1 /*
2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/core.h>
15 #include <openssl/core_names.h>
16 #include <openssl/crypto.h>
17 #include "internal/cryptlib.h"
18 #include "internal/numbers.h"
19 #include "internal/provider.h"
20 #include "internal/core.h"
21 #include "crypto/evp.h"
22 #include "evp_local.h"
23
24 struct evp_rand_st {
25 OSSL_PROVIDER *prov;
26 int name_id;
27 char *type_name;
28 const char *description;
29 CRYPTO_REF_COUNT refcnt;
30 CRYPTO_RWLOCK *refcnt_lock;
31
32 const OSSL_DISPATCH *dispatch;
33 OSSL_FUNC_rand_newctx_fn *newctx;
34 OSSL_FUNC_rand_freectx_fn *freectx;
35 OSSL_FUNC_rand_instantiate_fn *instantiate;
36 OSSL_FUNC_rand_uninstantiate_fn *uninstantiate;
37 OSSL_FUNC_rand_generate_fn *generate;
38 OSSL_FUNC_rand_reseed_fn *reseed;
39 OSSL_FUNC_rand_nonce_fn *nonce;
40 OSSL_FUNC_rand_enable_locking_fn *enable_locking;
41 OSSL_FUNC_rand_lock_fn *lock;
42 OSSL_FUNC_rand_unlock_fn *unlock;
43 OSSL_FUNC_rand_gettable_params_fn *gettable_params;
44 OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params;
45 OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params;
46 OSSL_FUNC_rand_get_params_fn *get_params;
47 OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params;
48 OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params;
49 OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization;
50 } /* EVP_RAND */ ;
51
evp_rand_up_ref(void * vrand)52 static int evp_rand_up_ref(void *vrand)
53 {
54 EVP_RAND *rand = (EVP_RAND *)vrand;
55 int ref = 0;
56
57 if (rand != NULL)
58 return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock);
59 return 1;
60 }
61
evp_rand_free(void * vrand)62 static void evp_rand_free(void *vrand)
63 {
64 EVP_RAND *rand = (EVP_RAND *)vrand;
65 int ref = 0;
66
67 if (rand == NULL)
68 return;
69 CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock);
70 if (ref > 0)
71 return;
72 OPENSSL_free(rand->type_name);
73 ossl_provider_free(rand->prov);
74 CRYPTO_THREAD_lock_free(rand->refcnt_lock);
75 OPENSSL_free(rand);
76 }
77
evp_rand_new(void)78 static void *evp_rand_new(void)
79 {
80 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
81
82 if (rand == NULL
83 || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
84 OPENSSL_free(rand);
85 return NULL;
86 }
87 rand->refcnt = 1;
88 return rand;
89 }
90
91 /* Enable locking of the underlying DRBG/RAND if available */
EVP_RAND_enable_locking(EVP_RAND_CTX * rand)92 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
93 {
94 if (rand->meth->enable_locking != NULL)
95 return rand->meth->enable_locking(rand->algctx);
96 ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED);
97 return 0;
98 }
99
100 /* Lock the underlying DRBG/RAND if available */
evp_rand_lock(EVP_RAND_CTX * rand)101 static int evp_rand_lock(EVP_RAND_CTX *rand)
102 {
103 if (rand->meth->lock != NULL)
104 return rand->meth->lock(rand->algctx);
105 return 1;
106 }
107
108 /* Unlock the underlying DRBG/RAND if available */
evp_rand_unlock(EVP_RAND_CTX * rand)109 static void evp_rand_unlock(EVP_RAND_CTX *rand)
110 {
111 if (rand->meth->unlock != NULL)
112 rand->meth->unlock(rand->algctx);
113 }
114
evp_rand_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)115 static void *evp_rand_from_algorithm(int name_id,
116 const OSSL_ALGORITHM *algodef,
117 OSSL_PROVIDER *prov)
118 {
119 const OSSL_DISPATCH *fns = algodef->implementation;
120 EVP_RAND *rand = NULL;
121 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0;
122 #ifdef FIPS_MODULE
123 int fnzeroizecnt = 0;
124 #endif
125
126 if ((rand = evp_rand_new()) == NULL) {
127 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
128 return NULL;
129 }
130 rand->name_id = name_id;
131 if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) {
132 evp_rand_free(rand);
133 return NULL;
134 }
135 rand->description = algodef->algorithm_description;
136 rand->dispatch = fns;
137 for (; fns->function_id != 0; fns++) {
138 switch (fns->function_id) {
139 case OSSL_FUNC_RAND_NEWCTX:
140 if (rand->newctx != NULL)
141 break;
142 rand->newctx = OSSL_FUNC_rand_newctx(fns);
143 fnctxcnt++;
144 break;
145 case OSSL_FUNC_RAND_FREECTX:
146 if (rand->freectx != NULL)
147 break;
148 rand->freectx = OSSL_FUNC_rand_freectx(fns);
149 fnctxcnt++;
150 break;
151 case OSSL_FUNC_RAND_INSTANTIATE:
152 if (rand->instantiate != NULL)
153 break;
154 rand->instantiate = OSSL_FUNC_rand_instantiate(fns);
155 fnrandcnt++;
156 break;
157 case OSSL_FUNC_RAND_UNINSTANTIATE:
158 if (rand->uninstantiate != NULL)
159 break;
160 rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns);
161 fnrandcnt++;
162 break;
163 case OSSL_FUNC_RAND_GENERATE:
164 if (rand->generate != NULL)
165 break;
166 rand->generate = OSSL_FUNC_rand_generate(fns);
167 fnrandcnt++;
168 break;
169 case OSSL_FUNC_RAND_RESEED:
170 if (rand->reseed != NULL)
171 break;
172 rand->reseed = OSSL_FUNC_rand_reseed(fns);
173 break;
174 case OSSL_FUNC_RAND_NONCE:
175 if (rand->nonce != NULL)
176 break;
177 rand->nonce = OSSL_FUNC_rand_nonce(fns);
178 break;
179 case OSSL_FUNC_RAND_ENABLE_LOCKING:
180 if (rand->enable_locking != NULL)
181 break;
182 rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns);
183 fnenablelockcnt++;
184 break;
185 case OSSL_FUNC_RAND_LOCK:
186 if (rand->lock != NULL)
187 break;
188 rand->lock = OSSL_FUNC_rand_lock(fns);
189 fnlockcnt++;
190 break;
191 case OSSL_FUNC_RAND_UNLOCK:
192 if (rand->unlock != NULL)
193 break;
194 rand->unlock = OSSL_FUNC_rand_unlock(fns);
195 fnlockcnt++;
196 break;
197 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
198 if (rand->gettable_params != NULL)
199 break;
200 rand->gettable_params =
201 OSSL_FUNC_rand_gettable_params(fns);
202 break;
203 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
204 if (rand->gettable_ctx_params != NULL)
205 break;
206 rand->gettable_ctx_params =
207 OSSL_FUNC_rand_gettable_ctx_params(fns);
208 break;
209 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
210 if (rand->settable_ctx_params != NULL)
211 break;
212 rand->settable_ctx_params =
213 OSSL_FUNC_rand_settable_ctx_params(fns);
214 break;
215 case OSSL_FUNC_RAND_GET_PARAMS:
216 if (rand->get_params != NULL)
217 break;
218 rand->get_params = OSSL_FUNC_rand_get_params(fns);
219 break;
220 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
221 if (rand->get_ctx_params != NULL)
222 break;
223 rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns);
224 fnctxcnt++;
225 break;
226 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
227 if (rand->set_ctx_params != NULL)
228 break;
229 rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns);
230 break;
231 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
232 if (rand->verify_zeroization != NULL)
233 break;
234 rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns);
235 #ifdef FIPS_MODULE
236 fnzeroizecnt++;
237 #endif
238 break;
239 }
240 }
241 /*
242 * In order to be a consistent set of functions we must have at least
243 * a complete set of "rand" functions and a complete set of context
244 * management functions. In FIPS mode, we also require the zeroization
245 * verification function.
246 *
247 * In addition, if locking can be enabled, we need a complete set of
248 * locking functions.
249 */
250 if (fnrandcnt != 3
251 || fnctxcnt != 3
252 || (fnenablelockcnt != 0 && fnenablelockcnt != 1)
253 || (fnlockcnt != 0 && fnlockcnt != 2)
254 #ifdef FIPS_MODULE
255 || fnzeroizecnt != 1
256 #endif
257 ) {
258 evp_rand_free(rand);
259 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
260 return NULL;
261 }
262
263 if (prov != NULL && !ossl_provider_up_ref(prov)) {
264 evp_rand_free(rand);
265 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
266 return NULL;
267 }
268 rand->prov = prov;
269
270 return rand;
271 }
272
EVP_RAND_fetch(OSSL_LIB_CTX * libctx,const char * algorithm,const char * properties)273 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
274 const char *properties)
275 {
276 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
277 evp_rand_from_algorithm, evp_rand_up_ref,
278 evp_rand_free);
279 }
280
EVP_RAND_up_ref(EVP_RAND * rand)281 int EVP_RAND_up_ref(EVP_RAND *rand)
282 {
283 return evp_rand_up_ref(rand);
284 }
285
EVP_RAND_free(EVP_RAND * rand)286 void EVP_RAND_free(EVP_RAND *rand)
287 {
288 evp_rand_free(rand);
289 }
290
evp_rand_get_number(const EVP_RAND * rand)291 int evp_rand_get_number(const EVP_RAND *rand)
292 {
293 return rand->name_id;
294 }
295
EVP_RAND_get0_name(const EVP_RAND * rand)296 const char *EVP_RAND_get0_name(const EVP_RAND *rand)
297 {
298 return rand->type_name;
299 }
300
EVP_RAND_get0_description(const EVP_RAND * rand)301 const char *EVP_RAND_get0_description(const EVP_RAND *rand)
302 {
303 return rand->description;
304 }
305
EVP_RAND_is_a(const EVP_RAND * rand,const char * name)306 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
307 {
308 return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name);
309 }
310
EVP_RAND_get0_provider(const EVP_RAND * rand)311 const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand)
312 {
313 return rand->prov;
314 }
315
EVP_RAND_get_params(EVP_RAND * rand,OSSL_PARAM params[])316 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
317 {
318 if (rand->get_params != NULL)
319 return rand->get_params(params);
320 return 1;
321 }
322
evp_rand_ctx_up_ref(EVP_RAND_CTX * ctx)323 static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx)
324 {
325 int ref = 0;
326
327 return CRYPTO_UP_REF(&ctx->refcnt, &ref, ctx->refcnt_lock);
328 }
329
EVP_RAND_CTX_new(EVP_RAND * rand,EVP_RAND_CTX * parent)330 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
331 {
332 EVP_RAND_CTX *ctx;
333 void *parent_ctx = NULL;
334 const OSSL_DISPATCH *parent_dispatch = NULL;
335
336 if (rand == NULL) {
337 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
338 return NULL;
339 }
340
341 ctx = OPENSSL_zalloc(sizeof(*ctx));
342 if (ctx == NULL || (ctx->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
343 OPENSSL_free(ctx);
344 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
345 return NULL;
346 }
347 if (parent != NULL) {
348 if (!evp_rand_ctx_up_ref(parent)) {
349 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
350 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
351 OPENSSL_free(ctx);
352 return NULL;
353 }
354 parent_ctx = parent->algctx;
355 parent_dispatch = parent->meth->dispatch;
356 }
357 if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
358 parent_dispatch)) == NULL
359 || !EVP_RAND_up_ref(rand)) {
360 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
361 rand->freectx(ctx->algctx);
362 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
363 OPENSSL_free(ctx);
364 EVP_RAND_CTX_free(parent);
365 return NULL;
366 }
367 ctx->meth = rand;
368 ctx->parent = parent;
369 ctx->refcnt = 1;
370 return ctx;
371 }
372
EVP_RAND_CTX_free(EVP_RAND_CTX * ctx)373 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
374 {
375 int ref = 0;
376 EVP_RAND_CTX *parent;
377
378 if (ctx == NULL)
379 return;
380
381 CRYPTO_DOWN_REF(&ctx->refcnt, &ref, ctx->refcnt_lock);
382 if (ref > 0)
383 return;
384 parent = ctx->parent;
385 ctx->meth->freectx(ctx->algctx);
386 ctx->algctx = NULL;
387 EVP_RAND_free(ctx->meth);
388 CRYPTO_THREAD_lock_free(ctx->refcnt_lock);
389 OPENSSL_free(ctx);
390 EVP_RAND_CTX_free(parent);
391 }
392
EVP_RAND_CTX_get0_rand(EVP_RAND_CTX * ctx)393 EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx)
394 {
395 return ctx->meth;
396 }
397
evp_rand_get_ctx_params_locked(EVP_RAND_CTX * ctx,OSSL_PARAM params[])398 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx,
399 OSSL_PARAM params[])
400 {
401 return ctx->meth->get_ctx_params(ctx->algctx, params);
402 }
403
EVP_RAND_CTX_get_params(EVP_RAND_CTX * ctx,OSSL_PARAM params[])404 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
405 {
406 int res;
407
408 if (!evp_rand_lock(ctx))
409 return 0;
410 res = evp_rand_get_ctx_params_locked(ctx, params);
411 evp_rand_unlock(ctx);
412 return res;
413 }
414
evp_rand_set_ctx_params_locked(EVP_RAND_CTX * ctx,const OSSL_PARAM params[])415 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx,
416 const OSSL_PARAM params[])
417 {
418 if (ctx->meth->set_ctx_params != NULL)
419 return ctx->meth->set_ctx_params(ctx->algctx, params);
420 return 1;
421 }
422
EVP_RAND_CTX_set_params(EVP_RAND_CTX * ctx,const OSSL_PARAM params[])423 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
424 {
425 int res;
426
427 if (!evp_rand_lock(ctx))
428 return 0;
429 res = evp_rand_set_ctx_params_locked(ctx, params);
430 evp_rand_unlock(ctx);
431 return res;
432 }
433
EVP_RAND_gettable_params(const EVP_RAND * rand)434 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
435 {
436 if (rand->gettable_params == NULL)
437 return NULL;
438 return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand)));
439 }
440
EVP_RAND_gettable_ctx_params(const EVP_RAND * rand)441 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
442 {
443 void *provctx;
444
445 if (rand->gettable_ctx_params == NULL)
446 return NULL;
447 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
448 return rand->gettable_ctx_params(NULL, provctx);
449 }
450
EVP_RAND_settable_ctx_params(const EVP_RAND * rand)451 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
452 {
453 void *provctx;
454
455 if (rand->settable_ctx_params == NULL)
456 return NULL;
457 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand));
458 return rand->settable_ctx_params(NULL, provctx);
459 }
460
EVP_RAND_CTX_gettable_params(EVP_RAND_CTX * ctx)461 const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx)
462 {
463 void *provctx;
464
465 if (ctx->meth->gettable_ctx_params == NULL)
466 return NULL;
467 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
468 return ctx->meth->gettable_ctx_params(ctx->algctx, provctx);
469 }
470
EVP_RAND_CTX_settable_params(EVP_RAND_CTX * ctx)471 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx)
472 {
473 void *provctx;
474
475 if (ctx->meth->settable_ctx_params == NULL)
476 return NULL;
477 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth));
478 return ctx->meth->settable_ctx_params(ctx->algctx, provctx);
479 }
480
EVP_RAND_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_RAND * rand,void * arg),void * arg)481 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
482 void (*fn)(EVP_RAND *rand, void *arg),
483 void *arg)
484 {
485 evp_generic_do_all(libctx, OSSL_OP_RAND,
486 (void (*)(void *, void *))fn, arg,
487 evp_rand_from_algorithm, evp_rand_up_ref,
488 evp_rand_free);
489 }
490
EVP_RAND_names_do_all(const EVP_RAND * rand,void (* fn)(const char * name,void * data),void * data)491 int EVP_RAND_names_do_all(const EVP_RAND *rand,
492 void (*fn)(const char *name, void *data),
493 void *data)
494 {
495 if (rand->prov != NULL)
496 return evp_names_do_all(rand->prov, rand->name_id, fn, data);
497
498 return 1;
499 }
500
evp_rand_instantiate_locked(EVP_RAND_CTX * ctx,unsigned int strength,int prediction_resistance,const unsigned char * pstr,size_t pstr_len,const OSSL_PARAM params[])501 static int evp_rand_instantiate_locked
502 (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance,
503 const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[])
504 {
505 return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance,
506 pstr, pstr_len, params);
507 }
508
EVP_RAND_instantiate(EVP_RAND_CTX * ctx,unsigned int strength,int prediction_resistance,const unsigned char * pstr,size_t pstr_len,const OSSL_PARAM params[])509 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
510 int prediction_resistance,
511 const unsigned char *pstr, size_t pstr_len,
512 const OSSL_PARAM params[])
513 {
514 int res;
515
516 if (!evp_rand_lock(ctx))
517 return 0;
518 res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance,
519 pstr, pstr_len, params);
520 evp_rand_unlock(ctx);
521 return res;
522 }
523
evp_rand_uninstantiate_locked(EVP_RAND_CTX * ctx)524 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx)
525 {
526 return ctx->meth->uninstantiate(ctx->algctx);
527 }
528
EVP_RAND_uninstantiate(EVP_RAND_CTX * ctx)529 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
530 {
531 int res;
532
533 if (!evp_rand_lock(ctx))
534 return 0;
535 res = evp_rand_uninstantiate_locked(ctx);
536 evp_rand_unlock(ctx);
537 return res;
538 }
539
evp_rand_generate_locked(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen,unsigned int strength,int prediction_resistance,const unsigned char * addin,size_t addin_len)540 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out,
541 size_t outlen, unsigned int strength,
542 int prediction_resistance,
543 const unsigned char *addin,
544 size_t addin_len)
545 {
546 size_t chunk, max_request = 0;
547 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
548
549 params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST,
550 &max_request);
551 if (!evp_rand_get_ctx_params_locked(ctx, params)
552 || max_request == 0) {
553 ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
554 return 0;
555 }
556 for (; outlen > 0; outlen -= chunk, out += chunk) {
557 chunk = outlen > max_request ? max_request : outlen;
558 if (!ctx->meth->generate(ctx->algctx, out, chunk, strength,
559 prediction_resistance, addin, addin_len)) {
560 ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR);
561 return 0;
562 }
563 /*
564 * Prediction resistance is only relevant the first time around,
565 * subsequently, the DRBG has already been properly reseeded.
566 */
567 prediction_resistance = 0;
568 }
569 return 1;
570 }
571
EVP_RAND_generate(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen,unsigned int strength,int prediction_resistance,const unsigned char * addin,size_t addin_len)572 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
573 unsigned int strength, int prediction_resistance,
574 const unsigned char *addin, size_t addin_len)
575 {
576 int res;
577
578 if (!evp_rand_lock(ctx))
579 return 0;
580 res = evp_rand_generate_locked(ctx, out, outlen, strength,
581 prediction_resistance, addin, addin_len);
582 evp_rand_unlock(ctx);
583 return res;
584 }
585
evp_rand_reseed_locked(EVP_RAND_CTX * ctx,int prediction_resistance,const unsigned char * ent,size_t ent_len,const unsigned char * addin,size_t addin_len)586 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance,
587 const unsigned char *ent, size_t ent_len,
588 const unsigned char *addin, size_t addin_len)
589 {
590 if (ctx->meth->reseed != NULL)
591 return ctx->meth->reseed(ctx->algctx, prediction_resistance,
592 ent, ent_len, addin, addin_len);
593 return 1;
594 }
595
EVP_RAND_reseed(EVP_RAND_CTX * ctx,int prediction_resistance,const unsigned char * ent,size_t ent_len,const unsigned char * addin,size_t addin_len)596 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
597 const unsigned char *ent, size_t ent_len,
598 const unsigned char *addin, size_t addin_len)
599 {
600 int res;
601
602 if (!evp_rand_lock(ctx))
603 return 0;
604 res = evp_rand_reseed_locked(ctx, prediction_resistance,
605 ent, ent_len, addin, addin_len);
606 evp_rand_unlock(ctx);
607 return res;
608 }
609
evp_rand_strength_locked(EVP_RAND_CTX * ctx)610 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx)
611 {
612 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
613 unsigned int strength = 0;
614
615 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength);
616 if (!evp_rand_get_ctx_params_locked(ctx, params))
617 return 0;
618 return strength;
619 }
620
EVP_RAND_get_strength(EVP_RAND_CTX * ctx)621 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx)
622 {
623 unsigned int res;
624
625 if (!evp_rand_lock(ctx))
626 return 0;
627 res = evp_rand_strength_locked(ctx);
628 evp_rand_unlock(ctx);
629 return res;
630 }
631
evp_rand_nonce_locked(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen)632 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
633 size_t outlen)
634 {
635 unsigned int str = evp_rand_strength_locked(ctx);
636
637 if (ctx->meth->nonce == NULL)
638 return 0;
639 if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
640 return 1;
641 return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
642 }
643
EVP_RAND_nonce(EVP_RAND_CTX * ctx,unsigned char * out,size_t outlen)644 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
645 {
646 int res;
647
648 if (!evp_rand_lock(ctx))
649 return 0;
650 res = evp_rand_nonce_locked(ctx, out, outlen);
651 evp_rand_unlock(ctx);
652 return res;
653 }
654
EVP_RAND_get_state(EVP_RAND_CTX * ctx)655 int EVP_RAND_get_state(EVP_RAND_CTX *ctx)
656 {
657 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
658 int state;
659
660 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state);
661 if (!EVP_RAND_CTX_get_params(ctx, params))
662 state = EVP_RAND_STATE_ERROR;
663 return state;
664 }
665
evp_rand_verify_zeroization_locked(EVP_RAND_CTX * ctx)666 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx)
667 {
668 if (ctx->meth->verify_zeroization != NULL)
669 return ctx->meth->verify_zeroization(ctx->algctx);
670 return 0;
671 }
672
EVP_RAND_verify_zeroization(EVP_RAND_CTX * ctx)673 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
674 {
675 int res;
676
677 if (!evp_rand_lock(ctx))
678 return 0;
679 res = evp_rand_verify_zeroization_locked(ctx);
680 evp_rand_unlock(ctx);
681 return res;
682 }
683