2 * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/crypto.h>
13 #include <openssl/err.h>
14 #include <openssl/rand.h>
15 #include <openssl/aes.h>
16 #include <openssl/proverr.h>
17 #include "crypto/modes.h"
18 #include "internal/thread_once.h"
19 #include "prov/implementations.h"
20 #include "prov/providercommon.h"
21 #include "prov/provider_ctx.h"
22 #include "drbg_local.h"
24 static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
25 static OSSL_FUNC_rand_freectx_fn drbg_ctr_free;
26 static OSSL_FUNC_rand_instantiate_fn drbg_ctr_instantiate_wrapper;
27 static OSSL_FUNC_rand_uninstantiate_fn drbg_ctr_uninstantiate_wrapper;
28 static OSSL_FUNC_rand_generate_fn drbg_ctr_generate_wrapper;
29 static OSSL_FUNC_rand_reseed_fn drbg_ctr_reseed_wrapper;
30 static OSSL_FUNC_rand_settable_ctx_params_fn drbg_ctr_settable_ctx_params;
31 static OSSL_FUNC_rand_set_ctx_params_fn drbg_ctr_set_ctx_params;
32 static OSSL_FUNC_rand_gettable_ctx_params_fn drbg_ctr_gettable_ctx_params;
33 static OSSL_FUNC_rand_get_ctx_params_fn drbg_ctr_get_ctx_params;
34 static OSSL_FUNC_rand_verify_zeroization_fn drbg_ctr_verify_zeroization;
37 * The state of a DRBG AES-CTR.
39 typedef struct rand_drbg_ctr_st {
40 EVP_CIPHER_CTX *ctx_ecb;
41 EVP_CIPHER_CTX *ctx_ctr;
42 EVP_CIPHER_CTX *ctx_df;
43 EVP_CIPHER *cipher_ecb;
44 EVP_CIPHER *cipher_ctr;
49 /* Temporary block storage used by ctr_df */
50 unsigned char bltmp[16];
56 * Implementation of NIST SP 800-90A CTR DRBG.
58 static void inc_128(PROV_DRBG_CTR *ctr)
60 unsigned char *p = &ctr->V[0];
71 static void ctr_XOR(PROV_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
75 if (in == NULL || inlen == 0)
79 * Any zero padding will have no effect on the result as we
80 * are XORing. So just process however much input we have.
82 n = inlen < ctr->keylen ? inlen : ctr->keylen;
83 for (i = 0; i < n; i++)
85 if (inlen <= ctr->keylen)
88 n = inlen - ctr->keylen;
90 /* Should never happen */
93 for (i = 0; i < n; i++)
94 ctr->V[i] ^= in[i + ctr->keylen];
98 * Process a complete block using BCC algorithm of SP 800-90A 10.3.3
100 __owur static int ctr_BCC_block(PROV_DRBG_CTR *ctr, unsigned char *out,
101 const unsigned char *in, int len)
103 int i, outlen = AES_BLOCK_SIZE;
105 for (i = 0; i < len; i++)
108 if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len)
116 * Handle several BCC operations for as much data as we need for K and X
118 __owur static int ctr_BCC_blocks(PROV_DRBG_CTR *ctr, const unsigned char *in)
120 unsigned char in_tmp[48];
121 unsigned char num_of_blk = 2;
123 memcpy(in_tmp, in, 16);
124 memcpy(in_tmp + 16, in, 16);
125 if (ctr->keylen != 16) {
126 memcpy(in_tmp + 32, in, 16);
129 return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk);
133 * Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
134 * see 10.3.1 stage 7.
136 __owur static int ctr_BCC_init(PROV_DRBG_CTR *ctr)
138 unsigned char bltmp[48] = {0};
139 unsigned char num_of_blk;
141 memset(ctr->KX, 0, 48);
142 num_of_blk = ctr->keylen == 16 ? 2 : 3;
143 bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1;
144 bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2;
145 return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE);
149 * Process several blocks into BCC algorithm, some possibly partial
151 __owur static int ctr_BCC_update(PROV_DRBG_CTR *ctr,
152 const unsigned char *in, size_t inlen)
154 if (in == NULL || inlen == 0)
157 /* If we have partial block handle it first */
158 if (ctr->bltmp_pos) {
159 size_t left = 16 - ctr->bltmp_pos;
161 /* If we now have a complete block process it */
163 memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);
164 if (!ctr_BCC_blocks(ctr, ctr->bltmp))
172 /* Process zero or more complete blocks */
173 for (; inlen >= 16; in += 16, inlen -= 16) {
174 if (!ctr_BCC_blocks(ctr, in))
178 /* Copy any remaining partial block to the temporary buffer */
180 memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);
181 ctr->bltmp_pos += inlen;
186 __owur static int ctr_BCC_final(PROV_DRBG_CTR *ctr)
188 if (ctr->bltmp_pos) {
189 memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);
190 if (!ctr_BCC_blocks(ctr, ctr->bltmp))
196 __owur static int ctr_df(PROV_DRBG_CTR *ctr,
197 const unsigned char *in1, size_t in1len,
198 const unsigned char *in2, size_t in2len,
199 const unsigned char *in3, size_t in3len)
201 static unsigned char c80 = 0x80;
203 unsigned char *p = ctr->bltmp;
204 int outlen = AES_BLOCK_SIZE;
206 if (!ctr_BCC_init(ctr))
214 inlen = in1len + in2len + in3len;
215 /* Initialise L||N in temporary block */
216 *p++ = (inlen >> 24) & 0xff;
217 *p++ = (inlen >> 16) & 0xff;
218 *p++ = (inlen >> 8) & 0xff;
221 /* NB keylen is at most 32 bytes */
225 *p = (unsigned char)((ctr->keylen + 16) & 0xff);
227 if (!ctr_BCC_update(ctr, in1, in1len)
228 || !ctr_BCC_update(ctr, in2, in2len)
229 || !ctr_BCC_update(ctr, in3, in3len)
230 || !ctr_BCC_update(ctr, &c80, 1)
231 || !ctr_BCC_final(ctr))
234 if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1))
236 /* X follows key K */
237 if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen,
239 || outlen != AES_BLOCK_SIZE)
241 if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX,
243 || outlen != AES_BLOCK_SIZE)
245 if (ctr->keylen != 16)
246 if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen,
247 ctr->KX + 16, AES_BLOCK_SIZE)
248 || outlen != AES_BLOCK_SIZE)
254 * NB the no-df Update in SP800-90A specifies a constant input length
255 * of seedlen, however other uses of this algorithm pad the input with
256 * zeroes if necessary and have up to two parameters XORed together,
257 * so we handle both cases in this function instead.
259 __owur static int ctr_update(PROV_DRBG *drbg,
260 const unsigned char *in1, size_t in1len,
261 const unsigned char *in2, size_t in2len,
262 const unsigned char *nonce, size_t noncelen)
264 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
265 int outlen = AES_BLOCK_SIZE;
266 unsigned char V_tmp[48], out[48];
269 /* correct key is already set up. */
270 memcpy(V_tmp, ctr->V, 16);
272 memcpy(V_tmp + 16, ctr->V, 16);
273 if (ctr->keylen == 16) {
277 memcpy(V_tmp + 32, ctr->V, 16);
280 if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len)
283 memcpy(ctr->K, out, ctr->keylen);
284 memcpy(ctr->V, out + ctr->keylen, 16);
287 /* If no input reuse existing derived value */
288 if (in1 != NULL || nonce != NULL || in2 != NULL)
289 if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))
291 /* If this a reuse input in1len != 0 */
293 ctr_XOR(ctr, ctr->KX, drbg->seedlen);
295 ctr_XOR(ctr, in1, in1len);
296 ctr_XOR(ctr, in2, in2len);
299 if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)
300 || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1))
305 static int drbg_ctr_instantiate(PROV_DRBG *drbg,
306 const unsigned char *entropy, size_t entropylen,
307 const unsigned char *nonce, size_t noncelen,
308 const unsigned char *pers, size_t perslen)
310 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
315 memset(ctr->K, 0, sizeof(ctr->K));
316 memset(ctr->V, 0, sizeof(ctr->V));
317 if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1))
321 if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
326 static int drbg_ctr_instantiate_wrapper(void *vdrbg, unsigned int strength,
327 int prediction_resistance,
328 const unsigned char *pstr,
330 const OSSL_PARAM params[])
332 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
334 if (!ossl_prov_is_running() || !drbg_ctr_set_ctx_params(drbg, params))
336 return ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance,
340 static int drbg_ctr_reseed(PROV_DRBG *drbg,
341 const unsigned char *entropy, size_t entropylen,
342 const unsigned char *adin, size_t adinlen)
344 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
350 if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
355 static int drbg_ctr_reseed_wrapper(void *vdrbg, int prediction_resistance,
356 const unsigned char *ent, size_t ent_len,
357 const unsigned char *adin, size_t adin_len)
359 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
361 return ossl_prov_drbg_reseed(drbg, prediction_resistance, ent, ent_len,
365 static void ctr96_inc(unsigned char *counter)
377 static int drbg_ctr_generate(PROV_DRBG *drbg,
378 unsigned char *out, size_t outlen,
379 const unsigned char *adin, size_t adinlen)
381 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
382 unsigned int ctr32, blocks;
385 if (adin != NULL && adinlen != 0) {
388 if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
390 /* This means we reuse derived value */
404 if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
409 memset(out, 0, outlen);
412 if (!EVP_CipherInit_ex(ctr->ctx_ctr,
413 NULL, NULL, NULL, ctr->V, -1))
417 * outlen has type size_t while EVP_CipherUpdate takes an
418 * int argument and thus cannot be guaranteed to process more
419 * than 2^31-1 bytes at a time. We process such huge generate
420 * requests in 2^30 byte chunks, which is the greatest multiple
421 * of AES block size lower than or equal to 2^31-1.
423 buflen = outlen > (1U << 30) ? (1U << 30) : outlen;
424 blocks = (buflen + 15) / 16;
426 ctr32 = GETU32(ctr->V + 12) + blocks;
427 if (ctr32 < blocks) {
428 /* 32-bit counter overflow into V. */
431 buflen = blocks * 16;
436 PUTU32(ctr->V + 12, ctr32);
438 if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen)
446 if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
451 static int drbg_ctr_generate_wrapper
452 (void *vdrbg, unsigned char *out, size_t outlen,
453 unsigned int strength, int prediction_resistance,
454 const unsigned char *adin, size_t adin_len)
456 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
458 return ossl_prov_drbg_generate(drbg, out, outlen, strength,
459 prediction_resistance, adin, adin_len);
462 static int drbg_ctr_uninstantiate(PROV_DRBG *drbg)
464 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
466 OPENSSL_cleanse(ctr->K, sizeof(ctr->K));
467 OPENSSL_cleanse(ctr->V, sizeof(ctr->V));
468 OPENSSL_cleanse(ctr->bltmp, sizeof(ctr->bltmp));
469 OPENSSL_cleanse(ctr->KX, sizeof(ctr->KX));
471 return ossl_prov_drbg_uninstantiate(drbg);
474 static int drbg_ctr_uninstantiate_wrapper(void *vdrbg)
476 return drbg_ctr_uninstantiate((PROV_DRBG *)vdrbg);
479 static int drbg_ctr_verify_zeroization(void *vdrbg)
481 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
482 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
484 PROV_DRBG_VERYIFY_ZEROIZATION(ctr->K);
485 PROV_DRBG_VERYIFY_ZEROIZATION(ctr->V);
486 PROV_DRBG_VERYIFY_ZEROIZATION(ctr->bltmp);
487 PROV_DRBG_VERYIFY_ZEROIZATION(ctr->KX);
488 if (ctr->bltmp_pos != 0)
493 static int drbg_ctr_init_lengths(PROV_DRBG *drbg)
495 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
498 /* Maximum number of bits per request = 2^19 = 2^16 bytes */
499 drbg->max_request = 1 << 16;
501 drbg->min_entropylen = 0;
502 drbg->max_entropylen = DRBG_MAX_LENGTH;
503 drbg->min_noncelen = 0;
504 drbg->max_noncelen = DRBG_MAX_LENGTH;
505 drbg->max_perslen = DRBG_MAX_LENGTH;
506 drbg->max_adinlen = DRBG_MAX_LENGTH;
508 if (ctr->keylen > 0) {
509 drbg->min_entropylen = ctr->keylen;
510 drbg->min_noncelen = drbg->min_entropylen / 2;
513 const size_t len = ctr->keylen > 0 ? drbg->seedlen : DRBG_MAX_LENGTH;
515 drbg->min_entropylen = len;
516 drbg->max_entropylen = len;
518 drbg->min_noncelen = 0;
519 drbg->max_noncelen = 0;
520 drbg->max_perslen = len;
521 drbg->max_adinlen = len;
526 static int drbg_ctr_init(PROV_DRBG *drbg)
528 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
531 if (ctr->cipher_ctr == NULL) {
532 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CIPHER);
535 ctr->keylen = keylen = EVP_CIPHER_get_key_length(ctr->cipher_ctr);
536 if (ctr->ctx_ecb == NULL)
537 ctr->ctx_ecb = EVP_CIPHER_CTX_new();
538 if (ctr->ctx_ctr == NULL)
539 ctr->ctx_ctr = EVP_CIPHER_CTX_new();
540 if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL) {
541 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
545 if (!EVP_CipherInit_ex(ctr->ctx_ecb,
546 ctr->cipher_ecb, NULL, NULL, NULL, 1)
547 || !EVP_CipherInit_ex(ctr->ctx_ctr,
548 ctr->cipher_ctr, NULL, NULL, NULL, 1)) {
549 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_INITIALISE_CIPHERS);
553 drbg->strength = keylen * 8;
554 drbg->seedlen = keylen + 16;
557 /* df initialisation */
558 static const unsigned char df_key[32] = {
559 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
560 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
561 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
562 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
565 if (ctr->ctx_df == NULL)
566 ctr->ctx_df = EVP_CIPHER_CTX_new();
567 if (ctr->ctx_df == NULL) {
568 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
571 /* Set key schedule for df_key */
572 if (!EVP_CipherInit_ex(ctr->ctx_df,
573 ctr->cipher_ecb, NULL, df_key, NULL, 1)) {
574 ERR_raise(ERR_LIB_PROV, PROV_R_DERIVATION_FUNCTION_INIT_FAILED);
578 return drbg_ctr_init_lengths(drbg);
581 EVP_CIPHER_CTX_free(ctr->ctx_ecb);
582 EVP_CIPHER_CTX_free(ctr->ctx_ctr);
583 ctr->ctx_ecb = ctr->ctx_ctr = NULL;
587 static int drbg_ctr_new(PROV_DRBG *drbg)
591 ctr = OPENSSL_secure_zalloc(sizeof(*ctr));
593 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
599 return drbg_ctr_init_lengths(drbg);
602 static void *drbg_ctr_new_wrapper(void *provctx, void *parent,
603 const OSSL_DISPATCH *parent_dispatch)
605 return ossl_rand_drbg_new(provctx, parent, parent_dispatch, &drbg_ctr_new,
606 &drbg_ctr_instantiate, &drbg_ctr_uninstantiate,
607 &drbg_ctr_reseed, &drbg_ctr_generate);
610 static void drbg_ctr_free(void *vdrbg)
612 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
615 if (drbg != NULL && (ctr = (PROV_DRBG_CTR *)drbg->data) != NULL) {
616 EVP_CIPHER_CTX_free(ctr->ctx_ecb);
617 EVP_CIPHER_CTX_free(ctr->ctx_ctr);
618 EVP_CIPHER_CTX_free(ctr->ctx_df);
619 EVP_CIPHER_free(ctr->cipher_ecb);
620 EVP_CIPHER_free(ctr->cipher_ctr);
622 OPENSSL_secure_clear_free(ctr, sizeof(*ctr));
624 ossl_rand_drbg_free(drbg);
627 static int drbg_ctr_get_ctx_params(void *vdrbg, OSSL_PARAM params[])
629 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
630 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)drbg->data;
633 p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_USE_DF);
634 if (p != NULL && !OSSL_PARAM_set_int(p, ctr->use_df))
637 p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_CIPHER);
639 if (ctr->cipher_ctr == NULL
640 || !OSSL_PARAM_set_utf8_string(p,
641 EVP_CIPHER_get0_name(ctr->cipher_ctr)))
645 return ossl_drbg_get_ctx_params(drbg, params);
648 static const OSSL_PARAM *drbg_ctr_gettable_ctx_params(ossl_unused void *vctx,
649 ossl_unused void *provctx)
651 static const OSSL_PARAM known_gettable_ctx_params[] = {
652 OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_CIPHER, NULL, 0),
653 OSSL_PARAM_int(OSSL_DRBG_PARAM_USE_DF, NULL),
654 OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON,
657 return known_gettable_ctx_params;
660 static int drbg_ctr_set_ctx_params(void *vctx, const OSSL_PARAM params[])
662 PROV_DRBG *ctx = (PROV_DRBG *)vctx;
663 PROV_DRBG_CTR *ctr = (PROV_DRBG_CTR *)ctx->data;
664 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
667 const char *propquery = NULL;
668 int i, cipher_init = 0;
670 if ((p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_USE_DF)) != NULL
671 && OSSL_PARAM_get_int(p, &i)) {
672 /* FIPS errors out in the drbg_ctr_init() call later */
673 ctr->use_df = i != 0;
677 if ((p = OSSL_PARAM_locate_const(params,
678 OSSL_DRBG_PARAM_PROPERTIES)) != NULL) {
679 if (p->data_type != OSSL_PARAM_UTF8_STRING)
681 propquery = (const char *)p->data;
684 if ((p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_CIPHER)) != NULL) {
685 const char *base = (const char *)p->data;
686 size_t ctr_str_len = sizeof("CTR") - 1;
687 size_t ecb_str_len = sizeof("ECB") - 1;
689 if (p->data_type != OSSL_PARAM_UTF8_STRING
690 || p->data_size < ctr_str_len)
692 if (OPENSSL_strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) {
693 ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER);
696 if ((ecb = OPENSSL_strndup(base, p->data_size)) == NULL) {
697 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
700 strcpy(ecb + p->data_size - ecb_str_len, "ECB");
701 EVP_CIPHER_free(ctr->cipher_ecb);
702 EVP_CIPHER_free(ctr->cipher_ctr);
703 ctr->cipher_ctr = EVP_CIPHER_fetch(libctx, base, propquery);
704 ctr->cipher_ecb = EVP_CIPHER_fetch(libctx, ecb, propquery);
706 if (ctr->cipher_ctr == NULL || ctr->cipher_ecb == NULL) {
707 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_FIND_CIPHERS);
713 if (cipher_init && !drbg_ctr_init(ctx))
716 return ossl_drbg_set_ctx_params(ctx, params);
719 static const OSSL_PARAM *drbg_ctr_settable_ctx_params(ossl_unused void *vctx,
720 ossl_unused void *provctx)
722 static const OSSL_PARAM known_settable_ctx_params[] = {
723 OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, NULL, 0),
724 OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_CIPHER, NULL, 0),
725 OSSL_PARAM_int(OSSL_DRBG_PARAM_USE_DF, NULL),
726 OSSL_PARAM_DRBG_SETTABLE_CTX_COMMON,
729 return known_settable_ctx_params;
732 const OSSL_DISPATCH ossl_drbg_ctr_functions[] = {
733 { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))drbg_ctr_new_wrapper },
734 { OSSL_FUNC_RAND_FREECTX, (void(*)(void))drbg_ctr_free },
735 { OSSL_FUNC_RAND_INSTANTIATE,
736 (void(*)(void))drbg_ctr_instantiate_wrapper },
737 { OSSL_FUNC_RAND_UNINSTANTIATE,
738 (void(*)(void))drbg_ctr_uninstantiate_wrapper },
739 { OSSL_FUNC_RAND_GENERATE, (void(*)(void))drbg_ctr_generate_wrapper },
740 { OSSL_FUNC_RAND_RESEED, (void(*)(void))drbg_ctr_reseed_wrapper },
741 { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))ossl_drbg_enable_locking },
742 { OSSL_FUNC_RAND_LOCK, (void(*)(void))ossl_drbg_lock },
743 { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))ossl_drbg_unlock },
744 { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS,
745 (void(*)(void))drbg_ctr_settable_ctx_params },
746 { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))drbg_ctr_set_ctx_params },
747 { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
748 (void(*)(void))drbg_ctr_gettable_ctx_params },
749 { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))drbg_ctr_get_ctx_params },
750 { OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
751 (void(*)(void))drbg_ctr_verify_zeroization },
752 { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))ossl_drbg_get_seed },
753 { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))ossl_drbg_clear_seed },