2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/core.h>
15 #include <openssl/core_names.h>
16 #include <openssl/crypto.h>
17 #include "internal/cryptlib.h"
18 #include "internal/numbers.h"
19 #include "internal/provider.h"
20 #include "internal/core.h"
21 #include "crypto/evp.h"
22 #include "evp_local.h"
28 const char *description;
29 CRYPTO_REF_COUNT refcnt;
31 const OSSL_DISPATCH *dispatch;
32 OSSL_FUNC_rand_newctx_fn *newctx;
33 OSSL_FUNC_rand_freectx_fn *freectx;
34 OSSL_FUNC_rand_instantiate_fn *instantiate;
35 OSSL_FUNC_rand_uninstantiate_fn *uninstantiate;
36 OSSL_FUNC_rand_generate_fn *generate;
37 OSSL_FUNC_rand_reseed_fn *reseed;
38 OSSL_FUNC_rand_nonce_fn *nonce;
39 OSSL_FUNC_rand_enable_locking_fn *enable_locking;
40 OSSL_FUNC_rand_lock_fn *lock;
41 OSSL_FUNC_rand_unlock_fn *unlock;
42 OSSL_FUNC_rand_gettable_params_fn *gettable_params;
43 OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params;
44 OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params;
45 OSSL_FUNC_rand_get_params_fn *get_params;
46 OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params;
47 OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params;
48 OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization;
49 OSSL_FUNC_rand_get_seed_fn *get_seed;
50 OSSL_FUNC_rand_clear_seed_fn *clear_seed;
53 static int evp_rand_up_ref(void *vrand)
55 EVP_RAND *rand = (EVP_RAND *)vrand;
59 return CRYPTO_UP_REF(&rand->refcnt, &ref);
63 static void evp_rand_free(void *vrand)
65 EVP_RAND *rand = (EVP_RAND *)vrand;
70 CRYPTO_DOWN_REF(&rand->refcnt, &ref);
73 OPENSSL_free(rand->type_name);
74 ossl_provider_free(rand->prov);
75 CRYPTO_FREE_REF(&rand->refcnt);
79 static void *evp_rand_new(void)
81 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
86 if (!CRYPTO_NEW_REF(&rand->refcnt, 1)) {
93 /* Enable locking of the underlying DRBG/RAND if available */
94 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
96 if (rand->meth->enable_locking != NULL)
97 return rand->meth->enable_locking(rand->algctx);
98 ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED);
102 /* Lock the underlying DRBG/RAND if available */
103 static int evp_rand_lock(EVP_RAND_CTX *rand)
105 if (rand->meth->lock != NULL)
106 return rand->meth->lock(rand->algctx);
110 /* Unlock the underlying DRBG/RAND if available */
111 static void evp_rand_unlock(EVP_RAND_CTX *rand)
113 if (rand->meth->unlock != NULL)
114 rand->meth->unlock(rand->algctx);
117 static void *evp_rand_from_algorithm(int name_id,
118 const OSSL_ALGORITHM *algodef,
121 const OSSL_DISPATCH *fns = algodef->implementation;
122 EVP_RAND *rand = NULL;
123 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0;
125 int fnzeroizecnt = 0;
128 if ((rand = evp_rand_new()) == NULL) {
129 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
132 rand->name_id = name_id;
133 if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
137 rand->description = algodef->algorithm_description;
138 rand->dispatch = fns;
139 for (; fns->function_id != 0; fns++) {
140 switch (fns->function_id) {
141 case OSSL_FUNC_RAND_NEWCTX:
142 if (rand->newctx != NULL)
144 rand->newctx = OSSL_FUNC_rand_newctx(fns);
147 case OSSL_FUNC_RAND_FREECTX:
148 if (rand->freectx != NULL)
150 rand->freectx = OSSL_FUNC_rand_freectx(fns);
153 case OSSL_FUNC_RAND_INSTANTIATE:
154 if (rand->instantiate != NULL)
156 rand->instantiate = OSSL_FUNC_rand_instantiate(fns);
159 case OSSL_FUNC_RAND_UNINSTANTIATE:
160 if (rand->uninstantiate != NULL)
162 rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns);
165 case OSSL_FUNC_RAND_GENERATE:
166 if (rand->generate != NULL)
168 rand->generate = OSSL_FUNC_rand_generate(fns);
171 case OSSL_FUNC_RAND_RESEED:
172 if (rand->reseed != NULL)
174 rand->reseed = OSSL_FUNC_rand_reseed(fns);
176 case OSSL_FUNC_RAND_NONCE:
177 if (rand->nonce != NULL)
179 rand->nonce = OSSL_FUNC_rand_nonce(fns);
181 case OSSL_FUNC_RAND_ENABLE_LOCKING:
182 if (rand->enable_locking != NULL)
184 rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns);
187 case OSSL_FUNC_RAND_LOCK:
188 if (rand->lock != NULL)
190 rand->lock = OSSL_FUNC_rand_lock(fns);
193 case OSSL_FUNC_RAND_UNLOCK:
194 if (rand->unlock != NULL)
196 rand->unlock = OSSL_FUNC_rand_unlock(fns);
199 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
200 if (rand->gettable_params != NULL)
202 rand->gettable_params =
203 OSSL_FUNC_rand_gettable_params(fns);
205 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
206 if (rand->gettable_ctx_params != NULL)
208 rand->gettable_ctx_params =
209 OSSL_FUNC_rand_gettable_ctx_params(fns);
211 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
212 if (rand->settable_ctx_params != NULL)
214 rand->settable_ctx_params =
215 OSSL_FUNC_rand_settable_ctx_params(fns);
217 case OSSL_FUNC_RAND_GET_PARAMS:
218 if (rand->get_params != NULL)
220 rand->get_params = OSSL_FUNC_rand_get_params(fns);
222 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
223 if (rand->get_ctx_params != NULL)
225 rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns);
228 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
229 if (rand->set_ctx_params != NULL)
231 rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns);
233 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
234 if (rand->verify_zeroization != NULL)
236 rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns);
241 case OSSL_FUNC_RAND_GET_SEED:
242 if (rand->get_seed != NULL)
244 rand->get_seed = OSSL_FUNC_rand_get_seed(fns);
246 case OSSL_FUNC_RAND_CLEAR_SEED:
247 if (rand->clear_seed != NULL)
249 rand->clear_seed = OSSL_FUNC_rand_clear_seed(fns);
254 * In order to be a consistent set of functions we must have at least
255 * a complete set of "rand" functions and a complete set of context
256 * management functions. In FIPS mode, we also require the zeroization
257 * verification function.
259 * In addition, if locking can be enabled, we need a complete set of
264 || (fnenablelockcnt != 0 && fnenablelockcnt != 1)
265 || (fnlockcnt != 0 && fnlockcnt != 2)
271 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
275 if (prov != NULL && !ossl_provider_up_ref(prov)) {
277 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
285 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
286 const char *properties)
288 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
289 evp_rand_from_algorithm, evp_rand_up_ref,
293 int EVP_RAND_up_ref(EVP_RAND *rand)
295 return evp_rand_up_ref(rand);
298 void EVP_RAND_free(EVP_RAND *rand)
303 int evp_rand_get_number(const EVP_RAND *rand)
305 return rand->name_id;
308 const char *EVP_RAND_get0_name(const EVP_RAND *rand)
310 return rand->type_name;
313 const char *EVP_RAND_get0_description(const EVP_RAND *rand)
315 return rand->description;
318 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
320 return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name);
323 const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand)
328 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
330 if (rand->get_params != NULL)
331 return rand->get_params(params);
335 int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx)
339 return CRYPTO_UP_REF(&ctx->refcnt, &ref);
342 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
345 void *parent_ctx = NULL;
346 const OSSL_DISPATCH *parent_dispatch = NULL;
349 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
353 ctx = OPENSSL_zalloc(sizeof(*ctx));
356 if (!CRYPTO_NEW_REF(&ctx->refcnt, 1)) {
360 if (parent != NULL) {
361 if (!EVP_RAND_CTX_up_ref(parent)) {
362 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
363 CRYPTO_FREE_REF(&ctx->refcnt);
367 parent_ctx = parent->algctx;
368 parent_dispatch = parent->meth->dispatch;
370 if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
371 parent_dispatch)) == NULL
372 || !EVP_RAND_up_ref(rand)) {
373 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
374 rand->freectx(ctx->algctx);
375 CRYPTO_FREE_REF(&ctx->refcnt);
377 EVP_RAND_CTX_free(parent);
381 ctx->parent = parent;
385 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
388 EVP_RAND_CTX *parent;
393 CRYPTO_DOWN_REF(&ctx->refcnt, &ref);
396 parent = ctx->parent;
397 ctx->meth->freectx(ctx->algctx);
399 EVP_RAND_free(ctx->meth);
400 CRYPTO_FREE_REF(&ctx->refcnt);
402 EVP_RAND_CTX_free(parent);
405 EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx)
410 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
413 return ctx->meth->get_ctx_params(ctx->algctx, params);
416 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
420 if (!evp_rand_lock(ctx))
422 res = evp_rand_get_ctx_params_locked(ctx, params);
423 evp_rand_unlock(ctx);
427 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
428 const OSSL_PARAM params[])
430 if (ctx->meth->set_ctx_params != NULL)
431 return ctx->meth->set_ctx_params(ctx->algctx, params);
435 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
439 if (!evp_rand_lock(ctx))
441 res = evp_rand_set_ctx_params_locked(ctx, params);
442 evp_rand_unlock(ctx);
446 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
448 if (rand->gettable_params == NULL)
450 return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand)));
453 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
457 if (rand->gettable_ctx_params == NULL)
459 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
460 return rand->gettable_ctx_params(NULL, provctx);
463 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
467 if (rand->settable_ctx_params == NULL)
469 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
470 return rand->settable_ctx_params(NULL, provctx);
473 const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx)
477 if (ctx->meth->gettable_ctx_params == NULL)
479 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
480 return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
483 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
487 if (ctx->meth->settable_ctx_params == NULL)
489 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
490 return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
493 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
494 void (*fn)(EVP_RAND *rand, void *arg),
497 evp_generic_do_all(libctx, OSSL_OP_RAND,
498 (void (*)(void *, void *))fn, arg,
499 evp_rand_from_algorithm, evp_rand_up_ref,
503 int EVP_RAND_names_do_all(const EVP_RAND *rand,
504 void (*fn)(const char *name, void *data),
507 if (rand->prov != NULL)
508 return evp_names_do_all(rand->prov, rand->name_id, fn, data);
513 static int evp_rand_instantiate_locked
514 (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
515 const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[])
517 return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance,
518 pstr, pstr_len, params);
521 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
522 int prediction_resistance,
523 const unsigned char *pstr, size_t pstr_len,
524 const OSSL_PARAM params[])
528 if (!evp_rand_lock(ctx))
530 res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance,
531 pstr, pstr_len, params);
532 evp_rand_unlock(ctx);
536 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
538 return ctx->meth->uninstantiate(ctx->algctx);
541 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
545 if (!evp_rand_lock(ctx))
547 res = evp_rand_uninstantiate_locked(ctx);
548 evp_rand_unlock(ctx);
552 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
553 size_t outlen, unsigned int strength,
554 int prediction_resistance,
555 const unsigned char *addin,
558 size_t chunk, max_request = 0;
559 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
561 params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
563 if (!evp_rand_get_ctx_params_locked(ctx, params)
564 || max_request == 0) {
565 ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
568 for (; outlen > 0; outlen -= chunk, out += chunk) {
569 chunk = outlen > max_request ? max_request : outlen;
570 if (!ctx->meth->generate(ctx->algctx, out, chunk, strength,
571 prediction_resistance, addin, addin_len)) {
572 ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR);
576 * Prediction resistance is only relevant the first time around,
577 * subsequently, the DRBG has already been properly reseeded.
579 prediction_resistance = 0;
584 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
585 unsigned int strength, int prediction_resistance,
586 const unsigned char *addin, size_t addin_len)
590 if (!evp_rand_lock(ctx))
592 res = evp_rand_generate_locked(ctx, out, outlen, strength,
593 prediction_resistance, addin, addin_len);
594 evp_rand_unlock(ctx);
598 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
599 const unsigned char *ent, size_t ent_len,
600 const unsigned char *addin, size_t addin_len)
602 if (ctx->meth->reseed != NULL)
603 return ctx->meth->reseed(ctx->algctx, prediction_resistance,
604 ent, ent_len, addin, addin_len);
608 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
609 const unsigned char *ent, size_t ent_len,
610 const unsigned char *addin, size_t addin_len)
614 if (!evp_rand_lock(ctx))
616 res = evp_rand_reseed_locked(ctx, prediction_resistance,
617 ent, ent_len, addin, addin_len);
618 evp_rand_unlock(ctx);
622 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx)
624 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
625 unsigned int strength = 0;
627 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
628 if (!evp_rand_get_ctx_params_locked(ctx, params))
633 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx)
637 if (!evp_rand_lock(ctx))
639 res = evp_rand_strength_locked(ctx);
640 evp_rand_unlock(ctx);
644 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
647 unsigned int str = evp_rand_strength_locked(ctx);
649 if (ctx->meth->nonce == NULL)
651 if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
653 return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
656 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
660 if (!evp_rand_lock(ctx))
662 res = evp_rand_nonce_locked(ctx, out, outlen);
663 evp_rand_unlock(ctx);
667 int EVP_RAND_get_state(EVP_RAND_CTX *ctx)
669 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
672 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state);
673 if (!EVP_RAND_CTX_get_params(ctx, params))
674 state = EVP_RAND_STATE_ERROR;
678 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
680 if (ctx->meth->verify_zeroization != NULL)
681 return ctx->meth->verify_zeroization(ctx->algctx);
685 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
689 if (!evp_rand_lock(ctx))
691 res = evp_rand_verify_zeroization_locked(ctx);
692 evp_rand_unlock(ctx);
696 int evp_rand_can_seed(EVP_RAND_CTX *ctx)
698 return ctx->meth->get_seed != NULL;
701 static size_t evp_rand_get_seed_locked(EVP_RAND_CTX *ctx,
702 unsigned char **buffer,
704 size_t min_len, size_t max_len,
705 int prediction_resistance,
706 const unsigned char *adin,
709 if (ctx->meth->get_seed != NULL)
710 return ctx->meth->get_seed(ctx->algctx, buffer,
711 entropy, min_len, max_len,
712 prediction_resistance,
717 size_t evp_rand_get_seed(EVP_RAND_CTX *ctx,
718 unsigned char **buffer,
719 int entropy, size_t min_len, size_t max_len,
720 int prediction_resistance,
721 const unsigned char *adin, size_t adin_len)
725 if (!evp_rand_lock(ctx))
727 res = evp_rand_get_seed_locked(ctx,
729 entropy, min_len, max_len,
730 prediction_resistance,
732 evp_rand_unlock(ctx);
736 static void evp_rand_clear_seed_locked(EVP_RAND_CTX *ctx,
737 unsigned char *buffer, size_t b_len)
739 if (ctx->meth->clear_seed != NULL)
740 ctx->meth->clear_seed(ctx->algctx, buffer, b_len);
743 void evp_rand_clear_seed(EVP_RAND_CTX *ctx,
744 unsigned char *buffer, size_t b_len)
746 if (!evp_rand_lock(ctx))
748 evp_rand_clear_seed_locked(ctx, buffer, b_len);
749 evp_rand_unlock(ctx);