PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\
operation not supported for this keytype
PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
+PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS:228:\
+ parent cannot generate random numbers
PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled
PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak
PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute
PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER:198:\
unable to get parent reseed prop counter
PROV_R_UNABLE_TO_GET_PARENT_STRENGTH:199:unable to get parent strength
-PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR:200:unable to get reseed prop ctr
PROV_R_UNABLE_TO_INITIALISE_CIPHERS:208:unable to initialise ciphers
PROV_R_UNABLE_TO_LOAD_SHA1:143:unable to load sha1
PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256
RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER:141:\
unable to get parent reseed prop counter
RAND_R_UNABLE_TO_GET_PARENT_STRENGTH:138:unable to get parent strength
-RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR:142:unable to get reseed prop ctr
+RAND_R_UNABLE_TO_GET_RESEED_COUNTER :142:unable to get reseed counter
RAND_R_UNABLE_TO_LOCK_PARENT:140:unable to lock parent
RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags
RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type
size_t chunk, max_request = 0;
OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
- params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST,
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
&max_request);
if (!evp_rand_get_ctx_params_locked(ctx, params)
|| max_request == 0) {
#include <openssl/opensslv.h>
#include "crypto/cryptlib.h"
#include "crypto/evp.h" /* evp_method_store_flush */
+#include "crypto/rand.h"
#include "internal/nelem.h"
#include "internal/thread_once.h"
#include "internal/provider.h"
#endif /* FIPS_MODULE */
/*
- * Functions provided by the core. Blank line separates "families" of related
- * functions.
+ * Functions provided by the core.
*/
static const OSSL_DISPATCH core_dispatch_[] = {
{ OSSL_FUNC_CORE_GETTABLE_PARAMS, (void (*)(void))core_gettable_params },
{ OSSL_FUNC_BIO_VPRINTF, (void (*)(void))BIO_vprintf },
{ OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf },
{ OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback },
+ { OSSL_FUNC_GET_ENTROPY, (void (*)(void))ossl_rand_get_entropy },
+ { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))ossl_rand_cleanup_entropy },
+ { OSSL_FUNC_GET_NONCE, (void (*)(void))ossl_rand_get_nonce },
+ { OSSL_FUNC_CLEANUP_NONCE, (void (*)(void))ossl_rand_cleanup_nonce },
#endif
{ OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc },
{ OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc },
LIBS=../../libcrypto
$COMMON=rand_lib.c rand_meth.c
-$CRYPTO=randfile.c rand_err.c rand_deprecated.c
+$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
IF[{- !$disabled{'egd'} -}]
$CRYPTO=$CRYPTO rand_egd.c
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/rand.h"
+#include "crypto/rand_pool.h"
+#include <openssl/core_dispatch.h>
+#include <openssl/err.h>
+
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, int entropy,
+ size_t min_len, size_t max_len)
+{
+ size_t ret = 0;
+ size_t entropy_available;
+ RAND_POOL *pool;
+
+ pool = rand_pool_new(entropy, 1, min_len, max_len);
+ if (pool == NULL) {
+ ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* Get entropy by polling system entropy sources. */
+ entropy_available = ossl_pool_acquire_entropy(pool);
+
+ if (entropy_available > 0) {
+ ret = rand_pool_length(pool);
+ *pout = rand_pool_detach(pool);
+ }
+
+ rand_pool_free(pool);
+ return ret;
+}
+
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len)
+{
+ OPENSSL_secure_clear_free(buf, len);
+}
+
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, size_t min_len, size_t max_len,
+ const void *salt, size_t salt_len)
+{
+ size_t ret = 0;
+ RAND_POOL *pool;
+
+ pool = rand_pool_new(0, 0, min_len, max_len);
+ if (pool == NULL) {
+ ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (!ossl_pool_add_nonce_data(pool))
+ goto err;
+
+ if (salt != NULL && !rand_pool_add(pool, salt, salt_len, 0))
+ goto err;
+ ret = rand_pool_length(pool);
+ *pout = rand_pool_detach(pool);
+ err:
+ rand_pool_free(pool);
+ return ret;
+}
+
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len)
+{
+ OPENSSL_clear_free(buf, len);
+}
"unable to get parent reseed prop counter"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH),
"unable to get parent strength"},
- {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR),
- "unable to get reseed prop ctr"},
+ {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_RESEED_COUNTER),
+ "unable to get reseed counter"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_LOCK_PARENT),
"unable to lock parent"},
{ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
#include "e_os.h"
#ifndef FIPS_MODULE
-# include "prov/rand_pool.h"
+# include "crypto/rand_pool.h"
# include "prov/seeding.h"
# ifndef OPENSSL_NO_ENGINE
#include "crypto/rand.h"
#include <openssl/engine.h>
#include "internal/thread_once.h"
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
/*
* Allocate memory and initialize a new random pool
# define OSSL_CRYPTO_RAND_H
# include <openssl/rand.h>
+# include "crypto/rand_pool.h"
/*
* Defines related to seed sources
*/
void ossl_random_add_conf_module(void);
+/*
+ * Get and cleanup random seed material.
+ */
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, int entropy,
+ size_t min_len, size_t max_len);
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len);
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, size_t min_len, size_t max_len,
+ const void *salt, size_t salt_len);
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len);
+
+/*
+ * Get seeding material from the operating system sources.
+ */
+size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
+int ossl_pool_add_nonce_data(RAND_POOL *pool);
+
#endif
OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
void **cbarg))
+/* Functions to get seed material from the operating system */
+#define OSSL_FUNC_GET_ENTROPY 101
+#define OSSL_FUNC_CLEANUP_ENTROPY 102
+#define OSSL_FUNC_GET_NONCE 103
+#define OSSL_FUNC_CLEANUP_NONCE 104
+OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, int entropy,
+ size_t min_len, size_t max_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len))
+OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle,
+ unsigned char **pout, size_t min_len,
+ size_t max_len, const void *salt,
+ size_t salt_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle,
+ unsigned char *buf, size_t len))
+
/* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
# define OSSL_FUNC_PROVIDER_TEARDOWN 1024
OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
/* Known RAND names */
#define OSSL_RAND_PARAM_STATE "state"
#define OSSL_RAND_PARAM_STRENGTH "strength"
+#define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
/* RAND/DRBG names */
#define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MAX_REQUEST "max_request"
#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
#define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
# define RAND_R_UNABLE_TO_FETCH_DRBG 144
# define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER 141
# define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH 138
-# define RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR 142
+# define RAND_R_UNABLE_TO_GET_RESEED_COUNTER 142
# define RAND_R_UNABLE_TO_LOCK_PARENT 140
# define RAND_R_UNSUPPORTED_DRBG_FLAGS 132
# define RAND_R_UNSUPPORTED_DRBG_TYPE 120
# define PROV_R_UNABLE_TO_GET_NONCE 203
# define PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER 198
# define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH 199
-# define PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR 200
# define PROV_R_UNABLE_TO_INITIALISE_CIPHERS 208
# define PROV_R_UNABLE_TO_LOAD_SHA1 143
# define PROV_R_UNABLE_TO_LOAD_SHA256 147
"unable to get parent reseed prop counter"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH),
"unable to get parent strength"},
- {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_RESEED_PROP_CTR),
- "unable to get reseed prop ctr"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_INITIALISE_CIPHERS),
"unable to initialise ciphers"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_LOAD_SHA1),