2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/core.h>
15 #include <openssl/core_names.h>
16 #include <openssl/crypto.h>
17 #include "internal/cryptlib.h"
18 #include "internal/numbers.h"
19 #include "internal/provider.h"
20 #include "internal/core.h"
21 #include "crypto/evp.h"
22 #include "evp_local.h"
28 const char *description
;
29 CRYPTO_REF_COUNT refcnt
;
31 const OSSL_DISPATCH
*dispatch
;
32 OSSL_FUNC_rand_newctx_fn
*newctx
;
33 OSSL_FUNC_rand_freectx_fn
*freectx
;
34 OSSL_FUNC_rand_instantiate_fn
*instantiate
;
35 OSSL_FUNC_rand_uninstantiate_fn
*uninstantiate
;
36 OSSL_FUNC_rand_generate_fn
*generate
;
37 OSSL_FUNC_rand_reseed_fn
*reseed
;
38 OSSL_FUNC_rand_nonce_fn
*nonce
;
39 OSSL_FUNC_rand_enable_locking_fn
*enable_locking
;
40 OSSL_FUNC_rand_lock_fn
*lock
;
41 OSSL_FUNC_rand_unlock_fn
*unlock
;
42 OSSL_FUNC_rand_gettable_params_fn
*gettable_params
;
43 OSSL_FUNC_rand_gettable_ctx_params_fn
*gettable_ctx_params
;
44 OSSL_FUNC_rand_settable_ctx_params_fn
*settable_ctx_params
;
45 OSSL_FUNC_rand_get_params_fn
*get_params
;
46 OSSL_FUNC_rand_get_ctx_params_fn
*get_ctx_params
;
47 OSSL_FUNC_rand_set_ctx_params_fn
*set_ctx_params
;
48 OSSL_FUNC_rand_verify_zeroization_fn
*verify_zeroization
;
49 OSSL_FUNC_rand_get_seed_fn
*get_seed
;
50 OSSL_FUNC_rand_clear_seed_fn
*clear_seed
;
53 static int evp_rand_up_ref(void *vrand
)
55 EVP_RAND
*rand
= (EVP_RAND
*)vrand
;
59 return CRYPTO_UP_REF(&rand
->refcnt
, &ref
);
63 static void evp_rand_free(void *vrand
)
65 EVP_RAND
*rand
= (EVP_RAND
*)vrand
;
70 CRYPTO_DOWN_REF(&rand
->refcnt
, &ref
);
73 OPENSSL_free(rand
->type_name
);
74 ossl_provider_free(rand
->prov
);
75 CRYPTO_FREE_REF(&rand
->refcnt
);
79 static void *evp_rand_new(void)
81 EVP_RAND
*rand
= OPENSSL_zalloc(sizeof(*rand
));
86 if (!CRYPTO_NEW_REF(&rand
->refcnt
, 1)) {
93 /* Enable locking of the underlying DRBG/RAND if available */
94 int EVP_RAND_enable_locking(EVP_RAND_CTX
*rand
)
96 if (rand
->meth
->enable_locking
!= NULL
)
97 return rand
->meth
->enable_locking(rand
->algctx
);
98 ERR_raise(ERR_LIB_EVP
, EVP_R_LOCKING_NOT_SUPPORTED
);
102 /* Lock the underlying DRBG/RAND if available */
103 static int evp_rand_lock(EVP_RAND_CTX
*rand
)
105 if (rand
->meth
->lock
!= NULL
)
106 return rand
->meth
->lock(rand
->algctx
);
110 /* Unlock the underlying DRBG/RAND if available */
111 static void evp_rand_unlock(EVP_RAND_CTX
*rand
)
113 if (rand
->meth
->unlock
!= NULL
)
114 rand
->meth
->unlock(rand
->algctx
);
117 static void *evp_rand_from_algorithm(int name_id
,
118 const OSSL_ALGORITHM
*algodef
,
121 const OSSL_DISPATCH
*fns
= algodef
->implementation
;
122 EVP_RAND
*rand
= NULL
;
123 int fnrandcnt
= 0, fnctxcnt
= 0, fnlockcnt
= 0, fnenablelockcnt
= 0;
125 int fnzeroizecnt
= 0;
128 if ((rand
= evp_rand_new()) == NULL
) {
129 ERR_raise(ERR_LIB_EVP
, ERR_R_EVP_LIB
);
132 rand
->name_id
= name_id
;
133 if ((rand
->type_name
= ossl_algorithm_get1_first_name(algodef
)) == NULL
) {
137 rand
->description
= algodef
->algorithm_description
;
138 rand
->dispatch
= fns
;
139 for (; fns
->function_id
!= 0; fns
++) {
140 switch (fns
->function_id
) {
141 case OSSL_FUNC_RAND_NEWCTX
:
142 if (rand
->newctx
!= NULL
)
144 rand
->newctx
= OSSL_FUNC_rand_newctx(fns
);
147 case OSSL_FUNC_RAND_FREECTX
:
148 if (rand
->freectx
!= NULL
)
150 rand
->freectx
= OSSL_FUNC_rand_freectx(fns
);
153 case OSSL_FUNC_RAND_INSTANTIATE
:
154 if (rand
->instantiate
!= NULL
)
156 rand
->instantiate
= OSSL_FUNC_rand_instantiate(fns
);
159 case OSSL_FUNC_RAND_UNINSTANTIATE
:
160 if (rand
->uninstantiate
!= NULL
)
162 rand
->uninstantiate
= OSSL_FUNC_rand_uninstantiate(fns
);
165 case OSSL_FUNC_RAND_GENERATE
:
166 if (rand
->generate
!= NULL
)
168 rand
->generate
= OSSL_FUNC_rand_generate(fns
);
171 case OSSL_FUNC_RAND_RESEED
:
172 if (rand
->reseed
!= NULL
)
174 rand
->reseed
= OSSL_FUNC_rand_reseed(fns
);
176 case OSSL_FUNC_RAND_NONCE
:
177 if (rand
->nonce
!= NULL
)
179 rand
->nonce
= OSSL_FUNC_rand_nonce(fns
);
181 case OSSL_FUNC_RAND_ENABLE_LOCKING
:
182 if (rand
->enable_locking
!= NULL
)
184 rand
->enable_locking
= OSSL_FUNC_rand_enable_locking(fns
);
187 case OSSL_FUNC_RAND_LOCK
:
188 if (rand
->lock
!= NULL
)
190 rand
->lock
= OSSL_FUNC_rand_lock(fns
);
193 case OSSL_FUNC_RAND_UNLOCK
:
194 if (rand
->unlock
!= NULL
)
196 rand
->unlock
= OSSL_FUNC_rand_unlock(fns
);
199 case OSSL_FUNC_RAND_GETTABLE_PARAMS
:
200 if (rand
->gettable_params
!= NULL
)
202 rand
->gettable_params
=
203 OSSL_FUNC_rand_gettable_params(fns
);
205 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS
:
206 if (rand
->gettable_ctx_params
!= NULL
)
208 rand
->gettable_ctx_params
=
209 OSSL_FUNC_rand_gettable_ctx_params(fns
);
211 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS
:
212 if (rand
->settable_ctx_params
!= NULL
)
214 rand
->settable_ctx_params
=
215 OSSL_FUNC_rand_settable_ctx_params(fns
);
217 case OSSL_FUNC_RAND_GET_PARAMS
:
218 if (rand
->get_params
!= NULL
)
220 rand
->get_params
= OSSL_FUNC_rand_get_params(fns
);
222 case OSSL_FUNC_RAND_GET_CTX_PARAMS
:
223 if (rand
->get_ctx_params
!= NULL
)
225 rand
->get_ctx_params
= OSSL_FUNC_rand_get_ctx_params(fns
);
228 case OSSL_FUNC_RAND_SET_CTX_PARAMS
:
229 if (rand
->set_ctx_params
!= NULL
)
231 rand
->set_ctx_params
= OSSL_FUNC_rand_set_ctx_params(fns
);
233 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION
:
234 if (rand
->verify_zeroization
!= NULL
)
236 rand
->verify_zeroization
= OSSL_FUNC_rand_verify_zeroization(fns
);
241 case OSSL_FUNC_RAND_GET_SEED
:
242 if (rand
->get_seed
!= NULL
)
244 rand
->get_seed
= OSSL_FUNC_rand_get_seed(fns
);
246 case OSSL_FUNC_RAND_CLEAR_SEED
:
247 if (rand
->clear_seed
!= NULL
)
249 rand
->clear_seed
= OSSL_FUNC_rand_clear_seed(fns
);
254 * In order to be a consistent set of functions we must have at least
255 * a complete set of "rand" functions and a complete set of context
256 * management functions. In FIPS mode, we also require the zeroization
257 * verification function.
259 * In addition, if locking can be enabled, we need a complete set of
264 || (fnenablelockcnt
!= 0 && fnenablelockcnt
!= 1)
265 || (fnlockcnt
!= 0 && fnlockcnt
!= 2)
271 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
275 if (prov
!= NULL
&& !ossl_provider_up_ref(prov
)) {
277 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
285 EVP_RAND
*EVP_RAND_fetch(OSSL_LIB_CTX
*libctx
, const char *algorithm
,
286 const char *properties
)
288 return evp_generic_fetch(libctx
, OSSL_OP_RAND
, algorithm
, properties
,
289 evp_rand_from_algorithm
, evp_rand_up_ref
,
293 int EVP_RAND_up_ref(EVP_RAND
*rand
)
295 return evp_rand_up_ref(rand
);
298 void EVP_RAND_free(EVP_RAND
*rand
)
303 int evp_rand_get_number(const EVP_RAND
*rand
)
305 return rand
->name_id
;
308 const char *EVP_RAND_get0_name(const EVP_RAND
*rand
)
310 return rand
->type_name
;
313 const char *EVP_RAND_get0_description(const EVP_RAND
*rand
)
315 return rand
->description
;
318 int EVP_RAND_is_a(const EVP_RAND
*rand
, const char *name
)
320 return rand
!= NULL
&& evp_is_a(rand
->prov
, rand
->name_id
, NULL
, name
);
323 const OSSL_PROVIDER
*EVP_RAND_get0_provider(const EVP_RAND
*rand
)
328 int EVP_RAND_get_params(EVP_RAND
*rand
, OSSL_PARAM params
[])
330 if (rand
->get_params
!= NULL
)
331 return rand
->get_params(params
);
335 int EVP_RAND_CTX_up_ref(EVP_RAND_CTX
*ctx
)
339 return CRYPTO_UP_REF(&ctx
->refcnt
, &ref
);
342 EVP_RAND_CTX
*EVP_RAND_CTX_new(EVP_RAND
*rand
, EVP_RAND_CTX
*parent
)
345 void *parent_ctx
= NULL
;
346 const OSSL_DISPATCH
*parent_dispatch
= NULL
;
349 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_NULL_ALGORITHM
);
353 ctx
= OPENSSL_zalloc(sizeof(*ctx
));
356 if (!CRYPTO_NEW_REF(&ctx
->refcnt
, 1)) {
360 if (parent
!= NULL
) {
361 if (!EVP_RAND_CTX_up_ref(parent
)) {
362 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
363 CRYPTO_FREE_REF(&ctx
->refcnt
);
367 parent_ctx
= parent
->algctx
;
368 parent_dispatch
= parent
->meth
->dispatch
;
370 if ((ctx
->algctx
= rand
->newctx(ossl_provider_ctx(rand
->prov
), parent_ctx
,
371 parent_dispatch
)) == NULL
372 || !EVP_RAND_up_ref(rand
)) {
373 ERR_raise(ERR_LIB_EVP
, ERR_R_EVP_LIB
);
374 rand
->freectx(ctx
->algctx
);
375 CRYPTO_FREE_REF(&ctx
->refcnt
);
377 EVP_RAND_CTX_free(parent
);
381 ctx
->parent
= parent
;
385 void EVP_RAND_CTX_free(EVP_RAND_CTX
*ctx
)
388 EVP_RAND_CTX
*parent
;
393 CRYPTO_DOWN_REF(&ctx
->refcnt
, &ref
);
396 parent
= ctx
->parent
;
397 ctx
->meth
->freectx(ctx
->algctx
);
399 EVP_RAND_free(ctx
->meth
);
400 CRYPTO_FREE_REF(&ctx
->refcnt
);
402 EVP_RAND_CTX_free(parent
);
405 EVP_RAND
*EVP_RAND_CTX_get0_rand(EVP_RAND_CTX
*ctx
)
410 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX
*ctx
,
413 return ctx
->meth
->get_ctx_params(ctx
->algctx
, params
);
416 int EVP_RAND_CTX_get_params(EVP_RAND_CTX
*ctx
, OSSL_PARAM params
[])
420 if (!evp_rand_lock(ctx
))
422 res
= evp_rand_get_ctx_params_locked(ctx
, params
);
423 evp_rand_unlock(ctx
);
427 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX
*ctx
,
428 const OSSL_PARAM params
[])
430 if (ctx
->meth
->set_ctx_params
!= NULL
)
431 return ctx
->meth
->set_ctx_params(ctx
->algctx
, params
);
435 int EVP_RAND_CTX_set_params(EVP_RAND_CTX
*ctx
, const OSSL_PARAM params
[])
439 if (!evp_rand_lock(ctx
))
441 res
= evp_rand_set_ctx_params_locked(ctx
, params
);
442 evp_rand_unlock(ctx
);
446 const OSSL_PARAM
*EVP_RAND_gettable_params(const EVP_RAND
*rand
)
448 if (rand
->gettable_params
== NULL
)
450 return rand
->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand
)));
453 const OSSL_PARAM
*EVP_RAND_gettable_ctx_params(const EVP_RAND
*rand
)
457 if (rand
->gettable_ctx_params
== NULL
)
459 provctx
= ossl_provider_ctx(EVP_RAND_get0_provider(rand
));
460 return rand
->gettable_ctx_params(NULL
, provctx
);
463 const OSSL_PARAM
*EVP_RAND_settable_ctx_params(const EVP_RAND
*rand
)
467 if (rand
->settable_ctx_params
== NULL
)
469 provctx
= ossl_provider_ctx(EVP_RAND_get0_provider(rand
));
470 return rand
->settable_ctx_params(NULL
, provctx
);
473 const OSSL_PARAM
*EVP_RAND_CTX_gettable_params(EVP_RAND_CTX
*ctx
)
477 if (ctx
->meth
->gettable_ctx_params
== NULL
)
479 provctx
= ossl_provider_ctx(EVP_RAND_get0_provider(ctx
->meth
));
480 return ctx
->meth
->gettable_ctx_params(ctx
->algctx
, provctx
);
483 const OSSL_PARAM
*EVP_RAND_CTX_settable_params(EVP_RAND_CTX
*ctx
)
487 if (ctx
->meth
->settable_ctx_params
== NULL
)
489 provctx
= ossl_provider_ctx(EVP_RAND_get0_provider(ctx
->meth
));
490 return ctx
->meth
->settable_ctx_params(ctx
->algctx
, provctx
);
493 void EVP_RAND_do_all_provided(OSSL_LIB_CTX
*libctx
,
494 void (*fn
)(EVP_RAND
*rand
, void *arg
),
497 evp_generic_do_all(libctx
, OSSL_OP_RAND
,
498 (void (*)(void *, void *))fn
, arg
,
499 evp_rand_from_algorithm
, evp_rand_up_ref
,
503 int EVP_RAND_names_do_all(const EVP_RAND
*rand
,
504 void (*fn
)(const char *name
, void *data
),
507 if (rand
->prov
!= NULL
)
508 return evp_names_do_all(rand
->prov
, rand
->name_id
, fn
, data
);
513 static int evp_rand_instantiate_locked
514 (EVP_RAND_CTX
*ctx
, unsigned int strength
, int prediction_resistance
,
515 const unsigned char *pstr
, size_t pstr_len
, const OSSL_PARAM params
[])
517 return ctx
->meth
->instantiate(ctx
->algctx
, strength
, prediction_resistance
,
518 pstr
, pstr_len
, params
);
521 int EVP_RAND_instantiate(EVP_RAND_CTX
*ctx
, unsigned int strength
,
522 int prediction_resistance
,
523 const unsigned char *pstr
, size_t pstr_len
,
524 const OSSL_PARAM params
[])
528 if (!evp_rand_lock(ctx
))
530 res
= evp_rand_instantiate_locked(ctx
, strength
, prediction_resistance
,
531 pstr
, pstr_len
, params
);
532 evp_rand_unlock(ctx
);
536 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX
*ctx
)
538 return ctx
->meth
->uninstantiate(ctx
->algctx
);
541 int EVP_RAND_uninstantiate(EVP_RAND_CTX
*ctx
)
545 if (!evp_rand_lock(ctx
))
547 res
= evp_rand_uninstantiate_locked(ctx
);
548 evp_rand_unlock(ctx
);
552 static int evp_rand_generate_locked(EVP_RAND_CTX
*ctx
, unsigned char *out
,
553 size_t outlen
, unsigned int strength
,
554 int prediction_resistance
,
555 const unsigned char *addin
,
558 size_t chunk
, max_request
= 0;
559 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
561 params
[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST
,
563 if (!evp_rand_get_ctx_params_locked(ctx
, params
)
564 || max_request
== 0) {
565 ERR_raise(ERR_LIB_EVP
, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE
);
568 for (; outlen
> 0; outlen
-= chunk
, out
+= chunk
) {
569 chunk
= outlen
> max_request
? max_request
: outlen
;
570 if (!ctx
->meth
->generate(ctx
->algctx
, out
, chunk
, strength
,
571 prediction_resistance
, addin
, addin_len
)) {
572 ERR_raise(ERR_LIB_EVP
, EVP_R_GENERATE_ERROR
);
576 * Prediction resistance is only relevant the first time around,
577 * subsequently, the DRBG has already been properly reseeded.
579 prediction_resistance
= 0;
584 int EVP_RAND_generate(EVP_RAND_CTX
*ctx
, unsigned char *out
, size_t outlen
,
585 unsigned int strength
, int prediction_resistance
,
586 const unsigned char *addin
, size_t addin_len
)
590 if (!evp_rand_lock(ctx
))
592 res
= evp_rand_generate_locked(ctx
, out
, outlen
, strength
,
593 prediction_resistance
, addin
, addin_len
);
594 evp_rand_unlock(ctx
);
598 static int evp_rand_reseed_locked(EVP_RAND_CTX
*ctx
, int prediction_resistance
,
599 const unsigned char *ent
, size_t ent_len
,
600 const unsigned char *addin
, size_t addin_len
)
602 if (ctx
->meth
->reseed
!= NULL
)
603 return ctx
->meth
->reseed(ctx
->algctx
, prediction_resistance
,
604 ent
, ent_len
, addin
, addin_len
);
608 int EVP_RAND_reseed(EVP_RAND_CTX
*ctx
, int prediction_resistance
,
609 const unsigned char *ent
, size_t ent_len
,
610 const unsigned char *addin
, size_t addin_len
)
614 if (!evp_rand_lock(ctx
))
616 res
= evp_rand_reseed_locked(ctx
, prediction_resistance
,
617 ent
, ent_len
, addin
, addin_len
);
618 evp_rand_unlock(ctx
);
622 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX
*ctx
)
624 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
625 unsigned int strength
= 0;
627 params
[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH
, &strength
);
628 if (!evp_rand_get_ctx_params_locked(ctx
, params
))
633 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX
*ctx
)
637 if (!evp_rand_lock(ctx
))
639 res
= evp_rand_strength_locked(ctx
);
640 evp_rand_unlock(ctx
);
644 static int evp_rand_nonce_locked(EVP_RAND_CTX
*ctx
, unsigned char *out
,
647 unsigned int str
= evp_rand_strength_locked(ctx
);
649 if (ctx
->meth
->nonce
== NULL
)
651 if (ctx
->meth
->nonce(ctx
->algctx
, out
, str
, outlen
, outlen
))
653 return evp_rand_generate_locked(ctx
, out
, outlen
, str
, 0, NULL
, 0);
656 int EVP_RAND_nonce(EVP_RAND_CTX
*ctx
, unsigned char *out
, size_t outlen
)
660 if (!evp_rand_lock(ctx
))
662 res
= evp_rand_nonce_locked(ctx
, out
, outlen
);
663 evp_rand_unlock(ctx
);
667 int EVP_RAND_get_state(EVP_RAND_CTX
*ctx
)
669 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
672 params
[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE
, &state
);
673 if (!EVP_RAND_CTX_get_params(ctx
, params
))
674 state
= EVP_RAND_STATE_ERROR
;
678 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX
*ctx
)
680 if (ctx
->meth
->verify_zeroization
!= NULL
)
681 return ctx
->meth
->verify_zeroization(ctx
->algctx
);
685 int EVP_RAND_verify_zeroization(EVP_RAND_CTX
*ctx
)
689 if (!evp_rand_lock(ctx
))
691 res
= evp_rand_verify_zeroization_locked(ctx
);
692 evp_rand_unlock(ctx
);
696 int evp_rand_can_seed(EVP_RAND_CTX
*ctx
)
698 return ctx
->meth
->get_seed
!= NULL
;
701 static size_t evp_rand_get_seed_locked(EVP_RAND_CTX
*ctx
,
702 unsigned char **buffer
,
704 size_t min_len
, size_t max_len
,
705 int prediction_resistance
,
706 const unsigned char *adin
,
709 if (ctx
->meth
->get_seed
!= NULL
)
710 return ctx
->meth
->get_seed(ctx
->algctx
, buffer
,
711 entropy
, min_len
, max_len
,
712 prediction_resistance
,
717 size_t evp_rand_get_seed(EVP_RAND_CTX
*ctx
,
718 unsigned char **buffer
,
719 int entropy
, size_t min_len
, size_t max_len
,
720 int prediction_resistance
,
721 const unsigned char *adin
, size_t adin_len
)
725 if (!evp_rand_lock(ctx
))
727 res
= evp_rand_get_seed_locked(ctx
,
729 entropy
, min_len
, max_len
,
730 prediction_resistance
,
732 evp_rand_unlock(ctx
);
736 static void evp_rand_clear_seed_locked(EVP_RAND_CTX
*ctx
,
737 unsigned char *buffer
, size_t b_len
)
739 if (ctx
->meth
->clear_seed
!= NULL
)
740 ctx
->meth
->clear_seed(ctx
->algctx
, buffer
, b_len
);
743 void evp_rand_clear_seed(EVP_RAND_CTX
*ctx
,
744 unsigned char *buffer
, size_t b_len
)
746 if (!evp_rand_lock(ctx
))
748 evp_rand_clear_seed_locked(ctx
, buffer
, b_len
);
749 evp_rand_unlock(ctx
);