Initial implementation of seed-src handling for wolfprovider #350
Conversation
padelsbach
left a comment
padelsbach
left a comment
There was a problem hiding this comment.
first round of comments submitted ...
| @@ -0,0 +1,484 @@ | |||
| /* test_drbg_seed_src.c | |||
There was a problem hiding this comment.
Consider naming this file test_rand_seed.c or similar for consistency with test_rand.c
| BIO_METHOD *coreBioMethod; | ||
| } WOLFPROV_CTX; | ||
|
|
||
| #ifdef WP_HAVE_SEED_SRC |
There was a problem hiding this comment.
Do we also need to gate this with WP_HAVE_RANDOM?
| extern const OSSL_DISPATCH wp_tls1_prf_keyexch_functions[]; | ||
|
|
||
| /* DRBG implementations. */ | ||
| #ifdef WP_HAVE_SEED_SRC |
There was a problem hiding this comment.
Consider naming this WP_HAVE_RANDOM_SEED or similar for consistency with WP_HAVE_RANDOM
| /** Parent's clear_seed function. */ | ||
| OSSL_FUNC_rand_clear_seed_fn* parentClearSeed; | ||
| /** Whether we have a parent DRBG. */ | ||
| int hasParent; |
There was a problem hiding this comment.
hasParent is only used in one location. Can we use parentGetSeed != NULL instead?
| * | ||
| * @param [in] provCtx Provider context. | ||
| * @param [in] provCtx Provider context. | ||
| * @param [in] parent Parent DRBG context for getting entropy. |
There was a problem hiding this comment.
I'm not seeing where the parent and parentDispatch params are passed in. Can you point me to that?
|
|
||
| (void)os; | ||
|
|
||
| #ifndef WP_SINGLE_THREADED |
There was a problem hiding this comment.
Consider a wrapper function to avoid the ifdefs
| size_t seedLen) | ||
| { | ||
| (void)ctx; | ||
| OPENSSL_secure_clear_free(seed, seedLen); |
There was a problem hiding this comment.
Do we need to go back to EVP_RAND_STATE_UNINITIALISED here?
2 participants
Adds optional SEED-SRC provider algorithm that caches /dev/urandom file handle for fork-safe entropy, matching OpenSSL's default provider behavior. This enables wolfProvider to work in seccomp-sandboxed applications like OpenSSH where openat() is blocked after fork.
Key features:
Lazy /dev/urandom open on first entropy request
Thread-safe with mutex protection
Registers wolfSSL seed callback for fork detection
Disabled by default, enable with --enable-seed-src