diff options
| author | Pauli <pauli@openssl.org> | 2023-09-05 02:16:49 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2023-09-27 18:22:54 +0200 |
| commit | fffa78c2fd01accd97c9229018d4c380f7a20335 (patch) | |
| tree | 2978f3f7b0bbf550f9824ec247cb3e01f723e1ef /crypto/rand/rand_lib.c | |
| parent | Provider cross version checks warning (diff) | |
| download | openssl-fffa78c2fd01accd97c9229018d4c380f7a20335.tar.xz openssl-fffa78c2fd01accd97c9229018d4c380f7a20335.zip | |
fips selftest: avoid relying on a real RNG for self tests
Rather than instantiate the private and primary DRBGs during the
selftest, instead use a test RNG. This leaves the DRBG setup
pristine and permits later replacement of the seed source despite
the very early running power up self tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21964)
Diffstat (limited to 'crypto/rand/rand_lib.c')
| -rw-r--r-- | crypto/rand/rand_lib.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 8dd1d071e8..4630f19da0 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -345,6 +345,8 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, } #endif + if (num < 0) + return 0; rand = RAND_get0_private(ctx); if (rand != NULL) return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0); @@ -354,8 +356,6 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, int RAND_priv_bytes(unsigned char *buf, int num) { - if (num < 0) - return 0; return RAND_priv_bytes_ex(NULL, buf, (size_t)num, 0); } @@ -374,6 +374,8 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, } #endif + if (num < 0) + return 0; rand = RAND_get0_public(ctx); if (rand != NULL) return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0); @@ -383,8 +385,6 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, int RAND_bytes(unsigned char *buf, int num) { - if (num < 0) - return 0; return RAND_bytes_ex(NULL, buf, (size_t)num, 0); } @@ -738,6 +738,18 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) return rand; } +#ifdef FIPS_MODULE +EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + + if (dgbl == NULL) + return NULL; + + return CRYPTO_THREAD_get_local(&dgbl->private); +} +#endif + int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand) { RAND_GLOBAL *dgbl = rand_get_global(ctx); |