2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/evp.h>
14 #include <openssl/engine.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/rand.h>
18 #include <openssl/core.h>
19 #include <openssl/core_names.h>
20 #include <openssl/crypto.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
23 #include "internal/cryptlib.h"
24 #include "internal/numbers.h"
25 #include "internal/provider.h"
26 #include "evp_local.h"
31 CRYPTO_REF_COUNT refcnt;
32 CRYPTO_RWLOCK *refcnt_lock;
34 const OSSL_DISPATCH *dispatch;
35 OSSL_FUNC_rand_newctx_fn *newctx;
36 OSSL_FUNC_rand_freectx_fn *freectx;
37 OSSL_FUNC_rand_instantiate_fn *instantiate;
38 OSSL_FUNC_rand_uninstantiate_fn *uninstantiate;
39 OSSL_FUNC_rand_generate_fn *generate;
40 OSSL_FUNC_rand_reseed_fn *reseed;
41 OSSL_FUNC_rand_nonce_fn *nonce;
42 OSSL_FUNC_rand_enable_locking_fn *enable_locking;
43 OSSL_FUNC_rand_lock_fn *lock;
44 OSSL_FUNC_rand_unlock_fn *unlock;
45 OSSL_FUNC_rand_gettable_params_fn *gettable_params;
46 OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params;
47 OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params;
48 OSSL_FUNC_rand_get_params_fn *get_params;
49 OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params;
50 OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params;
51 OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization;
54 static int evp_rand_up_ref(void *vrand)
56 EVP_RAND *rand = (EVP_RAND *)vrand;
60 return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock);
64 static void evp_rand_free(void *vrand){
65 EVP_RAND *rand = (EVP_RAND *)vrand;
69 CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock);
71 ossl_provider_free(rand->prov);
72 CRYPTO_THREAD_lock_free(rand->refcnt_lock);
78 static void *evp_rand_new(void)
80 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
83 || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
91 /* Enable locking of the underlying DRBG/RAND if available */
92 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
94 if (rand->meth->enable_locking != NULL)
95 return rand->meth->enable_locking(rand->data);
96 EVPerr(0, EVP_R_LOCKING_NOT_SUPPORTED);
100 /* Lock the underlying DRBG/RAND if available */
101 static int evp_rand_lock(EVP_RAND_CTX *rand)
103 if (rand->meth->lock != NULL)
104 return rand->meth->lock(rand->data);
108 /* Unlock the underlying DRBG/RAND if available */
109 static void evp_rand_unlock(EVP_RAND_CTX *rand)
111 if (rand->meth->unlock != NULL)
112 rand->meth->unlock(rand->data);
115 static void *evp_rand_from_dispatch(int name_id,
116 const OSSL_DISPATCH *fns,
119 EVP_RAND *rand = NULL;
120 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0;
122 int fnzeroizecnt = 0;
125 if ((rand = evp_rand_new()) == NULL) {
126 EVPerr(0, ERR_R_MALLOC_FAILURE);
129 rand->name_id = name_id;
130 rand->dispatch = fns;
131 for (; fns->function_id != 0; fns++) {
132 switch (fns->function_id) {
133 case OSSL_FUNC_RAND_NEWCTX:
134 if (rand->newctx != NULL)
136 rand->newctx = OSSL_FUNC_rand_newctx(fns);
139 case OSSL_FUNC_RAND_FREECTX:
140 if (rand->freectx != NULL)
142 rand->freectx = OSSL_FUNC_rand_freectx(fns);
145 case OSSL_FUNC_RAND_INSTANTIATE:
146 if (rand->instantiate != NULL)
148 rand->instantiate = OSSL_FUNC_rand_instantiate(fns);
151 case OSSL_FUNC_RAND_UNINSTANTIATE:
152 if (rand->uninstantiate != NULL)
154 rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns);
157 case OSSL_FUNC_RAND_GENERATE:
158 if (rand->generate != NULL)
160 rand->generate = OSSL_FUNC_rand_generate(fns);
163 case OSSL_FUNC_RAND_RESEED:
164 if (rand->reseed != NULL)
166 rand->reseed = OSSL_FUNC_rand_reseed(fns);
168 case OSSL_FUNC_RAND_NONCE:
169 if (rand->nonce != NULL)
171 rand->nonce = OSSL_FUNC_rand_nonce(fns);
173 case OSSL_FUNC_RAND_ENABLE_LOCKING:
174 if (rand->enable_locking != NULL)
176 rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns);
179 case OSSL_FUNC_RAND_LOCK:
180 if (rand->lock != NULL)
182 rand->lock = OSSL_FUNC_rand_lock(fns);
185 case OSSL_FUNC_RAND_UNLOCK:
186 if (rand->unlock != NULL)
188 rand->unlock = OSSL_FUNC_rand_unlock(fns);
191 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
192 if (rand->gettable_params != NULL)
194 rand->gettable_params =
195 OSSL_FUNC_rand_gettable_params(fns);
197 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
198 if (rand->gettable_ctx_params != NULL)
200 rand->gettable_ctx_params =
201 OSSL_FUNC_rand_gettable_ctx_params(fns);
203 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
204 if (rand->settable_ctx_params != NULL)
206 rand->settable_ctx_params =
207 OSSL_FUNC_rand_settable_ctx_params(fns);
209 case OSSL_FUNC_RAND_GET_PARAMS:
210 if (rand->get_params != NULL)
212 rand->get_params = OSSL_FUNC_rand_get_params(fns);
214 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
215 if (rand->get_ctx_params != NULL)
217 rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns);
220 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
221 if (rand->set_ctx_params != NULL)
223 rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns);
225 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
226 if (rand->verify_zeroization != NULL)
228 rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns);
236 * In order to be a consistent set of functions we must have at least
237 * a complete set of "rand" functions and a complete set of context
238 * management functions. In FIPS mode, we also require the zeroization
239 * verification function.
241 * In addition, if locking can be enabled, we need a complete set of
246 || (fnlockcnt != 0 && fnlockcnt != 3)
252 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
256 if (prov != NULL && !ossl_provider_up_ref(prov)) {
258 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
266 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
267 const char *properties)
269 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
270 evp_rand_from_dispatch, evp_rand_up_ref,
274 int EVP_RAND_up_ref(EVP_RAND *rand)
276 return evp_rand_up_ref(rand);
279 void EVP_RAND_free(EVP_RAND *rand)
284 int EVP_RAND_number(const EVP_RAND *rand)
286 return rand->name_id;
289 const char *EVP_RAND_name(const EVP_RAND *rand)
291 return evp_first_name(rand->prov, rand->name_id);
294 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
296 return evp_is_a(rand->prov, rand->name_id, NULL, name);
299 const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand)
304 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
306 if (rand->get_params != NULL)
307 return rand->get_params(params);
311 static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx)
315 return CRYPTO_UP_REF(&ctx->refcnt, &ref, ctx->refcnt_lock);
318 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
321 void *parent_ctx = NULL;
322 const OSSL_DISPATCH *parent_dispatch = NULL;
325 EVPerr(0, EVP_R_INVALID_NULL_ALGORITHM);
329 ctx = OPENSSL_zalloc(sizeof(*ctx));
330 if (ctx == NULL || (ctx->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
332 EVPerr(0, ERR_R_MALLOC_FAILURE);
335 if (parent != NULL) {
336 if (!EVP_RAND_enable_locking(parent)) {
337 EVPerr(0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING);
338 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
342 if (!evp_rand_ctx_up_ref(parent)) {
343 EVPerr(0, ERR_R_INTERNAL_ERROR);
344 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
348 parent_ctx = parent->data;
349 parent_dispatch = parent->meth->dispatch;
351 if ((ctx->data = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
352 parent_dispatch)) == NULL
353 || !EVP_RAND_up_ref(rand)) {
354 EVPerr(0, ERR_R_MALLOC_FAILURE);
355 rand->freectx(ctx->data);
356 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
358 EVP_RAND_CTX_free(parent);
362 ctx->parent = parent;
367 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
372 CRYPTO_DOWN_REF(&ctx->refcnt, &ref, ctx->refcnt_lock);
374 EVP_RAND_CTX *parent = ctx->parent;
376 ctx->meth->freectx(ctx->data);
378 EVP_RAND_free(ctx->meth);
379 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
381 EVP_RAND_CTX_free(parent);
386 EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx)
391 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
394 return ctx->meth->get_ctx_params(ctx->data, params);
397 int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
401 if (!evp_rand_lock(ctx))
403 res = evp_rand_get_ctx_params_locked(ctx, params);
404 evp_rand_unlock(ctx);
408 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
409 const OSSL_PARAM params[])
411 if (ctx->meth->set_ctx_params != NULL)
412 return ctx->meth->set_ctx_params(ctx->data, params);
416 int EVP_RAND_set_ctx_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
420 if (!evp_rand_lock(ctx))
422 res = evp_rand_set_ctx_params_locked(ctx, params);
423 evp_rand_unlock(ctx);
427 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
429 if (rand->gettable_params == NULL)
431 return rand->gettable_params(ossl_provider_ctx(EVP_RAND_provider(rand)));
434 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
436 if (rand->gettable_ctx_params == NULL)
438 return rand->gettable_ctx_params(
439 ossl_provider_ctx(EVP_RAND_provider(rand)));
442 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
444 if (rand->settable_ctx_params == NULL)
446 return rand->settable_ctx_params(
447 ossl_provider_ctx(EVP_RAND_provider(rand)));
450 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
451 void (*fn)(EVP_RAND *rand, void *arg),
454 evp_generic_do_all(libctx, OSSL_OP_RAND,
455 (void (*)(void *, void *))fn, arg,
456 evp_rand_from_dispatch, evp_rand_free);
459 void EVP_RAND_names_do_all(const EVP_RAND *rand,
460 void (*fn)(const char *name, void *data),
463 if (rand->prov != NULL)
464 evp_names_do_all(rand->prov, rand->name_id, fn, data);
467 static int evp_rand_instantiate_locked
468 (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
469 const unsigned char *pstr, size_t pstr_len)
471 return ctx->meth->instantiate(ctx->data, strength, prediction_resistance,
475 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
476 int prediction_resistance,
477 const unsigned char *pstr, size_t pstr_len)
481 if (!evp_rand_lock(ctx))
483 res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance,
485 evp_rand_unlock(ctx);
489 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
491 return ctx->meth->uninstantiate(ctx->data);
494 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
498 if (!evp_rand_lock(ctx))
500 res = evp_rand_uninstantiate_locked(ctx);
501 evp_rand_unlock(ctx);
505 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
506 size_t outlen, unsigned int strength,
507 int prediction_resistance,
508 const unsigned char *addin,
511 size_t chunk, max_request = 0;
512 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
514 params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST,
516 if (!evp_rand_get_ctx_params_locked(ctx, params)
517 || max_request == 0) {
518 EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
521 for (; outlen > 0; outlen -= chunk, out += chunk) {
522 chunk = outlen > max_request ? max_request : outlen;
523 if (!ctx->meth->generate(ctx->data, out, chunk, strength,
524 prediction_resistance, addin, addin_len)) {
525 EVPerr(0, EVP_R_GENERATE_ERROR);
529 * Prediction resistance is only relevant the first time around,
530 * subsequently, the DRBG has already been properly reseeded.
532 prediction_resistance = 0;
537 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
538 unsigned int strength, int prediction_resistance,
539 const unsigned char *addin, size_t addin_len)
543 if (!evp_rand_lock(ctx))
545 res = evp_rand_generate_locked(ctx, out, outlen, strength,
546 prediction_resistance, addin, addin_len);
547 evp_rand_unlock(ctx);
551 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
552 const unsigned char *ent, size_t ent_len,
553 const unsigned char *addin, size_t addin_len)
555 if (ctx->meth->reseed != NULL)
556 return ctx->meth->reseed(ctx->data, prediction_resistance,
557 ent, ent_len, addin, addin_len);
561 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
562 const unsigned char *ent, size_t ent_len,
563 const unsigned char *addin, size_t addin_len)
567 if (!evp_rand_lock(ctx))
569 res = evp_rand_reseed_locked(ctx, prediction_resistance,
570 ent, ent_len, addin, addin_len);
571 evp_rand_unlock(ctx);
575 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx)
577 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
578 unsigned int strength = 0;
580 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
581 if (!evp_rand_get_ctx_params_locked(ctx, params))
586 unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx)
590 if (!evp_rand_lock(ctx))
592 res = evp_rand_strength_locked(ctx);
593 evp_rand_unlock(ctx);
597 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
600 unsigned int str = evp_rand_strength_locked(ctx);
602 if (ctx->meth->nonce == NULL)
604 if (ctx->meth->nonce(ctx->data, out, str, outlen, outlen))
606 return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
609 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
613 if (!evp_rand_lock(ctx))
615 res = evp_rand_nonce_locked(ctx, out, outlen);
616 evp_rand_unlock(ctx);
620 int EVP_RAND_state(EVP_RAND_CTX *ctx)
622 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
625 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state);
626 if (!EVP_RAND_get_ctx_params(ctx, params))
627 state = EVP_RAND_STATE_ERROR;
631 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
633 if (ctx->meth->verify_zeroization != NULL)
634 return ctx->meth->verify_zeroization(ctx->data);
638 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
642 if (!evp_rand_lock(ctx))
644 res = evp_rand_verify_zeroization_locked(ctx);
645 evp_rand_unlock(ctx);
projects / openssl.git / blob