rw-r--r-- | crypto/rand/rand_lib.c | 28 |
2 files changed, 30 insertions, 2 deletions
diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index c36dbdc56c..3031ecbcc0 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -320,7 +320,7 @@ int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]) return 1; } -static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx) +int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx) { int ref = 0; @@ -345,7 +345,7 @@ EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) return NULL; } if (parent != NULL) { - if (!evp_rand_ctx_up_ref(parent)) { + if (!EVP_RAND_CTX_up_ref(parent)) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); CRYPTO_THREAD_lock_free(ctx->refcnt_lock); OPENSSL_free(ctx); diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index c453d32261..50aa9226cb 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -726,6 +726,34 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) return rand; } +int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + EVP_RAND_CTX *old; + int r; + + if (dgbl == NULL) + return 0; + old = CRYPTO_THREAD_get_local(&dgbl->public); + if ((r = CRYPTO_THREAD_set_local(&dgbl->public, rand)) > 0) + EVP_RAND_CTX_free(old); + return r; +} + +int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + EVP_RAND_CTX *old; + int r; + + if (dgbl == NULL) + return 0; + old = CRYPTO_THREAD_get_local(&dgbl->private); + if ((r = CRYPTO_THREAD_set_local(&dgbl->private, rand)) > 0) + EVP_RAND_CTX_free(old); + return r; +} + #ifndef FIPS_MODULE static int random_set_string(char **p, const char *s) { |