xref: /openssl/include/crypto/rand.h (revision 9574842e) 
1 /*
2  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * Licensed under the Apache License 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  * https://www.openssl.org/source/license.html
15  * or in the file LICENSE in the source distribution.
16  */
17 
18 #ifndef OSSL_CRYPTO_RAND_H
19 # define OSSL_CRYPTO_RAND_H
20 # pragma once
21 
22 # include <openssl/rand.h>
23 # include "crypto/rand_pool.h"
24 
25 # if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
26 #  include <Availability.h>
27 #  if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \
28      (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
29 #   define OPENSSL_APPLE_CRYPTO_RANDOM 1
30 #   include <CommonCrypto/CommonCryptoError.h>
31 #   include <CommonCrypto/CommonRandom.h>
32 #  endif
33 # endif
34 
35 /*
36  * Defines related to seed sources
37  */
38 #ifndef DEVRANDOM
39 /*
40  * set this to a comma-separated list of 'random' device files to try out. By
41  * default, we will try to read at least one of these files
42  */
43 # define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
44 # if defined(__linux) && !defined(__ANDROID__)
45 #  ifndef DEVRANDOM_WAIT
46 #   define DEVRANDOM_WAIT   "/dev/random"
47 #  endif
48 /*
49  * Linux kernels 4.8 and later changes how their random device works and there
50  * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2)
51  * should be used instead.
52  */
53 #  ifndef DEVRANDOM_SAFE_KERNEL
54 #   define DEVRANDOM_SAFE_KERNEL        4, 8
55 #  endif
56 /*
57  * Some operating systems do not permit select(2) on their random devices,
58  * defining this to zero will force the use of read(2) to extract one byte
59  * from /dev/random.
60  */
61 #  ifndef DEVRANDM_WAIT_USE_SELECT
62 #   define DEVRANDM_WAIT_USE_SELECT     1
63 #  endif
64 /*
65  * Define the shared memory identifier used to indicate if the operating
66  * system has properly seeded the DEVRANDOM source.
67  */
68 #  ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID
69 #   define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114
70 #  endif
71 
72 # endif
73 #endif
74 
75 #if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
76 /*
77  * set this to a comma-separated list of 'egd' sockets to try out. These
78  * sockets will be tried in the order listed in case accessing the device
79  * files listed in DEVRANDOM did not return enough randomness.
80  */
81 # define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
82 #endif
83 
84 void ossl_rand_cleanup_int(void);
85 
86 /*
87  * Initialise the random pool reseeding sources.
88  *
89  * Returns 1 on success and 0 on failure.
90  */
91 int ossl_rand_pool_init(void);
92 
93 /*
94  * Finalise the random pool reseeding sources.
95  */
96 void ossl_rand_pool_cleanup(void);
97 
98 /*
99  * Control the random pool use of open file descriptors.
100  */
101 void ossl_rand_pool_keep_random_devices_open(int keep);
102 
103 /*
104  * Configuration
105  */
106 void ossl_random_add_conf_module(void);
107 
108 /*
109  * Get and cleanup random seed material.
110  */
111 size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle,
112                              unsigned char **pout, int entropy,
113                              size_t min_len, size_t max_len);
114 void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle,
115                                unsigned char *buf, size_t len);
116 size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle,
117                            unsigned char **pout, size_t min_len, size_t max_len,
118                            const void *salt, size_t salt_len);
119 void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle,
120                              unsigned char *buf, size_t len);
121 
122 /*
123  * Get seeding material from the operating system sources.
124  */
125 size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
126 int ossl_pool_add_nonce_data(RAND_POOL *pool);
127 
128 #endif
129