]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/evp_rand.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CTR, HASH and HMAC DRBGs in provider
[thirdparty/openssl.git] / crypto / evp / evp_rand.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/evp.h>
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <openssl/engine.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/rand.h>
18 #include <openssl/core.h>
19 #include <openssl/core_names.h>
20 #include <openssl/crypto.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
23 #include "internal/cryptlib.h"
24 #include "internal/numbers.h"
25 #include "internal/provider.h"
26 #include "evp_local.h"
27
28 static int evp_rand_up_ref(void *vrand)
29 {
30 EVP_RAND *rand = (EVP_RAND *)vrand;
31 int ref = 0;
32
33 if (rand != NULL)
34 return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock);
35 return 1;
36 }
37
38 static void evp_rand_free(void *vrand){
39 EVP_RAND *rand = (EVP_RAND *)vrand;
40 int ref = 0;
41
42 if (rand != NULL) {
43 CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock);
44 if (ref <= 0) {
45 ossl_provider_free(rand->prov);
46 CRYPTO_THREAD_lock_free(rand->refcnt_lock);
47 OPENSSL_free(rand);
48 }
49 }
50 }
51
52 static void *evp_rand_new(void)
53 {
54 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand));
55
56 if (rand == NULL
57 || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) {
58 OPENSSL_free(rand);
59 return NULL;
60 }
61 rand->refcnt = 1;
62 return rand;
63 }
64
65 /* Enable locking of the underlying DRBG/RAND if available */
66 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand)
67 {
68 if (rand->meth->enable_locking != NULL)
69 return rand->meth->enable_locking(rand->data);
70 EVPerr(0, EVP_R_LOCKING_NOT_SUPPORTED);
71 return 0;
72 }
73
74 /* Lock the underlying DRBG/RAND if available */
75 static int evp_rand_lock(EVP_RAND_CTX *rand)
76 {
77 if (rand->meth->lock != NULL)
78 return rand->meth->lock(rand->data);
79 return 1;
80 }
81
82 /* Unlock the underlying DRBG/RAND if available */
83 static void evp_rand_unlock(EVP_RAND_CTX *rand)
84 {
85 if (rand->meth->unlock != NULL)
86 rand->meth->unlock(rand->data);
87 }
88
89 static void *evp_rand_from_dispatch(int name_id,
90 const OSSL_DISPATCH *fns,
91 OSSL_PROVIDER *prov)
92 {
93 EVP_RAND *rand = NULL;
94 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0;
95 #ifdef FIPS_MODULE
96 int fnzeroizecnt = 0;
97 #endif
98
99 if ((rand = evp_rand_new()) == NULL) {
100 EVPerr(0, ERR_R_MALLOC_FAILURE);
101 return NULL;
102 }
103 rand->name_id = name_id;
104 rand->dispatch = fns;
105 for (; fns->function_id != 0; fns++) {
106 switch (fns->function_id) {
107 case OSSL_FUNC_RAND_NEWCTX:
108 if (rand->newctx != NULL)
109 break;
110 rand->newctx = OSSL_get_OP_rand_newctx(fns);
111 fnctxcnt++;
112 break;
113 case OSSL_FUNC_RAND_FREECTX:
114 if (rand->freectx != NULL)
115 break;
116 rand->freectx = OSSL_get_OP_rand_freectx(fns);
117 fnctxcnt++;
118 break;
119 case OSSL_FUNC_RAND_INSTANTIATE:
120 if (rand->instantiate != NULL)
121 break;
122 rand->instantiate = OSSL_get_OP_rand_instantiate(fns);
123 fnrandcnt++;
124 break;
125 case OSSL_FUNC_RAND_UNINSTANTIATE:
126 if (rand->uninstantiate != NULL)
127 break;
128 rand->uninstantiate = OSSL_get_OP_rand_uninstantiate(fns);
129 fnrandcnt++;
130 break;
131 case OSSL_FUNC_RAND_GENERATE:
132 if (rand->generate != NULL)
133 break;
134 rand->generate = OSSL_get_OP_rand_generate(fns);
135 fnrandcnt++;
136 break;
137 case OSSL_FUNC_RAND_RESEED:
138 if (rand->reseed != NULL)
139 break;
140 rand->reseed = OSSL_get_OP_rand_reseed(fns);
141 break;
142 case OSSL_FUNC_RAND_NONCE:
143 if (rand->nonce != NULL)
144 break;
145 rand->nonce = OSSL_get_OP_rand_nonce(fns);
146 break;
147 case OSSL_FUNC_RAND_SET_CALLBACKS:
148 if (rand->set_callbacks != NULL)
149 break;
150 rand->set_callbacks = OSSL_get_OP_rand_set_callbacks(fns);
151 break;
152 case OSSL_FUNC_RAND_ENABLE_LOCKING:
153 if (rand->enable_locking != NULL)
154 break;
155 rand->enable_locking = OSSL_get_OP_rand_enable_locking(fns);
156 fnlockcnt++;
157 break;
158 case OSSL_FUNC_RAND_LOCK:
159 if (rand->lock != NULL)
160 break;
161 rand->lock = OSSL_get_OP_rand_lock(fns);
162 fnlockcnt++;
163 break;
164 case OSSL_FUNC_RAND_UNLOCK:
165 if (rand->unlock != NULL)
166 break;
167 rand->unlock = OSSL_get_OP_rand_unlock(fns);
168 fnlockcnt++;
169 break;
170 case OSSL_FUNC_RAND_GETTABLE_PARAMS:
171 if (rand->gettable_params != NULL)
172 break;
173 rand->gettable_params =
174 OSSL_get_OP_rand_gettable_params(fns);
175 break;
176 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS:
177 if (rand->gettable_ctx_params != NULL)
178 break;
179 rand->gettable_ctx_params =
180 OSSL_get_OP_rand_gettable_ctx_params(fns);
181 break;
182 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS:
183 if (rand->settable_ctx_params != NULL)
184 break;
185 rand->settable_ctx_params =
186 OSSL_get_OP_rand_settable_ctx_params(fns);
187 break;
188 case OSSL_FUNC_RAND_GET_PARAMS:
189 if (rand->get_params != NULL)
190 break;
191 rand->get_params = OSSL_get_OP_rand_get_params(fns);
192 break;
193 case OSSL_FUNC_RAND_GET_CTX_PARAMS:
194 if (rand->get_ctx_params != NULL)
195 break;
196 rand->get_ctx_params = OSSL_get_OP_rand_get_ctx_params(fns);
197 break;
198 case OSSL_FUNC_RAND_SET_CTX_PARAMS:
199 if (rand->set_ctx_params != NULL)
200 break;
201 rand->set_ctx_params = OSSL_get_OP_rand_set_ctx_params(fns);
202 break;
203 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION:
204 if (rand->verify_zeroization != NULL)
205 break;
206 rand->verify_zeroization = OSSL_get_OP_rand_verify_zeroization(fns);
207 #ifdef FIPS_MODULE
208 fnzeroizecnt++;
209 #endif
210 break;
211 }
212 }
213 /*
214 * In order to be a consistent set of functions we must have at least
215 * a complete set of "rand" functions and a complete set of context
216 * management functions. In FIPS mode, we also require the zeroization
217 * verification function.
218 *
219 * In addition, if locking can be enabled, we need a complete set of
220 * locking functions.
221 */
222 if (fnrandcnt != 3
223 || fnctxcnt != 2
224 || (fnlockcnt != 0 && fnlockcnt != 3)
225 #ifdef FIPS_MODULE
226 || fnzeroizecnt != 1
227 #endif
228 ) {
229 evp_rand_free(rand);
230 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
231 return NULL;
232 }
233
234 if (prov != NULL && !ossl_provider_up_ref(prov)) {
235 evp_rand_free(rand);
236 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
237 return NULL;
238 }
239 rand->prov = prov;
240
241 return rand;
242 }
243
244 EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm,
245 const char *properties)
246 {
247 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties,
248 evp_rand_from_dispatch, evp_rand_up_ref,
249 evp_rand_free);
250 }
251
252 int EVP_RAND_up_ref(EVP_RAND *rand)
253 {
254 return evp_rand_up_ref(rand);
255 }
256
257 void EVP_RAND_free(EVP_RAND *rand)
258 {
259 evp_rand_free(rand);
260 }
261
262 int EVP_RAND_number(const EVP_RAND *rand)
263 {
264 return rand->name_id;
265 }
266
267 const char *EVP_RAND_name(const EVP_RAND *rand)
268 {
269 return evp_first_name(rand->prov, rand->name_id);
270 }
271
272 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name)
273 {
274 return evp_is_a(rand->prov, rand->name_id, NULL, name);
275 }
276
277 const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand)
278 {
279 return rand->prov;
280 }
281
282 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[])
283 {
284 if (rand->get_params != NULL)
285 return rand->get_params(params);
286 return 1;
287 }
288
289 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent)
290 {
291 EVP_RAND_CTX *ctx;
292 void *parent_ctx = NULL;
293 const OSSL_DISPATCH *parent_dispatch = NULL;
294
295 if (rand == NULL) {
296 EVPerr(0, EVP_R_INVALID_NULL_ALGORITHM);
297 return NULL;
298 }
299
300 ctx = OPENSSL_zalloc(sizeof(*ctx));
301 if (ctx == NULL) {
302 EVPerr(0, ERR_R_MALLOC_FAILURE);
303 return NULL;
304 }
305 if (parent != NULL) {
306 if (!EVP_RAND_enable_locking(parent)) {
307 EVPerr(0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING);
308 OPENSSL_free(ctx);
309 return NULL;
310 }
311 parent_ctx = parent->data;
312 parent_dispatch = parent->meth->dispatch;
313 }
314 if ((ctx->data = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx,
315 parent_dispatch)) == NULL
316 || !EVP_RAND_up_ref(rand)) {
317 EVPerr(0, ERR_R_MALLOC_FAILURE);
318 rand->freectx(ctx->data);
319 OPENSSL_free(ctx);
320 return NULL;
321 }
322 ctx->meth = rand;
323 return ctx;
324 }
325
326 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx)
327 {
328 if (ctx != NULL) {
329 ctx->meth->freectx(ctx->data);
330 ctx->data = NULL;
331 EVP_RAND_free(ctx->meth);
332 OPENSSL_free(ctx);
333 }
334 }
335
336 EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx)
337 {
338 return ctx->meth;
339 }
340
341 int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[])
342 {
343 int res = 1;
344
345 if (ctx->meth->get_ctx_params != NULL) {
346 if (!evp_rand_lock(ctx))
347 return 0;
348 res = ctx->meth->get_ctx_params(ctx->data, params);
349 evp_rand_unlock(ctx);
350 }
351 return res;
352 }
353
354 int EVP_RAND_set_ctx_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[])
355 {
356 int res = 1;
357
358 if (ctx->meth->set_ctx_params != NULL) {
359 if (!evp_rand_lock(ctx))
360 return 0;
361 res = ctx->meth->set_ctx_params(ctx->data, params);
362 evp_rand_unlock(ctx);
363 /* Clear out the cache state because the values can change on a set */
364 ctx->strength = 0;
365 ctx->max_request = 0;
366 }
367 return res;
368 }
369
370 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand)
371 {
372 return rand->gettable_params == NULL ? NULL : rand->gettable_params();
373 }
374
375 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand)
376 {
377 return rand->gettable_ctx_params == NULL ? NULL
378 : rand->gettable_ctx_params();
379 }
380
381 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand)
382 {
383 return rand->settable_ctx_params == NULL ? NULL
384 :rand->settable_ctx_params();
385 }
386
387 void EVP_RAND_do_all_provided(OPENSSL_CTX *libctx,
388 void (*fn)(EVP_RAND *rand, void *arg),
389 void *arg)
390 {
391 evp_generic_do_all(libctx, OSSL_OP_RAND,
392 (void (*)(void *, void *))fn, arg,
393 evp_rand_from_dispatch, evp_rand_free);
394 }
395
396 void EVP_RAND_names_do_all(const EVP_RAND *rand,
397 void (*fn)(const char *name, void *data),
398 void *data)
399 {
400 if (rand->prov != NULL)
401 evp_names_do_all(rand->prov, rand->name_id, fn, data);
402 }
403
404 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
405 int prediction_resistance,
406 const unsigned char *pstr, size_t pstr_len)
407 {
408 int res;
409
410 if (!evp_rand_lock(ctx))
411 return 0;
412 res = ctx->meth->instantiate(ctx->data, strength, prediction_resistance,
413 pstr, pstr_len);
414 evp_rand_unlock(ctx);
415 return res;
416 }
417
418 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx)
419 {
420 int res;
421
422 if (!evp_rand_lock(ctx))
423 return 0;
424 res = ctx->meth->uninstantiate(ctx->data);
425 evp_rand_unlock(ctx);
426 return res;
427 }
428
429 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
430 unsigned int strength, int prediction_resistance,
431 const unsigned char *addin, size_t addin_len)
432 {
433 size_t chunk;
434 OSSL_PARAM params[2];
435 int res = 0;
436
437 if (!evp_rand_lock(ctx))
438 return 0;
439 if (ctx->max_request == 0) {
440 params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST,
441 &chunk);
442 params[1] = OSSL_PARAM_construct_end();
443 if (!EVP_RAND_get_ctx_params(ctx, params) || chunk == 0) {
444 EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE);
445 goto err;
446 }
447 ctx->max_request = chunk;
448 }
449 for (; outlen > 0; outlen -= chunk, out += chunk) {
450 chunk = outlen > ctx->max_request ? ctx->max_request : outlen;
451 if (!ctx->meth->generate(ctx->data, out, chunk, strength,
452 prediction_resistance, addin, addin_len)) {
453 EVPerr(0, EVP_R_GENERATE_ERROR);
454 goto err;
455 }
456 /*
457 * Prediction resistance is only relevant the first time around,
458 * subsequently, the DRBG has already been properly reseeded.
459 */
460 prediction_resistance = 0;
461 }
462 res = 1;
463 err:
464 evp_rand_unlock(ctx);
465 return res;
466 }
467
468 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
469 const unsigned char *ent, size_t ent_len,
470 const unsigned char *addin, size_t addin_len)
471 {
472 int res = 1;
473
474 if (!evp_rand_lock(ctx))
475 return 0;
476 if (ctx->meth->reseed != NULL)
477 res = ctx->meth->reseed(ctx->data, prediction_resistance,
478 ent, ent_len, addin, addin_len);
479 evp_rand_unlock(ctx);
480 return res;
481 }
482
483 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
484 {
485 int res = 1;
486 unsigned int str = EVP_RAND_strength(ctx);
487
488 if (!evp_rand_lock(ctx))
489 return 0;
490 if (ctx->meth->nonce == NULL
491 || !ctx->meth->nonce(ctx->data, out, str, outlen, outlen))
492 res = ctx->meth->generate(ctx->data, out, outlen, str, 0, NULL, 0);
493 evp_rand_unlock(ctx);
494 return res;
495 }
496
497 unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx)
498 {
499 OSSL_PARAM params[2];
500 unsigned int t;
501 int res;
502
503 if (ctx->strength == 0) {
504 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &t);
505 params[1] = OSSL_PARAM_construct_end();
506 if (!evp_rand_lock(ctx))
507 return 0;
508 res = EVP_RAND_get_ctx_params(ctx, params);
509 evp_rand_unlock(ctx);
510 if (!res)
511 return 0;
512 ctx->strength = t;
513 }
514 return ctx->strength;
515 }
516
517 int EVP_RAND_state(EVP_RAND_CTX *ctx)
518 {
519 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
520 int status, res;
521
522 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE,
523 &status);
524 if (!evp_rand_lock(ctx))
525 return 0;
526 res = EVP_RAND_get_ctx_params(ctx, params);
527 evp_rand_unlock(ctx);
528 if (!res)
529 status = EVP_RAND_STATE_ERROR;
530 return status;
531 }
532
533 int EVP_RAND_set_callbacks(EVP_RAND_CTX *ctx,
534 OSSL_INOUT_CALLBACK *get_entropy,
535 OSSL_CALLBACK *cleanup_entropy,
536 OSSL_INOUT_CALLBACK *get_nonce,
537 OSSL_CALLBACK *cleanup_nonce, void *arg)
538 {
539 if (ctx->meth->set_callbacks == NULL) {
540 EVPerr(0, EVP_R_UNABLE_TO_SET_CALLBACKS);
541 return 0;
542 }
543 ctx->meth->set_callbacks(ctx->data, get_entropy, cleanup_entropy,
544 get_nonce, cleanup_nonce, arg);
545 return 1;
546 }
547
548 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx)
549 {
550 int res = 0;
551
552 if (ctx->meth->verify_zeroization != NULL) {
553 if (!evp_rand_lock(ctx))
554 return 0;
555 res = ctx->meth->verify_zeroization(ctx->data);
556 evp_rand_unlock(ctx);
557 }
558 return res;
559 }
A mirror of the official openssl repository