Prepare the RAND code for moving into the FIPS module#9039
Prepare the RAND code for moving into the FIPS module#9039mattcaswell wants to merge 5 commits intoopenssl:masterfrom
Conversation
crypto/init.c
Outdated
There was a problem hiding this comment.
This could be implemented using a provider wide set_params...
|
At a first quick look through, this looks ok, but I frankly don't know this code enough. @mspncp, would you mind having a look? |
|
Rebase needed for CIs |
|
Rebased as requested. |
I started taking a look and immediately my gut instinct tells me that it's not happy about this proliferation of |
|
|
Might be an improvement over the "Microsoft disease" of adding exes to API functions. But I think the problem lies deeper... |
I'm inclined to agree. The question is what alternative is there? A per thread context might be workable but represents a significant departure from where things were headed. |
My thoughts go in this direction. However, it will still be a library context not a thread context. Only the pointer to the current library context will be implemented as thread local variable and there needs to be a simple and consistent way to activate a new context at library boundaries. (These activations need to be stacked.) I'll try to figure out more details, but I first need to understand the current state of the implementation better.
Well, it's not too late yet to change things: (taken from @t8m's email footer) |
|
For most APIs (such as EVP) its not too much of a problem. There are plenty of existing FOO_CTX objects that get passed to the various function calls, and therefore you only need a relatively small number of additional functions to associate those FOO_CTX objects with an OPENSSL_CTX - and then suddenly all those functions have the required access to OPENSSL_CTX. The RAND API is a little different because there is no RAND_CTX concept - so there are more functions that need to change to add support for it. Personally I don't see this as too much of a problem. I'm not particularly fond of the "_ex" naming scheme, so I'm certainly open to alternative suggestions. |
|
Rebased again due to yet more conflicts with master |
I see. That makes things a lot simpler and will (hopefully) make thread-local implicit library contexts dispensable.
If this is your only problem, then the solution is easy: Just use openssl/include/openssl/ossl_typ.h Line 124 in ff8029c The openssl/crypto/rand/rand_lcl.h Lines 193 to 197 in 8094a69 Note: In the times of the Fips Object Module 2.0, the Line 76 in d11e6a4 ... but this terminology was dropped by me in favor of the newer "OpenSSL class" pattern ( |
|
Providers should stick to using the Then the only thing which remains to do is to redirect the RAND methods to the FIPS provider DRBGs when FIPS mode is enabled. |
Hmm. Right. That does make sense. I'll look into that. |
|
It's worth mentioning that in Russia we must (and even MUST) to provide our own certified RNGs. Currently we are able to do it via engines, and we need this possibility via providers. |
That is the plan (although you don't get it through this PR). |
|
Side note: The naturally turn into accessors for the (The zero in |
|
Side note 2: Most of the modern style OpenSSL "classes" follow the For that reason (and for brevity), I would suggest to rename |
It is what is used throughout OpenSSL. Please don't add a new convention; the API is hard enough to understand already. |
side note: I've always wondered what will happen when we need to extend a function that already has |
|
@levitte what is the correct interpretation of your statement?
|
I don't intend to create new conventions, but I'd rather avoid adding meaningless |
|
I'm not strictly opposed to |
Why do you think it is unnecessary? It seems to fit the intended meaning here? |
In preparation for moving the RAND code into the FIPS module we make drbg_lib.c OPENSSL_CTX aware.
This is in preparation for moving this code inside the FIPS module.
It was previously rand_lib but it makes more sense in drbg_lib.c since all the functions that use this lock are only ever called from drbg_lib.c We add some FIPS_MODE defines in preparation for later moving this code into the FIPS module.
Various functions have been added that take an OPENSSL_CTX parameter as a result of moving the RAND code into the FIPS module. We document all of those functions.
Unnecessary only in the sense that DRBG's are never up-rev'ed, so there is no need to distinguish between those two cases. But if you prefer the |
|
To me it implies more than just whether an object has been up-ref'd or not. It implies ownership. With a get0 you should not free the returned object explicitly. With a get1 you should. That applies whether or not the object in question is ref counted or not. So, I prefer to keep it because it makes the intended memory semantics clearer. |
|
Quite frankly, the get0/get1 and set0/set1 naming scheme isn't very intuitive. We who have been part of the project for a while know what they mean (and still get it wrong at times), but for someone new to the mind-set? It's kinda horrible, really... |
|
I agree it's not great but don't change it, fix it by adding more docs and cross-referencing all manpages with a [sg]et[01] API to point to the new man7 page. |
|
Once you get accustomed to it, it is a help. And it is an improvement, because before this convention was introduced, there were far too many other functions introduced with unclear memory semantics. So I agree with @mattcaswell and @richsalz that we should better stick to it. |
|
I've removed the parts of this PR that added a lot of the _ex functions and restricted the changes to just the RAND_DRBG API. This will mean that any code brought into the FIPS module will have to be updated to use that API instead...but that's ok. I also renamed the functions as suggested to |
|
|
||
| #include <openssl/rand_drbg.h> | ||
|
|
||
| RAND_DRBG *RAND_DRBG_new_ex(OPENSSL_CTX *ctx, |
There was a problem hiding this comment.
Hmm. I'm dubious about adding that as a new convention. What if I later have to extend FOO_CTX_new() to add an OPENSSL_CTX param? Calling it FOO_CTX_ctx_new sounds odd.
| return NULL; | ||
|
|
||
| if (!CRYPTO_THREAD_init_local(&dgbl->private_drbg, NULL)) | ||
| goto err1; |
There was a problem hiding this comment.
I would prefer seeing the CRYPTO_THREAD_cleanup_local() implementations checked for NULL, rather than doing this. It looks like basic code :)
There was a problem hiding this comment.
I don't believe this is possible. &dgbl->private_drbg here will never be NULL even if it has not been initialised by CRYPTO_THREAD_init_local. The contents of dgbl->private_drbg might have a zero value because it has been "zalloc'd". But we do not know whether 0 is an invalid value or not for the local platform threading scheme - so it would not be correct for CRYPTO_THREAD_cleanup_local to check for 0.
| return dgbl; | ||
|
|
||
| err3: | ||
| CRYPTO_THREAD_cleanup_local(&dgbl->public_drbg); |
There was a problem hiding this comment.
Not possible because I need to have the different entry points for the error handing (err1/err2/err3).
| static size_t crngt_case, crngt_idx; | ||
|
|
||
| static int crngt_entropy_cb(unsigned char *buf, unsigned char *md, | ||
| static int crngt_entropy_cb(OPENSSL_CTX *ctx, unsigned char *buf, |
There was a problem hiding this comment.
Hmm - is this a backwards compatibility breaking change?
There was a problem hiding this comment.
No. This callback is only exposed because drbgtest.c includes rand_lcl.h
| crngt_case = n % crngt_num_cases; | ||
| crngt_idx = 0; | ||
| crngt_get_entropy = &crngt_entropy_cb; | ||
| if (!TEST_true(rand_crngt_init())) |
There was a problem hiding this comment.
What is the effect of removing these crngt calls?
There was a problem hiding this comment.
The CRNGT code should be automatically initialised when it attempts to get its data out of the OPENSSL_CTX for the first time. Similarly it is automatically cleaned up when the OPENSSL_CTX gets freed. Therefore there is no need to explicitly initialise and clean-up here.
|
Fix up commit pushed addressing the style nits. All other comments responded to above. |
|
Pushed. Thanks! |
In preparation for moving the RAND code into the FIPS module we make drbg_lib.c OPENSSL_CTX aware. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #9039)
This is in preparation for moving this code inside the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #9039)
It was previously rand_lib but it makes more sense in drbg_lib.c since all the functions that use this lock are only ever called from drbg_lib.c We add some FIPS_MODE defines in preparation for later moving this code into the FIPS module. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #9039)
Various functions have been added that take an OPENSSL_CTX parameter as a result of moving the RAND code into the FIPS module. We document all of those functions. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from #9039)
This is mostly about changing the way the RAND code initialises itself so that it is based on OPENSSL_CTX instead.
(Needed in order to move the RAND code into the FIPS provider - see #9035)