/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/randerr.h>
+#include <openssl/proverr.h>
#include "prov/implementations.h"
#include "prov/provider_ctx.h"
-#include "prov/providercommonerr.h"
#include "crypto/rand.h"
#include "crypto/rand_pool.h"
static OSSL_FUNC_rand_get_ctx_params_fn seed_src_get_ctx_params;
static OSSL_FUNC_rand_verify_zeroization_fn seed_src_verify_zeroization;
static OSSL_FUNC_rand_enable_locking_fn seed_src_enable_locking;
+static OSSL_FUNC_rand_lock_fn seed_src_lock;
+static OSSL_FUNC_rand_unlock_fn seed_src_unlock;
+static OSSL_FUNC_rand_get_seed_fn seed_get_seed;
+static OSSL_FUNC_rand_clear_seed_fn seed_clear_seed;
typedef struct {
void *provctx;
entropy_available = ossl_pool_acquire_entropy(pool);
if (entropy_available > 0)
- memcpy(out, rand_pool_detach(pool), rand_pool_length(pool));
+ memcpy(out, rand_pool_buffer(pool), rand_pool_length(pool));
rand_pool_free(pool);
return entropy_available > 0;
return 1;
}
-static const OSSL_PARAM *seed_src_gettable_ctx_params(ossl_unused void *provctx)
+static const OSSL_PARAM *seed_src_gettable_ctx_params(ossl_unused void *vseed,
+ ossl_unused void *provctx)
{
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
return 1;
}
+static size_t seed_get_seed(void *vseed, unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len,
+ int prediction_resistance,
+ const unsigned char *adin, size_t adin_len)
+{
+ size_t bytes_needed;
+ unsigned char *p;
+
+ /*
+ * Figure out how many bytes we need.
+ * This assumes that the seed sources provide eight bits of entropy
+ * per byte. For lower quality sources, the formula will need to be
+ * different.
+ */
+ bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
+ if (bytes_needed < min_len)
+ bytes_needed = min_len;
+ if (bytes_needed > max_len) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
+ return 0;
+ }
+
+ p = OPENSSL_secure_malloc(bytes_needed);
+ if (p == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ *pout = p;
+ if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance,
+ adin, adin_len) != 0)
+ return bytes_needed;
+ OPENSSL_secure_clear_free(p, bytes_needed);
+ return 0;
+}
+
+static void seed_clear_seed(ossl_unused void *vdrbg,
+ unsigned char *out, size_t outlen)
+{
+ OPENSSL_secure_clear_free(out, outlen);
+}
+
static int seed_src_enable_locking(ossl_unused void *vseed)
{
return 1;
}
+int seed_src_lock(ossl_unused void *vctx)
+{
+ return 1;
+}
+
+void seed_src_unlock(ossl_unused void *vctx)
+{
+}
+
const OSSL_DISPATCH ossl_seed_src_functions[] = {
{ OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new },
{ OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free },
{ OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate },
{ OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed },
{ OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking },
+ { OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock },
+ { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock },
{ OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
(void(*)(void))seed_src_gettable_ctx_params },
{ OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params },
{ OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
(void(*)(void))seed_src_verify_zeroization },
+ { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))seed_get_seed },
+ { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))seed_clear_seed },
{ 0, NULL }
};