Conversation
|
Test Failure(s) are related to the other pull request that was submitted today (6778) |
|
Try |
|
I'm wondering if the label should be Post 1.1.1 rather than FIPS. This change includes two other DRBGs, which are worthwhile as a fallback. FIPS requires a whole lot more testing etc. I'm not fussed much either way. |
include/openssl/rand_drbg.h
Outdated
There was a problem hiding this comment.
Changing the value unnecessarily breaks ABI compat. Keep it as 1.
include/openssl/rand_drbg.h
Outdated
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
Why 2011? Copy & paste error?
There was a problem hiding this comment.
The code was mostly lifted from the old FOM I believe.
There was a problem hiding this comment.
The date is the same as the drbg_ctr.c file.
i.e- code was copied from old FOM and updated.
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
Multi line comments should start with a blank line like this:
/*
* my multi
* line comment
*/
crypto/rand/rand_lcl.h
Outdated
There was a problem hiding this comment.
Renaming this to be the same as what reseed_prop_counter used to be called seems like its going to be a source of errors when we cherry pick fixes from our new version to the 1.1.1 version.
There was a problem hiding this comment.
This is a bit unfortunate :) I will change it back and not match the standard :(
There was a problem hiding this comment.
Well you could give it a different name that is almost the same as the standard (e.g. some suffix or other). Just calling it exactly the same as what something else was called sounds like a recipe for problems.
crypto/rand/drbg_hmac.c
Outdated
crypto/rand/drbg_hmac.c
Outdated
crypto/rand/drbg_hmac.c
Outdated
There was a problem hiding this comment.
Where does this number come from?
There was a problem hiding this comment.
Added the following comments:
This one is a general one added up higher..
/* These are taken from SP 800-90 10.1 Table 2 */
/* Maximum number of bits per request = 2^19 = 2^16 bytes */
crypto/rand/drbg_lib.c
Outdated
crypto/rand/drbg_lib.c
Outdated
There was a problem hiding this comment.
Here we get a RANDerr call but nowhere else!
There was a problem hiding this comment.
Do you mean there are no RANDerr calls in drbg_ctr/drbg_hmac/drbg_hash?
There was a problem hiding this comment.
Yes - that's my point. It seems inconsistent that there are no RANDerr calls elsewhere, but there is here. Not sure what the answer is - just pointing it out.
slontis
force-pushed
the
drbg
branch
2 times, most recently
from
dc1a287 to
17000d0
Compare
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
I suspect some compilers will complain about the truncation here (size_t -> unsigned char) - even though we know it is safe. Might need a cast on each of these four lines, e.g.
tmp[tmp_sz++] = (unsigned char)(num_bits_returned & 0xff);
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
elseon same line as }. Also we need {} around the return 0 because we use them above (if you use {} on one branch, you must use them on all branches).
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
We never use OPENSSL_assert anymore (at least in the libraries). Use ossl_assert instead (or possibly just assert).
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
Possible cast required here (unsigned char)?
crypto/rand/drbg_hash.c
Outdated
There was a problem hiding this comment.
On all the other lines above you've used ctx, but here its hash->ctx. Why?
crypto/rand/drbg_hash.c
Outdated
crypto/rand/drbg_lib.c
Outdated
crypto/rand/drbg_lib.c
Outdated
There was a problem hiding this comment.
Yes - that's my point. It seems inconsistent that there are no RANDerr calls elsewhere, but there is here. Not sure what the answer is - just pointing it out.
include/openssl/rand_drbg.h
Outdated
There was a problem hiding this comment.
I have moved them down - I wanted to logically seperate the last 3 flags from the other flags - but it doesnt really matter.
There was a problem hiding this comment.
I think I will leave the RANDerr call alone for now.. I think this is probably an issue across the entire code base that needs to be addressed.
…ter/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests
mattcaswell
left a comment
mattcaswell
left a comment
There was a problem hiding this comment.
Approved. Ping @openssl/committers for second review
|
Merged. Thanks everyone. |
…ter/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #6779)
| calls are required to set the types to different values. If none of these 3 | ||
| flags are used, then the same type and flags are used for all 3 DRBG's in the | ||
| B<drbg> chain (<master>, <public> and <private>). The default used if this | ||
| method is not called is to use RAND_DRBG_FLAGS. |
There was a problem hiding this comment.
This last sentence isn't making much sense to me.
There was a problem hiding this comment.
Maybe it's not related to the 3 options above, and you want to write that after the =back? And it's probably more useful to say that the default is that all 3 DRBGs act as none of the options are set.
There was a problem hiding this comment.
I could probably just shift it up to where it says
'If this method is not called then the default type is given by RAND_DRBG_TYPE.'
and change it to..
'If this method is not called then the default type is given by NID_aes_256_ctr and the default flags are zero.'
| NID_sha256, NID_sha384, NID_sha512, NID_sha512_224, NID_sha512_256, | ||
| NID_sha3_224, NID_sha3_256, NID_sha3_384 or NID_sha3_512. | ||
|
|
||
| If this method is not called then the default type is given by RAND_DRBG_TYPE. |
There was a problem hiding this comment.
This really doesn't tell anything, maybe explicitly say NID_aes_256_ctr?
| drbg->meth->uninstantiate(drbg); | ||
| return RAND_DRBG_set(drbg, drbg->type, drbg->flags); | ||
|
|
||
| /* The reset uses the default values for type and flags */ |
There was a problem hiding this comment.
The commit comment explains why it does this. i.e-
The uninstantiate() has been changed so that it can use any new defaults for type, flags. This mainly allows testing of different set_defaults (which you can’t really do any other way since the getters are static init_once methods that have Cleanups that only run on exit). (The uninstatiate() used to just clear the internal state and reset it back to the same type and flags).
There is also a set(type, flags) that can be also used to change the type & flags to a different DRBG. The set also now calls uninstatiate if required.
There was a problem hiding this comment.
The commit message doesn't explain it, it's rather short.
The effect of this is if you did a RAND_DRBG_set(), and you uninstantiate it, it gets overridden by defaults now, which might be unexpected.
|
|
||
| if (drbg->reseed_interval > 0) { | ||
| if (drbg->generate_counter >= drbg->reseed_interval) | ||
| if (drbg->reseed_gen_counter > drbg->reseed_interval) |
There was a problem hiding this comment.
The counter starts at 1 instead of zero now.
(The value is actually used by the Hash DRBG)
5 participants
I have not attempted to create any new API's, so some values have been added into flags parameters.
i.e-
(1) The DRBG_hmac uses the same type (nid's) as DRBG_hash - It just uses an additional flag to select HMAC.
(2) Since the DRBG’s don’t actually get setup until they are accessed via …master_get0() etc, the set_defaults() can be called multiple times to set default (type and flags) for master, public and private DRBG’s before they are used.
The uninstantiate() has been changed so that it can use any new defaults for type, flags. This mainly allows testing of different set_defaults (which you can’t really do any other way since the getters are static init_once methods that have Cleanups that only run on exit). (The uninstatiate() used to just clear the internal state and reset it back to the same type and flags).
There is also a set(type, flags) that can be also used to change the type & flags to a different DRBG. The set also now calls uninstatiate if required.
Checklist