Lines Matching +full:un +full:- +full:approved
2 * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved.
27 * Support framework for NIST SP 800-90A DRBG
33 * instantiation and un-instantiate, and reuse within a new/free
36 * a much bigger deal than just re-setting an allocated resource.)
39 /* NIST SP 800-90A DRBG recommends the use of a personalization string. */
51 * of whether drbg->lock is present or not.
65 void *parent = drbg->parent; in ossl_drbg_lock_parent()
68 && drbg->parent_lock != NULL in ossl_drbg_lock_parent()
69 && !drbg->parent_lock(parent)) { in ossl_drbg_lock_parent()
78 void *parent = drbg->parent; in ossl_drbg_unlock_parent()
80 if (parent != NULL && drbg->parent_unlock != NULL) in ossl_drbg_unlock_parent()
81 drbg->parent_unlock(parent); in ossl_drbg_unlock_parent()
87 void *parent = drbg->parent; in get_parent_strength()
90 if (drbg->parent_get_ctx_params == NULL) { in get_parent_strength()
100 res = drbg->parent_get_ctx_params(parent, params); in get_parent_strength()
112 void *parent = drbg->parent; in get_parent_reseed_count()
120 if (!drbg->parent_get_ctx_params(parent, params)) in get_parent_reseed_count()
126 r = tsan_load(&drbg->reseed_counter) - 2; in get_parent_reseed_count()
175 drbg->strength, prediction_resistance, in ossl_drbg_get_seed()
199 if (drbg->parent == NULL) in get_entropy()
204 return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len, in get_entropy()
207 if (drbg->parent_get_seed == NULL) { in get_entropy()
213 if (drbg->strength > p_str) { in get_entropy()
215 * We currently don't support the algorithm from NIST SP 800-90C in get_entropy()
224 * generating bits from it. Note: taking the lock will be a no-op in get_entropy()
225 * if locking is not required (while drbg->parent->lock == NULL). in get_entropy()
238 bytes = drbg->parent_get_seed(drbg->parent, pout, in get_entropy()
239 entropy > 0 ? entropy : (int) drbg->strength, in get_entropy()
248 if (drbg->parent == NULL) { in cleanup_entropy()
249 ossl_prov_cleanup_entropy(drbg->provctx, out, outlen); in cleanup_entropy()
250 } else if (drbg->parent_clear_seed != NULL) { in cleanup_entropy()
253 drbg->parent_clear_seed(drbg->parent, out, outlen); in cleanup_entropy()
278 dngbl->rand_nonce_lock = CRYPTO_THREAD_lock_new(); in ossl_prov_drbg_nonce_ctx_new()
279 if (dngbl->rand_nonce_lock == NULL) { in ossl_prov_drbg_nonce_ctx_new()
294 CRYPTO_THREAD_lock_free(dngbl->rand_nonce_lock); in ossl_prov_drbg_nonce_ctx_free()
305 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); in prov_drbg_get_nonce()
316 if (drbg->parent != NULL && drbg->parent_nonce != NULL) { in prov_drbg_get_nonce()
317 n = drbg->parent_nonce(drbg->parent, NULL, 0, drbg->min_noncelen, in prov_drbg_get_nonce()
318 drbg->max_noncelen); in prov_drbg_get_nonce()
320 ret = drbg->parent_nonce(drbg->parent, buf, 0, in prov_drbg_get_nonce()
321 drbg->min_noncelen, drbg->max_noncelen); in prov_drbg_get_nonce()
333 if (!CRYPTO_atomic_add(&dngbl->rand_nonce_count, 1, &data.count, in prov_drbg_get_nonce()
334 dngbl->rand_nonce_lock)) in prov_drbg_get_nonce()
336 return ossl_prov_get_nonce(drbg->provctx, pout, min_len, max_len, in prov_drbg_get_nonce()
343 * |perslen| as prediction-resistance input.
345 * Requires that drbg->lock is already locked for write, if non-null.
357 if (strength > drbg->strength) { in ossl_prov_drbg_instantiate()
361 min_entropy = drbg->strength; in ossl_prov_drbg_instantiate()
362 min_entropylen = drbg->min_entropylen; in ossl_prov_drbg_instantiate()
363 max_entropylen = drbg->max_entropylen; in ossl_prov_drbg_instantiate()
369 if (perslen > drbg->max_perslen) { in ossl_prov_drbg_instantiate()
374 if (drbg->state != EVP_RAND_STATE_UNINITIALISED) { in ossl_prov_drbg_instantiate()
375 if (drbg->state == EVP_RAND_STATE_ERROR) in ossl_prov_drbg_instantiate()
382 drbg->state = EVP_RAND_STATE_ERROR; in ossl_prov_drbg_instantiate()
384 if (drbg->min_noncelen > 0) { in ossl_prov_drbg_instantiate()
385 if (drbg->parent_nonce != NULL) { in ossl_prov_drbg_instantiate()
386 noncelen = drbg->parent_nonce(drbg->parent, NULL, drbg->strength, in ossl_prov_drbg_instantiate()
387 drbg->min_noncelen, in ossl_prov_drbg_instantiate()
388 drbg->max_noncelen); in ossl_prov_drbg_instantiate()
398 if (noncelen != drbg->parent_nonce(drbg->parent, nonce, in ossl_prov_drbg_instantiate()
399 drbg->strength, in ossl_prov_drbg_instantiate()
400 drbg->min_noncelen, in ossl_prov_drbg_instantiate()
401 drbg->max_noncelen)) { in ossl_prov_drbg_instantiate()
406 } else if (drbg->parent != NULL) { in ossl_prov_drbg_instantiate()
409 * NIST SP800-90Ar1 section 9.1 says you can combine getting in ossl_prov_drbg_instantiate()
415 min_entropy += drbg->strength / 2; in ossl_prov_drbg_instantiate()
416 min_entropylen += drbg->min_noncelen; in ossl_prov_drbg_instantiate()
417 max_entropylen += drbg->max_noncelen; in ossl_prov_drbg_instantiate()
421 noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen, in ossl_prov_drbg_instantiate()
422 drbg->max_noncelen); in ossl_prov_drbg_instantiate()
423 if (noncelen < drbg->min_noncelen in ossl_prov_drbg_instantiate()
424 || noncelen > drbg->max_noncelen) { in ossl_prov_drbg_instantiate()
432 drbg->reseed_next_counter = tsan_load(&drbg->reseed_counter); in ossl_prov_drbg_instantiate()
433 if (drbg->reseed_next_counter) { in ossl_prov_drbg_instantiate()
434 drbg->reseed_next_counter++; in ossl_prov_drbg_instantiate()
435 if (!drbg->reseed_next_counter) in ossl_prov_drbg_instantiate()
436 drbg->reseed_next_counter = 1; in ossl_prov_drbg_instantiate()
448 if (!drbg->instantiate(drbg, entropy, entropylen, nonce, noncelen, in ossl_prov_drbg_instantiate()
456 drbg->state = EVP_RAND_STATE_READY; in ossl_prov_drbg_instantiate()
457 drbg->generate_counter = 1; in ossl_prov_drbg_instantiate()
458 drbg->reseed_time = time(NULL); in ossl_prov_drbg_instantiate()
459 tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter); in ossl_prov_drbg_instantiate()
463 ossl_prov_cleanup_nonce(drbg->provctx, nonce, noncelen); in ossl_prov_drbg_instantiate()
464 if (drbg->state == EVP_RAND_STATE_READY) in ossl_prov_drbg_instantiate()
472 * Requires that drbg->lock is already locked for write, if non-null.
478 drbg->state = EVP_RAND_STATE_UNINITIALISED; in ossl_prov_drbg_uninstantiate()
495 if (drbg->state != EVP_RAND_STATE_READY) { in ossl_prov_drbg_reseed_unlocked()
499 if (drbg->state == EVP_RAND_STATE_ERROR) { in ossl_prov_drbg_reseed_unlocked()
503 if (drbg->state == EVP_RAND_STATE_UNINITIALISED) { in ossl_prov_drbg_reseed_unlocked()
510 if (ent_len < drbg->min_entropylen) { in ossl_prov_drbg_reseed_unlocked()
512 drbg->state = EVP_RAND_STATE_ERROR; in ossl_prov_drbg_reseed_unlocked()
515 if (ent_len > drbg->max_entropylen) { in ossl_prov_drbg_reseed_unlocked()
517 drbg->state = EVP_RAND_STATE_ERROR; in ossl_prov_drbg_reseed_unlocked()
524 } else if (adinlen > drbg->max_adinlen) { in ossl_prov_drbg_reseed_unlocked()
529 drbg->state = EVP_RAND_STATE_ERROR; in ossl_prov_drbg_reseed_unlocked()
531 drbg->reseed_next_counter = tsan_load(&drbg->reseed_counter); in ossl_prov_drbg_reseed_unlocked()
532 if (drbg->reseed_next_counter) { in ossl_prov_drbg_reseed_unlocked()
533 drbg->reseed_next_counter++; in ossl_prov_drbg_reseed_unlocked()
534 if (!drbg->reseed_next_counter) in ossl_prov_drbg_reseed_unlocked()
535 drbg->reseed_next_counter = 1; in ossl_prov_drbg_reseed_unlocked()
541 * NIST SP-800-90A mandates that entropy *shall not* be provided in ossl_prov_drbg_reseed_unlocked()
545 * (NIST SP-800-90Ar1, Sections 9.1 and 9.2) in ossl_prov_drbg_reseed_unlocked()
547 if (!drbg->reseed(drbg, NULL, 0, ent, ent_len)) { in ossl_prov_drbg_reseed_unlocked()
552 if (!drbg->reseed(drbg, ent, ent_len, adin, adinlen)) { in ossl_prov_drbg_reseed_unlocked()
563 entropylen = get_entropy(drbg, &entropy, drbg->strength, in ossl_prov_drbg_reseed_unlocked()
564 drbg->min_entropylen, drbg->max_entropylen, in ossl_prov_drbg_reseed_unlocked()
566 if (entropylen < drbg->min_entropylen in ossl_prov_drbg_reseed_unlocked()
567 || entropylen > drbg->max_entropylen) { in ossl_prov_drbg_reseed_unlocked()
572 if (!drbg->reseed(drbg, entropy, entropylen, adin, adinlen)) in ossl_prov_drbg_reseed_unlocked()
575 drbg->state = EVP_RAND_STATE_READY; in ossl_prov_drbg_reseed_unlocked()
576 drbg->generate_counter = 1; in ossl_prov_drbg_reseed_unlocked()
577 drbg->reseed_time = time(NULL); in ossl_prov_drbg_reseed_unlocked()
578 tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter); in ossl_prov_drbg_reseed_unlocked()
579 if (drbg->parent != NULL) in ossl_prov_drbg_reseed_unlocked()
580 drbg->parent_reseed_counter = get_parent_reseed_count(drbg); in ossl_prov_drbg_reseed_unlocked()
584 if (drbg->state == EVP_RAND_STATE_READY) in ossl_prov_drbg_reseed_unlocked()
592 * Acquires the drbg->lock for writing, if non-null.
602 if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock)) in ossl_prov_drbg_reseed()
608 if (drbg->lock != NULL) in ossl_prov_drbg_reseed()
609 CRYPTO_THREAD_unlock(drbg->lock); in ossl_prov_drbg_reseed()
619 * Acquires the drbg->lock for writing if available
635 if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock)) in ossl_prov_drbg_generate()
638 if (drbg->state != EVP_RAND_STATE_READY) { in ossl_prov_drbg_generate()
642 if (drbg->state == EVP_RAND_STATE_ERROR) { in ossl_prov_drbg_generate()
646 if (drbg->state == EVP_RAND_STATE_UNINITIALISED) { in ossl_prov_drbg_generate()
651 if (strength > drbg->strength) { in ossl_prov_drbg_generate()
656 if (outlen > drbg->max_request) { in ossl_prov_drbg_generate()
660 if (adinlen > drbg->max_adinlen) { in ossl_prov_drbg_generate()
667 if (drbg->fork_id != fork_id) { in ossl_prov_drbg_generate()
668 drbg->fork_id = fork_id; in ossl_prov_drbg_generate()
672 if (drbg->reseed_interval > 0) { in ossl_prov_drbg_generate()
673 if (drbg->generate_counter >= drbg->reseed_interval) in ossl_prov_drbg_generate()
676 if (drbg->reseed_time_interval > 0) { in ossl_prov_drbg_generate()
678 if (now < drbg->reseed_time in ossl_prov_drbg_generate()
679 || now - drbg->reseed_time >= drbg->reseed_time_interval) in ossl_prov_drbg_generate()
682 if (drbg->parent != NULL in ossl_prov_drbg_generate()
683 && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) in ossl_prov_drbg_generate()
696 if (!drbg->generate(drbg, out, outlen, adin, adinlen)) { in ossl_prov_drbg_generate()
697 drbg->state = EVP_RAND_STATE_ERROR; in ossl_prov_drbg_generate()
702 drbg->generate_counter++; in ossl_prov_drbg_generate()
706 if (drbg->lock != NULL) in ossl_prov_drbg_generate()
707 CRYPTO_THREAD_unlock(drbg->lock); in ossl_prov_drbg_generate()
732 if (drbg->state == EVP_RAND_STATE_ERROR) in rand_drbg_restart()
733 drbg->uninstantiate(drbg); in rand_drbg_restart()
736 if (drbg->state == EVP_RAND_STATE_UNINITIALISED) in rand_drbg_restart()
738 ossl_prov_drbg_instantiate(drbg, drbg->strength, 0, NULL, 0); in rand_drbg_restart()
740 return drbg->state == EVP_RAND_STATE_READY; in rand_drbg_restart()
748 while (dispatch->function_id != 0) { in find_call()
749 if (dispatch->function_id == function) in find_call()
760 if (drbg != NULL && drbg->lock == NULL) { in ossl_drbg_enable_locking()
761 if (drbg->parent_enable_locking != NULL) in ossl_drbg_enable_locking()
762 if (!drbg->parent_enable_locking(drbg->parent)) { in ossl_drbg_enable_locking()
766 drbg->lock = CRYPTO_THREAD_lock_new(); in ossl_drbg_enable_locking()
767 if (drbg->lock == NULL) { in ossl_drbg_enable_locking()
808 drbg->provctx = provctx; in ossl_rand_drbg_new()
809 drbg->instantiate = instantiate; in ossl_rand_drbg_new()
810 drbg->uninstantiate = uninstantiate; in ossl_rand_drbg_new()
811 drbg->reseed = reseed; in ossl_rand_drbg_new()
812 drbg->generate = generate; in ossl_rand_drbg_new()
813 drbg->fork_id = openssl_get_fork_id(); in ossl_rand_drbg_new()
816 drbg->parent = parent; in ossl_rand_drbg_new()
818 drbg->parent_enable_locking = OSSL_FUNC_rand_enable_locking(pfunc); in ossl_rand_drbg_new()
820 drbg->parent_lock = OSSL_FUNC_rand_lock(pfunc); in ossl_rand_drbg_new()
822 drbg->parent_unlock = OSSL_FUNC_rand_unlock(pfunc); in ossl_rand_drbg_new()
824 drbg->parent_get_ctx_params = OSSL_FUNC_rand_get_ctx_params(pfunc); in ossl_rand_drbg_new()
826 drbg->parent_nonce = OSSL_FUNC_rand_nonce(pfunc); in ossl_rand_drbg_new()
828 drbg->parent_get_seed = OSSL_FUNC_rand_get_seed(pfunc); in ossl_rand_drbg_new()
830 drbg->parent_clear_seed = OSSL_FUNC_rand_clear_seed(pfunc); in ossl_rand_drbg_new()
833 drbg->max_entropylen = DRBG_MAX_LENGTH; in ossl_rand_drbg_new()
834 drbg->max_noncelen = DRBG_MAX_LENGTH; in ossl_rand_drbg_new()
835 drbg->max_perslen = DRBG_MAX_LENGTH; in ossl_rand_drbg_new()
836 drbg->max_adinlen = DRBG_MAX_LENGTH; in ossl_rand_drbg_new()
837 drbg->generate_counter = 1; in ossl_rand_drbg_new()
838 drbg->reseed_counter = 1; in ossl_rand_drbg_new()
839 drbg->reseed_interval = RESEED_INTERVAL; in ossl_rand_drbg_new()
840 drbg->reseed_time_interval = TIME_INTERVAL; in ossl_rand_drbg_new()
848 if (drbg->strength > p_str) { in ossl_rand_drbg_new()
850 * We currently don't support the algorithm from NIST SP 800-90C in ossl_rand_drbg_new()
873 CRYPTO_THREAD_lock_free(drbg->lock); in ossl_rand_drbg_free()
879 * least a read lock has been taken on drbg->lock
886 if (p != NULL && !OSSL_PARAM_set_int(p, drbg->state)) in ossl_drbg_get_ctx_params()
890 if (p != NULL && !OSSL_PARAM_set_int(p, drbg->strength)) in ossl_drbg_get_ctx_params()
894 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->min_entropylen)) in ossl_drbg_get_ctx_params()
898 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_entropylen)) in ossl_drbg_get_ctx_params()
902 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->min_noncelen)) in ossl_drbg_get_ctx_params()
906 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_noncelen)) in ossl_drbg_get_ctx_params()
910 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_perslen)) in ossl_drbg_get_ctx_params()
914 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_adinlen)) in ossl_drbg_get_ctx_params()
918 if (p != NULL && !OSSL_PARAM_set_uint(p, drbg->reseed_interval)) in ossl_drbg_get_ctx_params()
922 if (p != NULL && !OSSL_PARAM_set_time_t(p, drbg->reseed_time)) in ossl_drbg_get_ctx_params()
926 if (p != NULL && !OSSL_PARAM_set_time_t(p, drbg->reseed_time_interval)) in ossl_drbg_get_ctx_params()
946 if (!OSSL_PARAM_set_size_t(p, drbg->max_request)) in ossl_drbg_get_ctx_params_no_lock()
957 if (!OSSL_PARAM_set_uint(p, tsan_load(&drbg->reseed_counter))) in ossl_drbg_get_ctx_params_no_lock()
978 if (p != NULL && !OSSL_PARAM_get_uint(p, &drbg->reseed_interval)) in ossl_drbg_set_ctx_params()
982 if (p != NULL && !OSSL_PARAM_get_time_t(p, &drbg->reseed_time_interval)) in ossl_drbg_set_ctx_params()
991 /* FIPS 140-3 IG D.R limited DRBG digests to a specific set */ in digest_allowed()
994 "SHA2-256", "SHA2-512", /* non-truncated SHA2 allowed */ in digest_allowed()
995 "SHA3-256", "SHA3-512", /* non-truncated SHA3 allowed */ in digest_allowed()
1012 int approved = digest_allowed(md); in ossl_drbg_verify_digest() local
1014 if (!approved) { in ossl_drbg_verify_digest()