2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/evp.h>
14 #include <openssl/engine.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/rand.h>
18 #include <openssl/core.h>
19 #include <openssl/core_names.h>
20 #include <openssl/crypto.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
23 #include "internal/cryptlib.h"
24 #include "internal/numbers.h"
25 #include "internal/provider.h"
26 #include "evp_local.h"
28 static int evp_rand_up_ref(void *vrand)
30 EVP_RAND *rand = (EVP_RAND *)vrand;
34 return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock);
38 static void evp_rand_free(void *vrand){
39 EVP_RAND *rand = (EVP_RAND *)vrand;
43 CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock);
45 ossl_provider_free(rand->prov);
46 CRYPTO_THREAD_lock_free(rand->refcnt_lock);
52 static void *evp_rand_new(void)
54 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
57 || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
65 /* Enable locking of the underlying DRBG/RAND if available */
66 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
68 if (rand->meth->enable_locking != NULL)
69 return rand->meth->enable_locking(rand->data);
70 EVPerr(0, EVP_R_LOCKING_NOT_SUPPORTED);
74 /* Lock the underlying DRBG/RAND if available */
75 static int evp_rand_lock(EVP_RAND_CTX *rand)
77 if (rand->meth->lock != NULL)
78 return rand->meth->lock(rand->data);
82 /* Unlock the underlying DRBG/RAND if available */
83 static void evp_rand_unlock(EVP_RAND_CTX *rand)
85 if (rand->meth->unlock != NULL)
86 rand->meth->unlock(rand->data);
89 static void *evp_rand_from_dispatch(int name_id,
90 const OSSL_DISPATCH *fns,
93 EVP_RAND *rand = NULL;
94 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0;
99 if ((rand = evp_rand_new()) == NULL) {
100 EVPerr(0, ERR_R_MALLOC_FAILURE);
103 rand->name_id = name_id;
104 rand->dispatch = fns;
105 for (; fns->function_id != 0; fns++) {
106 switch (fns->function_id) {
107 case OSSL_FUNC_RAND_NEWCTX:
108 if (rand->newctx != NULL)
110 rand->newctx = OSSL_get_OP_rand_newctx(fns);
113 case OSSL_FUNC_RAND_FREECTX:
114 if (rand->freectx != NULL)
116 rand->freectx = OSSL_get_OP_rand_freectx(fns);
119 case OSSL_FUNC_RAND_INSTANTIATE:
120 if (rand->instantiate != NULL)
122 rand->instantiate = OSSL_get_OP_rand_instantiate(fns);
125 case OSSL_FUNC_RAND_UNINSTANTIATE:
126 if (rand->uninstantiate != NULL)
128 rand->uninstantiate = OSSL_get_OP_rand_uninstantiate(fns);
131 case OSSL_FUNC_RAND_GENERATE:
132 if (rand->generate != NULL)
134 rand->generate = OSSL_get_OP_rand_generate(fns);
137 case OSSL_FUNC_RAND_RESEED:
138 if (rand->reseed != NULL)
140 rand->reseed = OSSL_get_OP_rand_reseed(fns);
142 case OSSL_FUNC_RAND_NONCE:
143 if (rand->nonce != NULL)
145 rand->nonce = OSSL_get_OP_rand_nonce(fns);
147 case OSSL_FUNC_RAND_SET_CALLBACKS:
148 if (rand->set_callbacks != NULL)
150 rand->set_callbacks = OSSL_get_OP_rand_set_callbacks(fns);
152 case OSSL_FUNC_RAND_ENABLE_LOCKING:
153 if (rand->enable_locking != NULL)
155 rand->enable_locking = OSSL_get_OP_rand_enable_locking(fns);
158 case OSSL_FUNC_RAND_LOCK:
159 if (rand->lock != NULL)
161 rand->lock = OSSL_get_OP_rand_lock(fns);
164 case OSSL_FUNC_RAND_UNLOCK:
165 if (rand->unlock != NULL)
167 rand->unlock = OSSL_get_OP_rand_unlock(fns);
170 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
171 if (rand->gettable_params != NULL)
173 rand->gettable_params =
174 OSSL_get_OP_rand_gettable_params(fns);
176 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
177 if (rand->gettable_ctx_params != NULL)
179 rand->gettable_ctx_params =
180 OSSL_get_OP_rand_gettable_ctx_params(fns);
182 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
183 if (rand->settable_ctx_params != NULL)
185 rand->settable_ctx_params =
186 OSSL_get_OP_rand_settable_ctx_params(fns);
188 case OSSL_FUNC_RAND_GET_PARAMS:
189 if (rand->get_params != NULL)
191 rand->get_params = OSSL_get_OP_rand_get_params(fns);
193 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
194 if (rand->get_ctx_params != NULL)
196 rand->get_ctx_params = OSSL_get_OP_rand_get_ctx_params(fns);
198 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
199 if (rand->set_ctx_params != NULL)
201 rand->set_ctx_params = OSSL_get_OP_rand_set_ctx_params(fns);
203 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
204 if (rand->verify_zeroization != NULL)
206 rand->verify_zeroization = OSSL_get_OP_rand_verify_zeroization(fns);
214 * In order to be a consistent set of functions we must have at least
215 * a complete set of "rand" functions and a complete set of context
216 * management functions. In FIPS mode, we also require the zeroization
217 * verification function.
219 * In addition, if locking can be enabled, we need a complete set of
224 || (fnlockcnt != 0 && fnlockcnt != 3)
230 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
234 if (prov != NULL && !ossl_provider_up_ref(prov)) {
236 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
244 EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm,
245 const char *properties)
247 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
248 evp_rand_from_dispatch, evp_rand_up_ref,
252 int EVP_RAND_up_ref(EVP_RAND *rand)
254 return evp_rand_up_ref(rand);
257 void EVP_RAND_free(EVP_RAND *rand)
262 int EVP_RAND_number(const EVP_RAND *rand)
264 return rand->name_id;
267 const char *EVP_RAND_name(const EVP_RAND *rand)
269 return evp_first_name(rand->prov, rand->name_id);
272 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
274 return evp_is_a(rand->prov, rand->name_id, NULL, name);
277 const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand)
282 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
284 if (rand->get_params != NULL)
285 return rand->get_params(params);
289 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
292 void *parent_ctx = NULL;
293 const OSSL_DISPATCH *parent_dispatch = NULL;
296 EVPerr(0, EVP_R_INVALID_NULL_ALGORITHM);
300 ctx = OPENSSL_zalloc(sizeof(*ctx));
302 EVPerr(0, ERR_R_MALLOC_FAILURE);
305 if (parent != NULL) {
306 if (!EVP_RAND_enable_locking(parent)) {
307 EVPerr(0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING);
311 parent_ctx = parent->data;
312 parent_dispatch = parent->meth->dispatch;
314 if ((ctx->data = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
315 parent_dispatch)) == NULL
316 || !EVP_RAND_up_ref(rand)) {
317 EVPerr(0, ERR_R_MALLOC_FAILURE);
318 rand->freectx(ctx->data);
326 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
329 ctx->meth->freectx(ctx->data);
331 EVP_RAND_free(ctx->meth);
336 EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx)
341 int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
345 if (ctx->meth->get_ctx_params != NULL) {
346 if (!evp_rand_lock(ctx))
348 res = ctx->meth->get_ctx_params(ctx->data, params);
349 evp_rand_unlock(ctx);
354 int EVP_RAND_set_ctx_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
358 if (ctx->meth->set_ctx_params != NULL) {
359 if (!evp_rand_lock(ctx))
361 res = ctx->meth->set_ctx_params(ctx->data, params);
362 evp_rand_unlock(ctx);
363 /* Clear out the cache state because the values can change on a set */
365 ctx->max_request = 0;
370 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
372 return rand->gettable_params == NULL ? NULL : rand->gettable_params();
375 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
377 return rand->gettable_ctx_params == NULL ? NULL
378 : rand->gettable_ctx_params();
381 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
383 return rand->settable_ctx_params == NULL ? NULL
384 :rand->settable_ctx_params();
387 void EVP_RAND_do_all_provided(OPENSSL_CTX *libctx,
388 void (*fn)(EVP_RAND *rand, void *arg),
391 evp_generic_do_all(libctx, OSSL_OP_RAND,
392 (void (*)(void *, void *))fn, arg,
393 evp_rand_from_dispatch, evp_rand_free);
396 void EVP_RAND_names_do_all(const EVP_RAND *rand,
397 void (*fn)(const char *name, void *data),
400 if (rand->prov != NULL)
401 evp_names_do_all(rand->prov, rand->name_id, fn, data);
404 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
405 int prediction_resistance,
406 const unsigned char *pstr, size_t pstr_len)
410 if (!evp_rand_lock(ctx))
412 res = ctx->meth->instantiate(ctx->data, strength, prediction_resistance,
414 evp_rand_unlock(ctx);
418 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
422 if (!evp_rand_lock(ctx))
424 res = ctx->meth->uninstantiate(ctx->data);
425 evp_rand_unlock(ctx);
429 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
430 unsigned int strength, int prediction_resistance,
431 const unsigned char *addin, size_t addin_len)
434 OSSL_PARAM params[2];
437 if (!evp_rand_lock(ctx))
439 if (ctx->max_request == 0) {
440 params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST,
442 params[1] = OSSL_PARAM_construct_end();
443 if (!EVP_RAND_get_ctx_params(ctx, params) || chunk == 0) {
444 EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
447 ctx->max_request = chunk;
449 for (; outlen > 0; outlen -= chunk, out += chunk) {
450 chunk = outlen > ctx->max_request ? ctx->max_request : outlen;
451 if (!ctx->meth->generate(ctx->data, out, chunk, strength,
452 prediction_resistance, addin, addin_len)) {
453 EVPerr(0, EVP_R_GENERATE_ERROR);
457 * Prediction resistance is only relevant the first time around,
458 * subsequently, the DRBG has already been properly reseeded.
460 prediction_resistance = 0;
464 evp_rand_unlock(ctx);
468 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
469 const unsigned char *ent, size_t ent_len,
470 const unsigned char *addin, size_t addin_len)
474 if (!evp_rand_lock(ctx))
476 if (ctx->meth->reseed != NULL)
477 res = ctx->meth->reseed(ctx->data, prediction_resistance,
478 ent, ent_len, addin, addin_len);
479 evp_rand_unlock(ctx);
483 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
486 unsigned int str = EVP_RAND_strength(ctx);
488 if (!evp_rand_lock(ctx))
490 if (ctx->meth->nonce == NULL
491 || !ctx->meth->nonce(ctx->data, out, str, outlen, outlen))
492 res = ctx->meth->generate(ctx->data, out, outlen, str, 0, NULL, 0);
493 evp_rand_unlock(ctx);
497 unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx)
499 OSSL_PARAM params[2];
503 if (ctx->strength == 0) {
504 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &t);
505 params[1] = OSSL_PARAM_construct_end();
506 if (!evp_rand_lock(ctx))
508 res = EVP_RAND_get_ctx_params(ctx, params);
509 evp_rand_unlock(ctx);
514 return ctx->strength;
517 int EVP_RAND_state(EVP_RAND_CTX *ctx)
519 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
522 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE,
524 if (!evp_rand_lock(ctx))
526 res = EVP_RAND_get_ctx_params(ctx, params);
527 evp_rand_unlock(ctx);
529 status = EVP_RAND_STATE_ERROR;
533 int EVP_RAND_set_callbacks(EVP_RAND_CTX *ctx,
534 OSSL_INOUT_CALLBACK *get_entropy,
535 OSSL_CALLBACK *cleanup_entropy,
536 OSSL_INOUT_CALLBACK *get_nonce,
537 OSSL_CALLBACK *cleanup_nonce, void *arg)
539 if (ctx->meth->set_callbacks == NULL) {
540 EVPerr(0, EVP_R_UNABLE_TO_SET_CALLBACKS);
543 ctx->meth->set_callbacks(ctx->data, get_entropy, cleanup_entropy,
544 get_nonce, cleanup_nonce, arg);
548 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
552 if (ctx->meth->verify_zeroization != NULL) {
553 if (!evp_rand_lock(ctx))
555 res = ctx->meth->verify_zeroization(ctx->data);
556 evp_rand_unlock(ctx);