2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/core.h>
15 #include <openssl/core_names.h>
16 #include <openssl/crypto.h>
17 #include "internal/cryptlib.h"
18 #include "internal/numbers.h"
19 #include "internal/provider.h"
20 #include "internal/core.h"
21 #include "crypto/evp.h"
22 #include "evp_local.h"
28 const char *description;
29 CRYPTO_REF_COUNT refcnt;
30 CRYPTO_RWLOCK *refcnt_lock;
32 const OSSL_DISPATCH *dispatch;
33 OSSL_FUNC_rand_newctx_fn *newctx;
34 OSSL_FUNC_rand_freectx_fn *freectx;
35 OSSL_FUNC_rand_instantiate_fn *instantiate;
36 OSSL_FUNC_rand_uninstantiate_fn *uninstantiate;
37 OSSL_FUNC_rand_generate_fn *generate;
38 OSSL_FUNC_rand_reseed_fn *reseed;
39 OSSL_FUNC_rand_nonce_fn *nonce;
40 OSSL_FUNC_rand_enable_locking_fn *enable_locking;
41 OSSL_FUNC_rand_lock_fn *lock;
42 OSSL_FUNC_rand_unlock_fn *unlock;
43 OSSL_FUNC_rand_gettable_params_fn *gettable_params;
44 OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params;
45 OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params;
46 OSSL_FUNC_rand_get_params_fn *get_params;
47 OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params;
48 OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params;
49 OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization;
52 static int evp_rand_up_ref(void *vrand)
54 EVP_RAND *rand = (EVP_RAND *)vrand;
58 return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock);
62 static void evp_rand_free(void *vrand)
64 EVP_RAND *rand = (EVP_RAND *)vrand;
69 CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock);
72 OPENSSL_free(rand->type_name);
73 ossl_provider_free(rand->prov);
74 CRYPTO_THREAD_lock_free(rand->refcnt_lock);
78 static void *evp_rand_new(void)
80 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
83 || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
91 /* Enable locking of the underlying DRBG/RAND if available */
92 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
94 if (rand->meth->enable_locking != NULL)
95 return rand->meth->enable_locking(rand->algctx);
96 ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED);
100 /* Lock the underlying DRBG/RAND if available */
101 static int evp_rand_lock(EVP_RAND_CTX *rand)
103 if (rand->meth->lock != NULL)
104 return rand->meth->lock(rand->algctx);
108 /* Unlock the underlying DRBG/RAND if available */
109 static void evp_rand_unlock(EVP_RAND_CTX *rand)
111 if (rand->meth->unlock != NULL)
112 rand->meth->unlock(rand->algctx);
115 static void *evp_rand_from_algorithm(int name_id,
116 const OSSL_ALGORITHM *algodef,
119 const OSSL_DISPATCH *fns = algodef->implementation;
120 EVP_RAND *rand = NULL;
121 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0;
123 int fnzeroizecnt = 0;
126 if ((rand = evp_rand_new()) == NULL) {
127 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
130 rand->name_id = name_id;
131 if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
135 rand->description = algodef->algorithm_description;
136 rand->dispatch = fns;
137 for (; fns->function_id != 0; fns++) {
138 switch (fns->function_id) {
139 case OSSL_FUNC_RAND_NEWCTX:
140 if (rand->newctx != NULL)
142 rand->newctx = OSSL_FUNC_rand_newctx(fns);
145 case OSSL_FUNC_RAND_FREECTX:
146 if (rand->freectx != NULL)
148 rand->freectx = OSSL_FUNC_rand_freectx(fns);
151 case OSSL_FUNC_RAND_INSTANTIATE:
152 if (rand->instantiate != NULL)
154 rand->instantiate = OSSL_FUNC_rand_instantiate(fns);
157 case OSSL_FUNC_RAND_UNINSTANTIATE:
158 if (rand->uninstantiate != NULL)
160 rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns);
163 case OSSL_FUNC_RAND_GENERATE:
164 if (rand->generate != NULL)
166 rand->generate = OSSL_FUNC_rand_generate(fns);
169 case OSSL_FUNC_RAND_RESEED:
170 if (rand->reseed != NULL)
172 rand->reseed = OSSL_FUNC_rand_reseed(fns);
174 case OSSL_FUNC_RAND_NONCE:
175 if (rand->nonce != NULL)
177 rand->nonce = OSSL_FUNC_rand_nonce(fns);
179 case OSSL_FUNC_RAND_ENABLE_LOCKING:
180 if (rand->enable_locking != NULL)
182 rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns);
185 case OSSL_FUNC_RAND_LOCK:
186 if (rand->lock != NULL)
188 rand->lock = OSSL_FUNC_rand_lock(fns);
191 case OSSL_FUNC_RAND_UNLOCK:
192 if (rand->unlock != NULL)
194 rand->unlock = OSSL_FUNC_rand_unlock(fns);
197 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
198 if (rand->gettable_params != NULL)
200 rand->gettable_params =
201 OSSL_FUNC_rand_gettable_params(fns);
203 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
204 if (rand->gettable_ctx_params != NULL)
206 rand->gettable_ctx_params =
207 OSSL_FUNC_rand_gettable_ctx_params(fns);
209 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
210 if (rand->settable_ctx_params != NULL)
212 rand->settable_ctx_params =
213 OSSL_FUNC_rand_settable_ctx_params(fns);
215 case OSSL_FUNC_RAND_GET_PARAMS:
216 if (rand->get_params != NULL)
218 rand->get_params = OSSL_FUNC_rand_get_params(fns);
220 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
221 if (rand->get_ctx_params != NULL)
223 rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns);
226 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
227 if (rand->set_ctx_params != NULL)
229 rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns);
231 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
232 if (rand->verify_zeroization != NULL)
234 rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns);
242 * In order to be a consistent set of functions we must have at least
243 * a complete set of "rand" functions and a complete set of context
244 * management functions. In FIPS mode, we also require the zeroization
245 * verification function.
247 * In addition, if locking can be enabled, we need a complete set of
252 || (fnenablelockcnt != 0 && fnenablelockcnt != 1)
253 || (fnlockcnt != 0 && fnlockcnt != 2)
259 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
263 if (prov != NULL && !ossl_provider_up_ref(prov)) {
265 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
273 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
274 const char *properties)
276 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
277 evp_rand_from_algorithm, evp_rand_up_ref,
281 int EVP_RAND_up_ref(EVP_RAND *rand)
283 return evp_rand_up_ref(rand);
286 void EVP_RAND_free(EVP_RAND *rand)
291 int evp_rand_get_number(const EVP_RAND *rand)
293 return rand->name_id;
296 const char *EVP_RAND_get0_name(const EVP_RAND *rand)
298 return rand->type_name;
301 const char *EVP_RAND_get0_description(const EVP_RAND *rand)
303 return rand->description;
306 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
308 return evp_is_a(rand->prov, rand->name_id, NULL, name);
311 const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand)
316 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
318 if (rand->get_params != NULL)
319 return rand->get_params(params);
323 static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx)
327 return CRYPTO_UP_REF(&ctx->refcnt, &ref, ctx->refcnt_lock);
330 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
333 void *parent_ctx = NULL;
334 const OSSL_DISPATCH *parent_dispatch = NULL;
337 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
341 ctx = OPENSSL_zalloc(sizeof(*ctx));
342 if (ctx == NULL || (ctx->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
344 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
347 if (parent != NULL) {
348 if (!evp_rand_ctx_up_ref(parent)) {
349 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
350 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
354 parent_ctx = parent->algctx;
355 parent_dispatch = parent->meth->dispatch;
357 if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
358 parent_dispatch)) == NULL
359 || !EVP_RAND_up_ref(rand)) {
360 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
361 rand->freectx(ctx->algctx);
362 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
364 EVP_RAND_CTX_free(parent);
368 ctx->parent = parent;
373 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
376 EVP_RAND_CTX *parent;
381 CRYPTO_DOWN_REF(&ctx->refcnt, &ref, ctx->refcnt_lock);
384 parent = ctx->parent;
385 ctx->meth->freectx(ctx->algctx);
387 EVP_RAND_free(ctx->meth);
388 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
390 EVP_RAND_CTX_free(parent);
393 EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx)
398 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
401 return ctx->meth->get_ctx_params(ctx->algctx, params);
404 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
408 if (!evp_rand_lock(ctx))
410 res = evp_rand_get_ctx_params_locked(ctx, params);
411 evp_rand_unlock(ctx);
415 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
416 const OSSL_PARAM params[])
418 if (ctx->meth->set_ctx_params != NULL)
419 return ctx->meth->set_ctx_params(ctx->algctx, params);
423 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
427 if (!evp_rand_lock(ctx))
429 res = evp_rand_set_ctx_params_locked(ctx, params);
430 evp_rand_unlock(ctx);
434 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
436 if (rand->gettable_params == NULL)
438 return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand)));
441 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
445 if (rand->gettable_ctx_params == NULL)
447 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
448 return rand->gettable_ctx_params(NULL, provctx);
451 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
455 if (rand->settable_ctx_params == NULL)
457 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
458 return rand->settable_ctx_params(NULL, provctx);
461 const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx)
465 if (ctx->meth->gettable_ctx_params == NULL)
467 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
468 return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
471 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
475 if (ctx->meth->settable_ctx_params == NULL)
477 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
478 return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
481 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
482 void (*fn)(EVP_RAND *rand, void *arg),
485 evp_generic_do_all(libctx, OSSL_OP_RAND,
486 (void (*)(void *, void *))fn, arg,
487 evp_rand_from_algorithm, evp_rand_up_ref,
491 int EVP_RAND_names_do_all(const EVP_RAND *rand,
492 void (*fn)(const char *name, void *data),
495 if (rand->prov != NULL)
496 return evp_names_do_all(rand->prov, rand->name_id, fn, data);
501 static int evp_rand_instantiate_locked
502 (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
503 const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[])
505 return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance,
506 pstr, pstr_len, params);
509 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
510 int prediction_resistance,
511 const unsigned char *pstr, size_t pstr_len,
512 const OSSL_PARAM params[])
516 if (!evp_rand_lock(ctx))
518 res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance,
519 pstr, pstr_len, params);
520 evp_rand_unlock(ctx);
524 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
526 return ctx->meth->uninstantiate(ctx->algctx);
529 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
533 if (!evp_rand_lock(ctx))
535 res = evp_rand_uninstantiate_locked(ctx);
536 evp_rand_unlock(ctx);
540 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
541 size_t outlen, unsigned int strength,
542 int prediction_resistance,
543 const unsigned char *addin,
546 size_t chunk, max_request = 0;
547 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
549 params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
551 if (!evp_rand_get_ctx_params_locked(ctx, params)
552 || max_request == 0) {
553 ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
556 for (; outlen > 0; outlen -= chunk, out += chunk) {
557 chunk = outlen > max_request ? max_request : outlen;
558 if (!ctx->meth->generate(ctx->algctx, out, chunk, strength,
559 prediction_resistance, addin, addin_len)) {
560 ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR);
564 * Prediction resistance is only relevant the first time around,
565 * subsequently, the DRBG has already been properly reseeded.
567 prediction_resistance = 0;
572 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
573 unsigned int strength, int prediction_resistance,
574 const unsigned char *addin, size_t addin_len)
578 if (!evp_rand_lock(ctx))
580 res = evp_rand_generate_locked(ctx, out, outlen, strength,
581 prediction_resistance, addin, addin_len);
582 evp_rand_unlock(ctx);
586 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
587 const unsigned char *ent, size_t ent_len,
588 const unsigned char *addin, size_t addin_len)
590 if (ctx->meth->reseed != NULL)
591 return ctx->meth->reseed(ctx->algctx, prediction_resistance,
592 ent, ent_len, addin, addin_len);
596 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
597 const unsigned char *ent, size_t ent_len,
598 const unsigned char *addin, size_t addin_len)
602 if (!evp_rand_lock(ctx))
604 res = evp_rand_reseed_locked(ctx, prediction_resistance,
605 ent, ent_len, addin, addin_len);
606 evp_rand_unlock(ctx);
610 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx)
612 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
613 unsigned int strength = 0;
615 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
616 if (!evp_rand_get_ctx_params_locked(ctx, params))
621 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx)
625 if (!evp_rand_lock(ctx))
627 res = evp_rand_strength_locked(ctx);
628 evp_rand_unlock(ctx);
632 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
635 unsigned int str = evp_rand_strength_locked(ctx);
637 if (ctx->meth->nonce == NULL)
639 if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
641 return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
644 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
648 if (!evp_rand_lock(ctx))
650 res = evp_rand_nonce_locked(ctx, out, outlen);
651 evp_rand_unlock(ctx);
655 int EVP_RAND_get_state(EVP_RAND_CTX *ctx)
657 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
660 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state);
661 if (!EVP_RAND_CTX_get_params(ctx, params))
662 state = EVP_RAND_STATE_ERROR;
666 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
668 if (ctx->meth->verify_zeroization != NULL)
669 return ctx->meth->verify_zeroization(ctx->algctx);
673 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
677 if (!evp_rand_lock(ctx))
679 res = evp_rand_verify_zeroization_locked(ctx);
680 evp_rand_unlock(ctx);