xref: /openssl/crypto/evp/evp_rand.c (revision 7998e7dc)
1 /*
2  * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/core.h>
15 #include <openssl/core_names.h>
16 #include <openssl/crypto.h>
17 #include "internal/cryptlib.h"
18 #include "internal/numbers.h"
19 #include "internal/provider.h"
20 #include "internal/core.h"
21 #include "crypto/evp.h"
22 #include "evp_local.h"
23 
24 struct evp_rand_st {
25     OSSL_PROVIDER *prov;
26     int name_id;
27     char *type_name;
28     const char *description;
29     CRYPTO_REF_COUNT refcnt;
30 
31     const OSSL_DISPATCH *dispatch;
32     OSSL_FUNC_rand_newctx_fn *newctx;
33     OSSL_FUNC_rand_freectx_fn *freectx;
34     OSSL_FUNC_rand_instantiate_fn *instantiate;
35     OSSL_FUNC_rand_uninstantiate_fn *uninstantiate;
36     OSSL_FUNC_rand_generate_fn *generate;
37     OSSL_FUNC_rand_reseed_fn *reseed;
38     OSSL_FUNC_rand_nonce_fn *nonce;
39     OSSL_FUNC_rand_enable_locking_fn *enable_locking;
40     OSSL_FUNC_rand_lock_fn *lock;
41     OSSL_FUNC_rand_unlock_fn *unlock;
42     OSSL_FUNC_rand_gettable_params_fn *gettable_params;
43     OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params;
44     OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params;
45     OSSL_FUNC_rand_get_params_fn *get_params;
46     OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params;
47     OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params;
48     OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization;
49     OSSL_FUNC_rand_get_seed_fn *get_seed;
50     OSSL_FUNC_rand_clear_seed_fn *clear_seed;
51 } /* EVP_RAND */ ;
52 
evp_rand_up_ref(void * vrand)53 static int evp_rand_up_ref(void *vrand)
54 {
55     EVP_RAND *rand = (EVP_RAND *)vrand;
56     int ref = 0;
57 
58     if (rand != NULL)
59         return CRYPTO_UP_REF(&rand->refcnt, &ref);
60     return 1;
61 }
62 
evp_rand_free(void * vrand)63 static void evp_rand_free(void *vrand)
64 {
65     EVP_RAND *rand = (EVP_RAND *)vrand;
66     int ref = 0;
67 
68     if (rand == NULL)
69         return;
70     CRYPTO_DOWN_REF(&rand->refcnt, &ref);
71     if (ref > 0)
72         return;
73     OPENSSL_free(rand->type_name);
74     ossl_provider_free(rand->prov);
75     CRYPTO_FREE_REF(&rand->refcnt);
76     OPENSSL_free(rand);
77 }
78 
evp_rand_new(void)79 static void *evp_rand_new(void)
80 {
81     EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
82 
83     if (rand == NULL)
84         return NULL;
85 
86     if (!CRYPTO_NEW_REF(&rand->refcnt, 1)) {
87         OPENSSL_free(rand);
88         return NULL;
89     }
90     return rand;
91 }
92 
93 /* Enable locking of the underlying DRBG/RAND if available */
EVP_RAND_enable_locking(EVP_RAND_CTX * rand)94 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
95 {
96     if (rand->meth->enable_locking != NULL)
97         return rand->meth->enable_locking(rand->algctx);
98     ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED);
99     return 0;
100 }
101 
102 /* Lock the underlying DRBG/RAND if available */
evp_rand_lock(EVP_RAND_CTX * rand)103 static int evp_rand_lock(EVP_RAND_CTX *rand)
104 {
105     if (rand->meth->lock != NULL)
106         return rand->meth->lock(rand->algctx);
107     return 1;
108 }
109 
110 /* Unlock the underlying DRBG/RAND if available */
evp_rand_unlock(EVP_RAND_CTX * rand)111 static void evp_rand_unlock(EVP_RAND_CTX *rand)
112 {
113     if (rand->meth->unlock != NULL)
114         rand->meth->unlock(rand->algctx);
115 }
116 
evp_rand_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)117 static void *evp_rand_from_algorithm(int name_id,
118                                      const OSSL_ALGORITHM *algodef,
119                                      OSSL_PROVIDER *prov)
120 {
121     const OSSL_DISPATCH *fns = algodef->implementation;
122     EVP_RAND *rand = NULL;
123     int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0;
124 #ifdef FIPS_MODULE
125     int fnzeroizecnt = 0;
126 #endif
127 
128     if ((rand = evp_rand_new()) == NULL) {
129         ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
130         return NULL;
131     }
132     rand->name_id = name_id;
133     if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
134         evp_rand_free(rand);
135         return NULL;
136     }
137     rand->description = algodef->algorithm_description;
138     rand->dispatch = fns;
139     for (; fns->function_id != 0; fns++) {
140         switch (fns->function_id) {
141         case OSSL_FUNC_RAND_NEWCTX:
142             if (rand->newctx != NULL)
143                 break;
144             rand->newctx = OSSL_FUNC_rand_newctx(fns);
145             fnctxcnt++;
146             break;
147         case OSSL_FUNC_RAND_FREECTX:
148             if (rand->freectx != NULL)
149                 break;
150             rand->freectx = OSSL_FUNC_rand_freectx(fns);
151             fnctxcnt++;
152             break;
153         case OSSL_FUNC_RAND_INSTANTIATE:
154             if (rand->instantiate != NULL)
155                 break;
156             rand->instantiate = OSSL_FUNC_rand_instantiate(fns);
157             fnrandcnt++;
158             break;
159         case OSSL_FUNC_RAND_UNINSTANTIATE:
160              if (rand->uninstantiate != NULL)
161                 break;
162             rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns);
163             fnrandcnt++;
164             break;
165         case OSSL_FUNC_RAND_GENERATE:
166             if (rand->generate != NULL)
167                 break;
168             rand->generate = OSSL_FUNC_rand_generate(fns);
169             fnrandcnt++;
170             break;
171         case OSSL_FUNC_RAND_RESEED:
172             if (rand->reseed != NULL)
173                 break;
174             rand->reseed = OSSL_FUNC_rand_reseed(fns);
175             break;
176         case OSSL_FUNC_RAND_NONCE:
177             if (rand->nonce != NULL)
178                 break;
179             rand->nonce = OSSL_FUNC_rand_nonce(fns);
180             break;
181         case OSSL_FUNC_RAND_ENABLE_LOCKING:
182             if (rand->enable_locking != NULL)
183                 break;
184             rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns);
185             fnenablelockcnt++;
186             break;
187         case OSSL_FUNC_RAND_LOCK:
188             if (rand->lock != NULL)
189                 break;
190             rand->lock = OSSL_FUNC_rand_lock(fns);
191             fnlockcnt++;
192             break;
193         case OSSL_FUNC_RAND_UNLOCK:
194             if (rand->unlock != NULL)
195                 break;
196             rand->unlock = OSSL_FUNC_rand_unlock(fns);
197             fnlockcnt++;
198             break;
199         case OSSL_FUNC_RAND_GETTABLE_PARAMS:
200             if (rand->gettable_params != NULL)
201                 break;
202             rand->gettable_params =
203                 OSSL_FUNC_rand_gettable_params(fns);
204             break;
205         case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
206             if (rand->gettable_ctx_params != NULL)
207                 break;
208             rand->gettable_ctx_params =
209                 OSSL_FUNC_rand_gettable_ctx_params(fns);
210             break;
211         case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
212             if (rand->settable_ctx_params != NULL)
213                 break;
214             rand->settable_ctx_params =
215                 OSSL_FUNC_rand_settable_ctx_params(fns);
216             break;
217         case OSSL_FUNC_RAND_GET_PARAMS:
218             if (rand->get_params != NULL)
219                 break;
220             rand->get_params = OSSL_FUNC_rand_get_params(fns);
221             break;
222         case OSSL_FUNC_RAND_GET_CTX_PARAMS:
223             if (rand->get_ctx_params != NULL)
224                 break;
225             rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns);
226             fnctxcnt++;
227             break;
228         case OSSL_FUNC_RAND_SET_CTX_PARAMS:
229             if (rand->set_ctx_params != NULL)
230                 break;
231             rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns);
232             break;
233         case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
234             if (rand->verify_zeroization != NULL)
235                 break;
236             rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns);
237 #ifdef FIPS_MODULE
238             fnzeroizecnt++;
239 #endif
240             break;
241         case OSSL_FUNC_RAND_GET_SEED:
242             if (rand->get_seed != NULL)
243                 break;
244             rand->get_seed = OSSL_FUNC_rand_get_seed(fns);
245             break;
246         case OSSL_FUNC_RAND_CLEAR_SEED:
247             if (rand->clear_seed != NULL)
248                 break;
249             rand->clear_seed = OSSL_FUNC_rand_clear_seed(fns);
250             break;
251         }
252     }
253     /*
254      * In order to be a consistent set of functions we must have at least
255      * a complete set of "rand" functions and a complete set of context
256      * management functions.  In FIPS mode, we also require the zeroization
257      * verification function.
258      *
259      * In addition, if locking can be enabled, we need a complete set of
260      * locking functions.
261      */
262     if (fnrandcnt != 3
263             || fnctxcnt != 3
264             || (fnenablelockcnt != 0 && fnenablelockcnt != 1)
265             || (fnlockcnt != 0 && fnlockcnt != 2)
266 #ifdef FIPS_MODULE
267             || fnzeroizecnt != 1
268 #endif
269        ) {
270         evp_rand_free(rand);
271         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
272         return NULL;
273     }
274 
275     if (prov != NULL && !ossl_provider_up_ref(prov)) {
276         evp_rand_free(rand);
277         ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
278         return NULL;
279     }
280     rand->prov = prov;
281 
282     return rand;
283 }
284 
EVP_RAND_fetch(OSSL_LIB_CTX * libctx,const char * algorithm,const char * properties)285 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
286                          const char *properties)
287 {
288     return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
289                              evp_rand_from_algorithm, evp_rand_up_ref,
290                              evp_rand_free);
291 }
292 
EVP_RAND_up_ref(EVP_RAND * rand)293 int EVP_RAND_up_ref(EVP_RAND *rand)
294 {
295     return evp_rand_up_ref(rand);
296 }
297 
EVP_RAND_free(EVP_RAND * rand)298 void EVP_RAND_free(EVP_RAND *rand)
299 {
300     evp_rand_free(rand);
301 }
302 
evp_rand_get_number(const EVP_RAND * rand)303 int evp_rand_get_number(const EVP_RAND *rand)
304 {
305     return rand->name_id;
306 }
307 
EVP_RAND_get0_name(const EVP_RAND * rand)308 const char *EVP_RAND_get0_name(const EVP_RAND *rand)
309 {
310     return rand->type_name;
311 }
312 
EVP_RAND_get0_description(const EVP_RAND * rand)313 const char *EVP_RAND_get0_description(const EVP_RAND *rand)
314 {
315     return rand->description;
316 }
317 
EVP_RAND_is_a(const EVP_RAND * rand,const char * name)318 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
319 {
320     return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name);
321 }
322 
EVP_RAND_get0_provider(const EVP_RAND * rand)323 const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand)
324 {
325     return rand->prov;
326 }
327 
EVP_RAND_get_params(EVP_RAND * rand,OSSL_PARAM params[])328 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
329 {
330     if (rand->get_params != NULL)
331         return rand->get_params(params);
332     return 1;
333 }
334 
EVP_RAND_CTX_up_ref(EVP_RAND_CTX * ctx)335 int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx)
336 {
337     int ref = 0;
338 
339     return CRYPTO_UP_REF(&ctx->refcnt, &ref);
340 }
341 
EVP_RAND_CTX_new(EVP_RAND * rand,EVP_RAND_CTX * parent)342 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
343 {
344     EVP_RAND_CTX *ctx;
345     void *parent_ctx = NULL;
346     const OSSL_DISPATCH *parent_dispatch = NULL;
347 
348     if (rand == NULL) {
349         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
350         return NULL;
351     }
352 
353     ctx = OPENSSL_zalloc(sizeof(*ctx));
354     if (ctx == NULL)
355         return NULL;
356     if (!CRYPTO_NEW_REF(&ctx->refcnt, 1)) {
357         OPENSSL_free(ctx);
358         return NULL;
359     }
360     if (parent != NULL) {
361         if (!EVP_RAND_CTX_up_ref(parent)) {
362             ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
363             CRYPTO_FREE_REF(&ctx->refcnt);
364             OPENSSL_free(ctx);
365             return NULL;
366         }
367         parent_ctx = parent->algctx;
368         parent_dispatch = parent->meth->dispatch;
369     }
370     if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
371                                     parent_dispatch)) == NULL
372             || !EVP_RAND_up_ref(rand)) {
373         ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
374         rand->freectx(ctx->algctx);
375         CRYPTO_FREE_REF(&ctx->refcnt);
376         OPENSSL_free(ctx);
377         EVP_RAND_CTX_free(parent);
378         return NULL;
379     }
380     ctx->meth = rand;
381     ctx->parent = parent;
382     return ctx;
383 }
384 
EVP_RAND_CTX_free(EVP_RAND_CTX * ctx)385 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
386 {
387     int ref = 0;
388     EVP_RAND_CTX *parent;
389 
390     if (ctx == NULL)
391         return;
392 
393     CRYPTO_DOWN_REF(&ctx->refcnt, &ref);
394     if (ref > 0)
395         return;
396     parent = ctx->parent;
397     ctx->meth->freectx(ctx->algctx);
398     ctx->algctx = NULL;
399     EVP_RAND_free(ctx->meth);
400     CRYPTO_FREE_REF(&ctx->refcnt);
401     OPENSSL_free(ctx);
402     EVP_RAND_CTX_free(parent);
403 }
404 
EVP_RAND_CTX_get0_rand(EVP_RAND_CTX * ctx)405 EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx)
406 {
407     return ctx->meth;
408 }
409 
evp_rand_get_ctx_params_locked(EVP_RAND_CTX * ctx,OSSL_PARAM params[])410 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
411                                           OSSL_PARAM params[])
412 {
413     return ctx->meth->get_ctx_params(ctx->algctx, params);
414 }
415 
EVP_RAND_CTX_get_params(EVP_RAND_CTX * ctx,OSSL_PARAM params[])416 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
417 {
418     int res;
419 
420     if (!evp_rand_lock(ctx))
421         return 0;
422     res = evp_rand_get_ctx_params_locked(ctx, params);
423     evp_rand_unlock(ctx);
424     return res;
425 }
426 
evp_rand_set_ctx_params_locked(EVP_RAND_CTX * ctx,const OSSL_PARAM params[])427 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
428                                           const OSSL_PARAM params[])
429 {
430     if (ctx->meth->set_ctx_params != NULL)
431         return ctx->meth->set_ctx_params(ctx->algctx, params);
432     return 1;
433 }
434 
EVP_RAND_CTX_set_params(EVP_RAND_CTX * ctx,const OSSL_PARAM params[])435 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
436 {
437     int res;
438 
439     if (!evp_rand_lock(ctx))
440         return 0;
441     res = evp_rand_set_ctx_params_locked(ctx, params);
442     evp_rand_unlock(ctx);
443     return res;
444 }
445 
EVP_RAND_gettable_params(const EVP_RAND * rand)446 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
447 {
448     if (rand->gettable_params == NULL)
449         return NULL;
450     return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand)));
451 }
452 
EVP_RAND_gettable_ctx_params(const EVP_RAND * rand)453 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
454 {
455     void *provctx;
456 
457     if (rand->gettable_ctx_params == NULL)
458         return NULL;
459     provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
460     return rand->gettable_ctx_params(NULL, provctx);
461 }
462 
EVP_RAND_settable_ctx_params(const EVP_RAND * rand)463 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
464 {
465     void *provctx;
466 
467     if (rand->settable_ctx_params == NULL)
468         return NULL;
469     provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
470     return rand->settable_ctx_params(NULL, provctx);
471 }
472 
EVP_RAND_CTX_gettable_params(EVP_RAND_CTX * ctx)473 const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx)
474 {
475     void *provctx;
476 
477     if (ctx->meth->gettable_ctx_params == NULL)
478         return NULL;
479     provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
480     return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
481 }
482 
EVP_RAND_CTX_settable_params(EVP_RAND_CTX * ctx)483 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
484 {
485     void *provctx;
486 
487     if (ctx->meth->settable_ctx_params == NULL)
488         return NULL;
489     provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
490     return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
491 }
492 
EVP_RAND_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_RAND * rand,void * arg),void * arg)493 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
494                               void (*fn)(EVP_RAND *rand, void *arg),
495                               void *arg)
496 {
497     evp_generic_do_all(libctx, OSSL_OP_RAND,
498                        (void (*)(void *, void *))fn, arg,
499                        evp_rand_from_algorithm, evp_rand_up_ref,
500                        evp_rand_free);
501 }
502 
EVP_RAND_names_do_all(const EVP_RAND * rand,void (* fn)(const char * name,void * data),void * data)503 int EVP_RAND_names_do_all(const EVP_RAND *rand,
504                           void (*fn)(const char *name, void *data),
505                           void *data)
506 {
507     if (rand->prov != NULL)
508         return evp_names_do_all(rand->prov, rand->name_id, fn, data);
509 
510     return 1;
511 }
512 
evp_rand_instantiate_locked(EVP_RAND_CTX * ctx,unsigned int strength,int prediction_resistance,const unsigned char * pstr,size_t pstr_len,const OSSL_PARAM params[])513 static int evp_rand_instantiate_locked
514     (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
515      const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[])
516 {
517     return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance,
518                                   pstr, pstr_len, params);
519 }
520 
EVP_RAND_instantiate(EVP_RAND_CTX * ctx,unsigned int strength,int prediction_resistance,const unsigned char * pstr,size_t pstr_len,const OSSL_PARAM params[])521 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
522                          int prediction_resistance,
523                          const unsigned char *pstr, size_t pstr_len,
524                          const OSSL_PARAM params[])
525 {
526     int res;
527 
528     if (!evp_rand_lock(ctx))
529         return 0;
530     res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance,
531                                       pstr, pstr_len, params);
532     evp_rand_unlock(ctx);
533     return res;
534 }
535 
evp_rand_uninstantiate_locked(EVP_RAND_CTX * ctx)536 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
537 {
538     return ctx->meth->uninstantiate(ctx->algctx);
539 }
540 
EVP_RAND_uninstantiate(EVP_RAND_CTX * ctx)541 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
542 {
543     int res;
544 
545     if (!evp_rand_lock(ctx))
546         return 0;
547     res = evp_rand_uninstantiate_locked(ctx);
548     evp_rand_unlock(ctx);
549     return res;
550 }
551 
evp_rand_generate_locked(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen,unsigned int strength,int prediction_resistance,const unsigned char * addin,size_t addin_len)552 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
553                                     size_t outlen, unsigned int strength,
554                                     int prediction_resistance,
555                                     const unsigned char *addin,
556                                     size_t addin_len)
557 {
558     size_t chunk, max_request = 0;
559     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
560 
561     params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
562                                             &max_request);
563     if (!evp_rand_get_ctx_params_locked(ctx, params)
564             || max_request == 0) {
565         ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
566         return 0;
567     }
568     for (; outlen > 0; outlen -= chunk, out += chunk) {
569         chunk = outlen > max_request ? max_request : outlen;
570         if (!ctx->meth->generate(ctx->algctx, out, chunk, strength,
571                                  prediction_resistance, addin, addin_len)) {
572             ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR);
573             return 0;
574         }
575         /*
576          * Prediction resistance is only relevant the first time around,
577          * subsequently, the DRBG has already been properly reseeded.
578          */
579         prediction_resistance = 0;
580     }
581     return 1;
582 }
583 
EVP_RAND_generate(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen,unsigned int strength,int prediction_resistance,const unsigned char * addin,size_t addin_len)584 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
585                       unsigned int strength, int prediction_resistance,
586                       const unsigned char *addin, size_t addin_len)
587 {
588     int res;
589 
590     if (!evp_rand_lock(ctx))
591         return 0;
592     res = evp_rand_generate_locked(ctx, out, outlen, strength,
593                                    prediction_resistance, addin, addin_len);
594     evp_rand_unlock(ctx);
595     return res;
596 }
597 
evp_rand_reseed_locked(EVP_RAND_CTX * ctx,int prediction_resistance,const unsigned char * ent,size_t ent_len,const unsigned char * addin,size_t addin_len)598 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
599                                   const unsigned char *ent, size_t ent_len,
600                                   const unsigned char *addin, size_t addin_len)
601 {
602     if (ctx->meth->reseed != NULL)
603         return ctx->meth->reseed(ctx->algctx, prediction_resistance,
604                                  ent, ent_len, addin, addin_len);
605     return 1;
606 }
607 
EVP_RAND_reseed(EVP_RAND_CTX * ctx,int prediction_resistance,const unsigned char * ent,size_t ent_len,const unsigned char * addin,size_t addin_len)608 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
609                     const unsigned char *ent, size_t ent_len,
610                     const unsigned char *addin, size_t addin_len)
611 {
612     int res;
613 
614     if (!evp_rand_lock(ctx))
615         return 0;
616     res = evp_rand_reseed_locked(ctx, prediction_resistance,
617                                  ent, ent_len, addin, addin_len);
618     evp_rand_unlock(ctx);
619     return res;
620 }
621 
evp_rand_strength_locked(EVP_RAND_CTX * ctx)622 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx)
623 {
624     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
625     unsigned int strength = 0;
626 
627     params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
628     if (!evp_rand_get_ctx_params_locked(ctx, params))
629         return 0;
630     return strength;
631 }
632 
EVP_RAND_get_strength(EVP_RAND_CTX * ctx)633 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx)
634 {
635     unsigned int res;
636 
637     if (!evp_rand_lock(ctx))
638         return 0;
639     res = evp_rand_strength_locked(ctx);
640     evp_rand_unlock(ctx);
641     return res;
642 }
643 
evp_rand_nonce_locked(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen)644 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
645                                  size_t outlen)
646 {
647     unsigned int str = evp_rand_strength_locked(ctx);
648 
649     if (ctx->meth->nonce == NULL)
650         return 0;
651     if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
652         return 1;
653     return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
654 }
655 
EVP_RAND_nonce(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen)656 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
657 {
658     int res;
659 
660     if (!evp_rand_lock(ctx))
661         return 0;
662     res = evp_rand_nonce_locked(ctx, out, outlen);
663     evp_rand_unlock(ctx);
664     return res;
665 }
666 
EVP_RAND_get_state(EVP_RAND_CTX * ctx)667 int EVP_RAND_get_state(EVP_RAND_CTX *ctx)
668 {
669     OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
670     int state;
671 
672     params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state);
673     if (!EVP_RAND_CTX_get_params(ctx, params))
674         state = EVP_RAND_STATE_ERROR;
675     return state;
676 }
677 
evp_rand_verify_zeroization_locked(EVP_RAND_CTX * ctx)678 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
679 {
680     if (ctx->meth->verify_zeroization != NULL)
681         return ctx->meth->verify_zeroization(ctx->algctx);
682     return 0;
683 }
684 
EVP_RAND_verify_zeroization(EVP_RAND_CTX * ctx)685 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
686 {
687     int res;
688 
689     if (!evp_rand_lock(ctx))
690         return 0;
691     res = evp_rand_verify_zeroization_locked(ctx);
692     evp_rand_unlock(ctx);
693     return res;
694 }
695 
evp_rand_can_seed(EVP_RAND_CTX * ctx)696 int evp_rand_can_seed(EVP_RAND_CTX *ctx)
697 {
698     return ctx->meth->get_seed != NULL;
699 }
700 
evp_rand_get_seed_locked(EVP_RAND_CTX * ctx,unsigned char ** buffer,int entropy,size_t min_len,size_t max_len,int prediction_resistance,const unsigned char * adin,size_t adin_len)701 static size_t evp_rand_get_seed_locked(EVP_RAND_CTX *ctx,
702                                        unsigned char **buffer,
703                                        int entropy,
704                                        size_t min_len, size_t max_len,
705                                        int prediction_resistance,
706                                        const unsigned char *adin,
707                                        size_t adin_len)
708 {
709     if (ctx->meth->get_seed != NULL)
710         return ctx->meth->get_seed(ctx->algctx, buffer,
711                                    entropy, min_len, max_len,
712                                    prediction_resistance,
713                                    adin, adin_len);
714     return 0;
715 }
716 
evp_rand_get_seed(EVP_RAND_CTX * ctx,unsigned char ** buffer,int entropy,size_t min_len,size_t max_len,int prediction_resistance,const unsigned char * adin,size_t adin_len)717 size_t evp_rand_get_seed(EVP_RAND_CTX *ctx,
718                          unsigned char **buffer,
719                          int entropy, size_t min_len, size_t max_len,
720                          int prediction_resistance,
721                          const unsigned char *adin, size_t adin_len)
722 {
723     int res;
724 
725     if (!evp_rand_lock(ctx))
726         return 0;
727     res = evp_rand_get_seed_locked(ctx,
728                                    buffer,
729                                    entropy, min_len, max_len,
730                                    prediction_resistance,
731                                    adin, adin_len);
732     evp_rand_unlock(ctx);
733     return res;
734 }
735 
evp_rand_clear_seed_locked(EVP_RAND_CTX * ctx,unsigned char * buffer,size_t b_len)736 static void evp_rand_clear_seed_locked(EVP_RAND_CTX *ctx,
737                                        unsigned char *buffer, size_t b_len)
738 {
739     if (ctx->meth->clear_seed != NULL)
740         ctx->meth->clear_seed(ctx->algctx, buffer, b_len);
741 }
742 
evp_rand_clear_seed(EVP_RAND_CTX * ctx,unsigned char * buffer,size_t b_len)743 void evp_rand_clear_seed(EVP_RAND_CTX *ctx,
744                          unsigned char *buffer, size_t b_len)
745 {
746     if (!evp_rand_lock(ctx))
747         return;
748     evp_rand_clear_seed_locked(ctx, buffer, b_len);
749     evp_rand_unlock(ctx);
750 }
751