1 /*
2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/core.h>
15 #include <openssl/core_names.h>
16 #include <openssl/crypto.h>
17 #include "internal/cryptlib.h"
18 #include "internal/numbers.h"
19 #include "internal/provider.h"
20 #include "internal/core.h"
21 #include "crypto/evp.h"
22 #include "evp_local.h"
23
24 struct evp_rand_st {
25 OSSL_PROVIDER *prov;
26 int name_id;
27 char *type_name;
28 const char *description;
29 CRYPTO_REF_COUNT refcnt;
30
31 const OSSL_DISPATCH *dispatch;
32 OSSL_FUNC_rand_newctx_fn *newctx;
33 OSSL_FUNC_rand_freectx_fn *freectx;
34 OSSL_FUNC_rand_instantiate_fn *instantiate;
35 OSSL_FUNC_rand_uninstantiate_fn *uninstantiate;
36 OSSL_FUNC_rand_generate_fn *generate;
37 OSSL_FUNC_rand_reseed_fn *reseed;
38 OSSL_FUNC_rand_nonce_fn *nonce;
39 OSSL_FUNC_rand_enable_locking_fn *enable_locking;
40 OSSL_FUNC_rand_lock_fn *lock;
41 OSSL_FUNC_rand_unlock_fn *unlock;
42 OSSL_FUNC_rand_gettable_params_fn *gettable_params;
43 OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params;
44 OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params;
45 OSSL_FUNC_rand_get_params_fn *get_params;
46 OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params;
47 OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params;
48 OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization;
49 OSSL_FUNC_rand_get_seed_fn *get_seed;
50 OSSL_FUNC_rand_clear_seed_fn *clear_seed;
51 } /* EVP_RAND */ ;
52
evp_rand_up_ref(void * vrand)53 static int evp_rand_up_ref(void *vrand)
54 {
55 EVP_RAND *rand = (EVP_RAND *)vrand;
56 int ref = 0;
57
58 if (rand != NULL)
59 return CRYPTO_UP_REF(&rand->refcnt, &ref);
60 return 1;
61 }
62
evp_rand_free(void * vrand)63 static void evp_rand_free(void *vrand)
64 {
65 EVP_RAND *rand = (EVP_RAND *)vrand;
66 int ref = 0;
67
68 if (rand == NULL)
69 return;
70 CRYPTO_DOWN_REF(&rand->refcnt, &ref);
71 if (ref > 0)
72 return;
73 OPENSSL_free(rand->type_name);
74 ossl_provider_free(rand->prov);
75 CRYPTO_FREE_REF(&rand->refcnt);
76 OPENSSL_free(rand);
77 }
78
evp_rand_new(void)79 static void *evp_rand_new(void)
80 {
81 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
82
83 if (rand == NULL)
84 return NULL;
85
86 if (!CRYPTO_NEW_REF(&rand->refcnt, 1)) {
87 OPENSSL_free(rand);
88 return NULL;
89 }
90 return rand;
91 }
92
93 /* Enable locking of the underlying DRBG/RAND if available */
EVP_RAND_enable_locking(EVP_RAND_CTX * rand)94 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
95 {
96 if (rand->meth->enable_locking != NULL)
97 return rand->meth->enable_locking(rand->algctx);
98 ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED);
99 return 0;
100 }
101
102 /* Lock the underlying DRBG/RAND if available */
evp_rand_lock(EVP_RAND_CTX * rand)103 static int evp_rand_lock(EVP_RAND_CTX *rand)
104 {
105 if (rand->meth->lock != NULL)
106 return rand->meth->lock(rand->algctx);
107 return 1;
108 }
109
110 /* Unlock the underlying DRBG/RAND if available */
evp_rand_unlock(EVP_RAND_CTX * rand)111 static void evp_rand_unlock(EVP_RAND_CTX *rand)
112 {
113 if (rand->meth->unlock != NULL)
114 rand->meth->unlock(rand->algctx);
115 }
116
evp_rand_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)117 static void *evp_rand_from_algorithm(int name_id,
118 const OSSL_ALGORITHM *algodef,
119 OSSL_PROVIDER *prov)
120 {
121 const OSSL_DISPATCH *fns = algodef->implementation;
122 EVP_RAND *rand = NULL;
123 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0;
124 #ifdef FIPS_MODULE
125 int fnzeroizecnt = 0;
126 #endif
127
128 if ((rand = evp_rand_new()) == NULL) {
129 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
130 return NULL;
131 }
132 rand->name_id = name_id;
133 if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
134 evp_rand_free(rand);
135 return NULL;
136 }
137 rand->description = algodef->algorithm_description;
138 rand->dispatch = fns;
139 for (; fns->function_id != 0; fns++) {
140 switch (fns->function_id) {
141 case OSSL_FUNC_RAND_NEWCTX:
142 if (rand->newctx != NULL)
143 break;
144 rand->newctx = OSSL_FUNC_rand_newctx(fns);
145 fnctxcnt++;
146 break;
147 case OSSL_FUNC_RAND_FREECTX:
148 if (rand->freectx != NULL)
149 break;
150 rand->freectx = OSSL_FUNC_rand_freectx(fns);
151 fnctxcnt++;
152 break;
153 case OSSL_FUNC_RAND_INSTANTIATE:
154 if (rand->instantiate != NULL)
155 break;
156 rand->instantiate = OSSL_FUNC_rand_instantiate(fns);
157 fnrandcnt++;
158 break;
159 case OSSL_FUNC_RAND_UNINSTANTIATE:
160 if (rand->uninstantiate != NULL)
161 break;
162 rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns);
163 fnrandcnt++;
164 break;
165 case OSSL_FUNC_RAND_GENERATE:
166 if (rand->generate != NULL)
167 break;
168 rand->generate = OSSL_FUNC_rand_generate(fns);
169 fnrandcnt++;
170 break;
171 case OSSL_FUNC_RAND_RESEED:
172 if (rand->reseed != NULL)
173 break;
174 rand->reseed = OSSL_FUNC_rand_reseed(fns);
175 break;
176 case OSSL_FUNC_RAND_NONCE:
177 if (rand->nonce != NULL)
178 break;
179 rand->nonce = OSSL_FUNC_rand_nonce(fns);
180 break;
181 case OSSL_FUNC_RAND_ENABLE_LOCKING:
182 if (rand->enable_locking != NULL)
183 break;
184 rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns);
185 fnenablelockcnt++;
186 break;
187 case OSSL_FUNC_RAND_LOCK:
188 if (rand->lock != NULL)
189 break;
190 rand->lock = OSSL_FUNC_rand_lock(fns);
191 fnlockcnt++;
192 break;
193 case OSSL_FUNC_RAND_UNLOCK:
194 if (rand->unlock != NULL)
195 break;
196 rand->unlock = OSSL_FUNC_rand_unlock(fns);
197 fnlockcnt++;
198 break;
199 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
200 if (rand->gettable_params != NULL)
201 break;
202 rand->gettable_params =
203 OSSL_FUNC_rand_gettable_params(fns);
204 break;
205 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
206 if (rand->gettable_ctx_params != NULL)
207 break;
208 rand->gettable_ctx_params =
209 OSSL_FUNC_rand_gettable_ctx_params(fns);
210 break;
211 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
212 if (rand->settable_ctx_params != NULL)
213 break;
214 rand->settable_ctx_params =
215 OSSL_FUNC_rand_settable_ctx_params(fns);
216 break;
217 case OSSL_FUNC_RAND_GET_PARAMS:
218 if (rand->get_params != NULL)
219 break;
220 rand->get_params = OSSL_FUNC_rand_get_params(fns);
221 break;
222 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
223 if (rand->get_ctx_params != NULL)
224 break;
225 rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns);
226 fnctxcnt++;
227 break;
228 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
229 if (rand->set_ctx_params != NULL)
230 break;
231 rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns);
232 break;
233 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
234 if (rand->verify_zeroization != NULL)
235 break;
236 rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns);
237 #ifdef FIPS_MODULE
238 fnzeroizecnt++;
239 #endif
240 break;
241 case OSSL_FUNC_RAND_GET_SEED:
242 if (rand->get_seed != NULL)
243 break;
244 rand->get_seed = OSSL_FUNC_rand_get_seed(fns);
245 break;
246 case OSSL_FUNC_RAND_CLEAR_SEED:
247 if (rand->clear_seed != NULL)
248 break;
249 rand->clear_seed = OSSL_FUNC_rand_clear_seed(fns);
250 break;
251 }
252 }
253 /*
254 * In order to be a consistent set of functions we must have at least
255 * a complete set of "rand" functions and a complete set of context
256 * management functions. In FIPS mode, we also require the zeroization
257 * verification function.
258 *
259 * In addition, if locking can be enabled, we need a complete set of
260 * locking functions.
261 */
262 if (fnrandcnt != 3
263 || fnctxcnt != 3
264 || (fnenablelockcnt != 0 && fnenablelockcnt != 1)
265 || (fnlockcnt != 0 && fnlockcnt != 2)
266 #ifdef FIPS_MODULE
267 || fnzeroizecnt != 1
268 #endif
269 ) {
270 evp_rand_free(rand);
271 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
272 return NULL;
273 }
274
275 if (prov != NULL && !ossl_provider_up_ref(prov)) {
276 evp_rand_free(rand);
277 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
278 return NULL;
279 }
280 rand->prov = prov;
281
282 return rand;
283 }
284
EVP_RAND_fetch(OSSL_LIB_CTX * libctx,const char * algorithm,const char * properties)285 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
286 const char *properties)
287 {
288 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
289 evp_rand_from_algorithm, evp_rand_up_ref,
290 evp_rand_free);
291 }
292
EVP_RAND_up_ref(EVP_RAND * rand)293 int EVP_RAND_up_ref(EVP_RAND *rand)
294 {
295 return evp_rand_up_ref(rand);
296 }
297
EVP_RAND_free(EVP_RAND * rand)298 void EVP_RAND_free(EVP_RAND *rand)
299 {
300 evp_rand_free(rand);
301 }
302
evp_rand_get_number(const EVP_RAND * rand)303 int evp_rand_get_number(const EVP_RAND *rand)
304 {
305 return rand->name_id;
306 }
307
EVP_RAND_get0_name(const EVP_RAND * rand)308 const char *EVP_RAND_get0_name(const EVP_RAND *rand)
309 {
310 return rand->type_name;
311 }
312
EVP_RAND_get0_description(const EVP_RAND * rand)313 const char *EVP_RAND_get0_description(const EVP_RAND *rand)
314 {
315 return rand->description;
316 }
317
EVP_RAND_is_a(const EVP_RAND * rand,const char * name)318 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
319 {
320 return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name);
321 }
322
EVP_RAND_get0_provider(const EVP_RAND * rand)323 const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand)
324 {
325 return rand->prov;
326 }
327
EVP_RAND_get_params(EVP_RAND * rand,OSSL_PARAM params[])328 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
329 {
330 if (rand->get_params != NULL)
331 return rand->get_params(params);
332 return 1;
333 }
334
EVP_RAND_CTX_up_ref(EVP_RAND_CTX * ctx)335 int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx)
336 {
337 int ref = 0;
338
339 return CRYPTO_UP_REF(&ctx->refcnt, &ref);
340 }
341
EVP_RAND_CTX_new(EVP_RAND * rand,EVP_RAND_CTX * parent)342 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
343 {
344 EVP_RAND_CTX *ctx;
345 void *parent_ctx = NULL;
346 const OSSL_DISPATCH *parent_dispatch = NULL;
347
348 if (rand == NULL) {
349 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
350 return NULL;
351 }
352
353 ctx = OPENSSL_zalloc(sizeof(*ctx));
354 if (ctx == NULL)
355 return NULL;
356 if (!CRYPTO_NEW_REF(&ctx->refcnt, 1)) {
357 OPENSSL_free(ctx);
358 return NULL;
359 }
360 if (parent != NULL) {
361 if (!EVP_RAND_CTX_up_ref(parent)) {
362 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
363 CRYPTO_FREE_REF(&ctx->refcnt);
364 OPENSSL_free(ctx);
365 return NULL;
366 }
367 parent_ctx = parent->algctx;
368 parent_dispatch = parent->meth->dispatch;
369 }
370 if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
371 parent_dispatch)) == NULL
372 || !EVP_RAND_up_ref(rand)) {
373 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
374 rand->freectx(ctx->algctx);
375 CRYPTO_FREE_REF(&ctx->refcnt);
376 OPENSSL_free(ctx);
377 EVP_RAND_CTX_free(parent);
378 return NULL;
379 }
380 ctx->meth = rand;
381 ctx->parent = parent;
382 return ctx;
383 }
384
EVP_RAND_CTX_free(EVP_RAND_CTX * ctx)385 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
386 {
387 int ref = 0;
388 EVP_RAND_CTX *parent;
389
390 if (ctx == NULL)
391 return;
392
393 CRYPTO_DOWN_REF(&ctx->refcnt, &ref);
394 if (ref > 0)
395 return;
396 parent = ctx->parent;
397 ctx->meth->freectx(ctx->algctx);
398 ctx->algctx = NULL;
399 EVP_RAND_free(ctx->meth);
400 CRYPTO_FREE_REF(&ctx->refcnt);
401 OPENSSL_free(ctx);
402 EVP_RAND_CTX_free(parent);
403 }
404
EVP_RAND_CTX_get0_rand(EVP_RAND_CTX * ctx)405 EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx)
406 {
407 return ctx->meth;
408 }
409
evp_rand_get_ctx_params_locked(EVP_RAND_CTX * ctx,OSSL_PARAM params[])410 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
411 OSSL_PARAM params[])
412 {
413 return ctx->meth->get_ctx_params(ctx->algctx, params);
414 }
415
EVP_RAND_CTX_get_params(EVP_RAND_CTX * ctx,OSSL_PARAM params[])416 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
417 {
418 int res;
419
420 if (!evp_rand_lock(ctx))
421 return 0;
422 res = evp_rand_get_ctx_params_locked(ctx, params);
423 evp_rand_unlock(ctx);
424 return res;
425 }
426
evp_rand_set_ctx_params_locked(EVP_RAND_CTX * ctx,const OSSL_PARAM params[])427 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
428 const OSSL_PARAM params[])
429 {
430 if (ctx->meth->set_ctx_params != NULL)
431 return ctx->meth->set_ctx_params(ctx->algctx, params);
432 return 1;
433 }
434
EVP_RAND_CTX_set_params(EVP_RAND_CTX * ctx,const OSSL_PARAM params[])435 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
436 {
437 int res;
438
439 if (!evp_rand_lock(ctx))
440 return 0;
441 res = evp_rand_set_ctx_params_locked(ctx, params);
442 evp_rand_unlock(ctx);
443 return res;
444 }
445
EVP_RAND_gettable_params(const EVP_RAND * rand)446 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
447 {
448 if (rand->gettable_params == NULL)
449 return NULL;
450 return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand)));
451 }
452
EVP_RAND_gettable_ctx_params(const EVP_RAND * rand)453 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
454 {
455 void *provctx;
456
457 if (rand->gettable_ctx_params == NULL)
458 return NULL;
459 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
460 return rand->gettable_ctx_params(NULL, provctx);
461 }
462
EVP_RAND_settable_ctx_params(const EVP_RAND * rand)463 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
464 {
465 void *provctx;
466
467 if (rand->settable_ctx_params == NULL)
468 return NULL;
469 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
470 return rand->settable_ctx_params(NULL, provctx);
471 }
472
EVP_RAND_CTX_gettable_params(EVP_RAND_CTX * ctx)473 const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx)
474 {
475 void *provctx;
476
477 if (ctx->meth->gettable_ctx_params == NULL)
478 return NULL;
479 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
480 return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
481 }
482
EVP_RAND_CTX_settable_params(EVP_RAND_CTX * ctx)483 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
484 {
485 void *provctx;
486
487 if (ctx->meth->settable_ctx_params == NULL)
488 return NULL;
489 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
490 return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
491 }
492
EVP_RAND_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_RAND * rand,void * arg),void * arg)493 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
494 void (*fn)(EVP_RAND *rand, void *arg),
495 void *arg)
496 {
497 evp_generic_do_all(libctx, OSSL_OP_RAND,
498 (void (*)(void *, void *))fn, arg,
499 evp_rand_from_algorithm, evp_rand_up_ref,
500 evp_rand_free);
501 }
502
EVP_RAND_names_do_all(const EVP_RAND * rand,void (* fn)(const char * name,void * data),void * data)503 int EVP_RAND_names_do_all(const EVP_RAND *rand,
504 void (*fn)(const char *name, void *data),
505 void *data)
506 {
507 if (rand->prov != NULL)
508 return evp_names_do_all(rand->prov, rand->name_id, fn, data);
509
510 return 1;
511 }
512
evp_rand_instantiate_locked(EVP_RAND_CTX * ctx,unsigned int strength,int prediction_resistance,const unsigned char * pstr,size_t pstr_len,const OSSL_PARAM params[])513 static int evp_rand_instantiate_locked
514 (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
515 const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[])
516 {
517 return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance,
518 pstr, pstr_len, params);
519 }
520
EVP_RAND_instantiate(EVP_RAND_CTX * ctx,unsigned int strength,int prediction_resistance,const unsigned char * pstr,size_t pstr_len,const OSSL_PARAM params[])521 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
522 int prediction_resistance,
523 const unsigned char *pstr, size_t pstr_len,
524 const OSSL_PARAM params[])
525 {
526 int res;
527
528 if (!evp_rand_lock(ctx))
529 return 0;
530 res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance,
531 pstr, pstr_len, params);
532 evp_rand_unlock(ctx);
533 return res;
534 }
535
evp_rand_uninstantiate_locked(EVP_RAND_CTX * ctx)536 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
537 {
538 return ctx->meth->uninstantiate(ctx->algctx);
539 }
540
EVP_RAND_uninstantiate(EVP_RAND_CTX * ctx)541 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
542 {
543 int res;
544
545 if (!evp_rand_lock(ctx))
546 return 0;
547 res = evp_rand_uninstantiate_locked(ctx);
548 evp_rand_unlock(ctx);
549 return res;
550 }
551
evp_rand_generate_locked(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen,unsigned int strength,int prediction_resistance,const unsigned char * addin,size_t addin_len)552 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
553 size_t outlen, unsigned int strength,
554 int prediction_resistance,
555 const unsigned char *addin,
556 size_t addin_len)
557 {
558 size_t chunk, max_request = 0;
559 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
560
561 params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
562 &max_request);
563 if (!evp_rand_get_ctx_params_locked(ctx, params)
564 || max_request == 0) {
565 ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
566 return 0;
567 }
568 for (; outlen > 0; outlen -= chunk, out += chunk) {
569 chunk = outlen > max_request ? max_request : outlen;
570 if (!ctx->meth->generate(ctx->algctx, out, chunk, strength,
571 prediction_resistance, addin, addin_len)) {
572 ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR);
573 return 0;
574 }
575 /*
576 * Prediction resistance is only relevant the first time around,
577 * subsequently, the DRBG has already been properly reseeded.
578 */
579 prediction_resistance = 0;
580 }
581 return 1;
582 }
583
EVP_RAND_generate(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen,unsigned int strength,int prediction_resistance,const unsigned char * addin,size_t addin_len)584 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
585 unsigned int strength, int prediction_resistance,
586 const unsigned char *addin, size_t addin_len)
587 {
588 int res;
589
590 if (!evp_rand_lock(ctx))
591 return 0;
592 res = evp_rand_generate_locked(ctx, out, outlen, strength,
593 prediction_resistance, addin, addin_len);
594 evp_rand_unlock(ctx);
595 return res;
596 }
597
evp_rand_reseed_locked(EVP_RAND_CTX * ctx,int prediction_resistance,const unsigned char * ent,size_t ent_len,const unsigned char * addin,size_t addin_len)598 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
599 const unsigned char *ent, size_t ent_len,
600 const unsigned char *addin, size_t addin_len)
601 {
602 if (ctx->meth->reseed != NULL)
603 return ctx->meth->reseed(ctx->algctx, prediction_resistance,
604 ent, ent_len, addin, addin_len);
605 return 1;
606 }
607
EVP_RAND_reseed(EVP_RAND_CTX * ctx,int prediction_resistance,const unsigned char * ent,size_t ent_len,const unsigned char * addin,size_t addin_len)608 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
609 const unsigned char *ent, size_t ent_len,
610 const unsigned char *addin, size_t addin_len)
611 {
612 int res;
613
614 if (!evp_rand_lock(ctx))
615 return 0;
616 res = evp_rand_reseed_locked(ctx, prediction_resistance,
617 ent, ent_len, addin, addin_len);
618 evp_rand_unlock(ctx);
619 return res;
620 }
621
evp_rand_strength_locked(EVP_RAND_CTX * ctx)622 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx)
623 {
624 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
625 unsigned int strength = 0;
626
627 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
628 if (!evp_rand_get_ctx_params_locked(ctx, params))
629 return 0;
630 return strength;
631 }
632
EVP_RAND_get_strength(EVP_RAND_CTX * ctx)633 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx)
634 {
635 unsigned int res;
636
637 if (!evp_rand_lock(ctx))
638 return 0;
639 res = evp_rand_strength_locked(ctx);
640 evp_rand_unlock(ctx);
641 return res;
642 }
643
evp_rand_nonce_locked(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen)644 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
645 size_t outlen)
646 {
647 unsigned int str = evp_rand_strength_locked(ctx);
648
649 if (ctx->meth->nonce == NULL)
650 return 0;
651 if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
652 return 1;
653 return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
654 }
655
EVP_RAND_nonce(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen)656 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
657 {
658 int res;
659
660 if (!evp_rand_lock(ctx))
661 return 0;
662 res = evp_rand_nonce_locked(ctx, out, outlen);
663 evp_rand_unlock(ctx);
664 return res;
665 }
666
EVP_RAND_get_state(EVP_RAND_CTX * ctx)667 int EVP_RAND_get_state(EVP_RAND_CTX *ctx)
668 {
669 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
670 int state;
671
672 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state);
673 if (!EVP_RAND_CTX_get_params(ctx, params))
674 state = EVP_RAND_STATE_ERROR;
675 return state;
676 }
677
evp_rand_verify_zeroization_locked(EVP_RAND_CTX * ctx)678 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
679 {
680 if (ctx->meth->verify_zeroization != NULL)
681 return ctx->meth->verify_zeroization(ctx->algctx);
682 return 0;
683 }
684
EVP_RAND_verify_zeroization(EVP_RAND_CTX * ctx)685 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
686 {
687 int res;
688
689 if (!evp_rand_lock(ctx))
690 return 0;
691 res = evp_rand_verify_zeroization_locked(ctx);
692 evp_rand_unlock(ctx);
693 return res;
694 }
695
evp_rand_can_seed(EVP_RAND_CTX * ctx)696 int evp_rand_can_seed(EVP_RAND_CTX *ctx)
697 {
698 return ctx->meth->get_seed != NULL;
699 }
700
evp_rand_get_seed_locked(EVP_RAND_CTX * ctx,unsigned char ** buffer,int entropy,size_t min_len,size_t max_len,int prediction_resistance,const unsigned char * adin,size_t adin_len)701 static size_t evp_rand_get_seed_locked(EVP_RAND_CTX *ctx,
702 unsigned char **buffer,
703 int entropy,
704 size_t min_len, size_t max_len,
705 int prediction_resistance,
706 const unsigned char *adin,
707 size_t adin_len)
708 {
709 if (ctx->meth->get_seed != NULL)
710 return ctx->meth->get_seed(ctx->algctx, buffer,
711 entropy, min_len, max_len,
712 prediction_resistance,
713 adin, adin_len);
714 return 0;
715 }
716
evp_rand_get_seed(EVP_RAND_CTX * ctx,unsigned char ** buffer,int entropy,size_t min_len,size_t max_len,int prediction_resistance,const unsigned char * adin,size_t adin_len)717 size_t evp_rand_get_seed(EVP_RAND_CTX *ctx,
718 unsigned char **buffer,
719 int entropy, size_t min_len, size_t max_len,
720 int prediction_resistance,
721 const unsigned char *adin, size_t adin_len)
722 {
723 int res;
724
725 if (!evp_rand_lock(ctx))
726 return 0;
727 res = evp_rand_get_seed_locked(ctx,
728 buffer,
729 entropy, min_len, max_len,
730 prediction_resistance,
731 adin, adin_len);
732 evp_rand_unlock(ctx);
733 return res;
734 }
735
evp_rand_clear_seed_locked(EVP_RAND_CTX * ctx,unsigned char * buffer,size_t b_len)736 static void evp_rand_clear_seed_locked(EVP_RAND_CTX *ctx,
737 unsigned char *buffer, size_t b_len)
738 {
739 if (ctx->meth->clear_seed != NULL)
740 ctx->meth->clear_seed(ctx->algctx, buffer, b_len);
741 }
742
evp_rand_clear_seed(EVP_RAND_CTX * ctx,unsigned char * buffer,size_t b_len)743 void evp_rand_clear_seed(EVP_RAND_CTX *ctx,
744 unsigned char *buffer, size_t b_len)
745 {
746 if (!evp_rand_lock(ctx))
747 return;
748 evp_rand_clear_seed_locked(ctx, buffer, b_len);
749 evp_rand_unlock(ctx);
750 }
751