]>
Commit | Line | Data |
---|---|---|
dfeab068 RE |
1 | /* crypto/rand/rand_lib.c */ |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
3 | * All rights reserved. | |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
0f113f3e | 8 | * |
dfeab068 RE |
9 | * This library is free for commercial and non-commercial use as long as |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
0f113f3e | 15 | * |
dfeab068 RE |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
0f113f3e | 22 | * |
dfeab068 RE |
23 | * Redistribution and use in source and binary forms, with or without |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
0f113f3e | 37 | * 4. If you include any Windows specific code (or a derivative thereof) from |
dfeab068 RE |
38 | * the apps directory (application code) you must include an acknowledgement: |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
0f113f3e | 40 | * |
dfeab068 RE |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
0f113f3e | 52 | * |
dfeab068 RE |
53 | * The licence and distribution terms for any publically available version or |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
dfeab068 | 60 | #include <time.h> |
7ae551fd | 61 | #include "cryptlib.h" |
ec577822 | 62 | #include <openssl/rand.h> |
4ead4e52 | 63 | |
0b13e9f0 | 64 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e | 65 | # include <openssl/engine.h> |
0b13e9f0 | 66 | #endif |
dfeab068 | 67 | |
6653c6f2 | 68 | #ifdef OPENSSL_FIPS |
0f113f3e MC |
69 | # include <openssl/fips.h> |
70 | # include <openssl/fips_rand.h> | |
6653c6f2 DSH |
71 | #endif |
72 | ||
0b13e9f0 | 73 | #ifndef OPENSSL_NO_ENGINE |
cb78486d | 74 | /* non-NULL if default_RAND_meth is ENGINE-provided */ |
0f113f3e | 75 | static ENGINE *funct_ref = NULL; |
0b13e9f0 | 76 | #endif |
cb78486d | 77 | static const RAND_METHOD *default_RAND_meth = NULL; |
dfeab068 | 78 | |
cb78486d | 79 | int RAND_set_rand_method(const RAND_METHOD *meth) |
0f113f3e | 80 | { |
0b13e9f0 | 81 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e MC |
82 | if (funct_ref) { |
83 | ENGINE_finish(funct_ref); | |
84 | funct_ref = NULL; | |
85 | } | |
0b13e9f0 | 86 | #endif |
0f113f3e MC |
87 | default_RAND_meth = meth; |
88 | return 1; | |
89 | } | |
dfeab068 | 90 | |
a4a9d97a | 91 | const RAND_METHOD *RAND_get_rand_method(void) |
0f113f3e MC |
92 | { |
93 | if (!default_RAND_meth) { | |
0b13e9f0 | 94 | #ifndef OPENSSL_NO_ENGINE |
0f113f3e MC |
95 | ENGINE *e = ENGINE_get_default_RAND(); |
96 | if (e) { | |
97 | default_RAND_meth = ENGINE_get_RAND(e); | |
98 | if (!default_RAND_meth) { | |
99 | ENGINE_finish(e); | |
100 | e = NULL; | |
101 | } | |
102 | } | |
103 | if (e) | |
104 | funct_ref = e; | |
105 | else | |
0b13e9f0 | 106 | #endif |
0f113f3e MC |
107 | default_RAND_meth = RAND_SSLeay(); |
108 | } | |
109 | return default_RAND_meth; | |
110 | } | |
cb78486d | 111 | |
0b13e9f0 | 112 | #ifndef OPENSSL_NO_ENGINE |
cb78486d | 113 | int RAND_set_rand_engine(ENGINE *engine) |
0f113f3e MC |
114 | { |
115 | const RAND_METHOD *tmp_meth = NULL; | |
116 | if (engine) { | |
117 | if (!ENGINE_init(engine)) | |
118 | return 0; | |
119 | tmp_meth = ENGINE_get_RAND(engine); | |
120 | if (!tmp_meth) { | |
121 | ENGINE_finish(engine); | |
122 | return 0; | |
123 | } | |
124 | } | |
125 | /* This function releases any prior ENGINE so call it first */ | |
126 | RAND_set_rand_method(tmp_meth); | |
127 | funct_ref = engine; | |
128 | return 1; | |
129 | } | |
0b13e9f0 | 130 | #endif |
dfeab068 | 131 | |
6b691a5c | 132 | void RAND_cleanup(void) |
0f113f3e MC |
133 | { |
134 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
135 | if (meth && meth->cleanup) | |
136 | meth->cleanup(); | |
137 | RAND_set_rand_method(NULL); | |
138 | } | |
dfeab068 | 139 | |
6343829a | 140 | void RAND_seed(const void *buf, int num) |
0f113f3e MC |
141 | { |
142 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
143 | if (meth && meth->seed) | |
144 | meth->seed(buf, num); | |
145 | } | |
dfeab068 | 146 | |
6343829a | 147 | void RAND_add(const void *buf, int num, double entropy) |
0f113f3e MC |
148 | { |
149 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
150 | if (meth && meth->add) | |
151 | meth->add(buf, num, entropy); | |
152 | } | |
eb952088 | 153 | |
6343829a | 154 | int RAND_bytes(unsigned char *buf, int num) |
0f113f3e MC |
155 | { |
156 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
157 | if (meth && meth->bytes) | |
158 | return meth->bytes(buf, num); | |
159 | return (-1); | |
160 | } | |
dfeab068 | 161 | |
6343829a | 162 | int RAND_pseudo_bytes(unsigned char *buf, int num) |
0f113f3e MC |
163 | { |
164 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
165 | if (meth && meth->pseudorand) | |
166 | return meth->pseudorand(buf, num); | |
167 | return (-1); | |
168 | } | |
5eb8ca4d BM |
169 | |
170 | int RAND_status(void) | |
0f113f3e MC |
171 | { |
172 | const RAND_METHOD *meth = RAND_get_rand_method(); | |
173 | if (meth && meth->status) | |
174 | return meth->status(); | |
175 | return 0; | |
176 | } | |
05e24c87 DSH |
177 | |
178 | #ifdef OPENSSL_FIPS | |
179 | ||
0f113f3e MC |
180 | /* |
181 | * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest | |
182 | * of OpenSSL. | |
05e24c87 DSH |
183 | */ |
184 | ||
0f113f3e MC |
185 | /* |
186 | * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather | |
05e24c87 DSH |
187 | * entropy internally through RAND_poll(). |
188 | */ | |
189 | ||
190 | static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, | |
0f113f3e MC |
191 | int entropy, size_t min_len, size_t max_len) |
192 | { | |
193 | /* Round up request to multiple of block size */ | |
194 | min_len = ((min_len + 19) / 20) * 20; | |
195 | *pout = OPENSSL_malloc(min_len); | |
196 | if (!*pout) | |
197 | return 0; | |
198 | if (RAND_SSLeay()->bytes(*pout, min_len) <= 0) { | |
199 | OPENSSL_free(*pout); | |
200 | *pout = NULL; | |
201 | return 0; | |
202 | } | |
203 | return min_len; | |
204 | } | |
05e24c87 DSH |
205 | |
206 | static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) | |
0f113f3e MC |
207 | { |
208 | if (out) { | |
209 | OPENSSL_cleanse(out, olen); | |
210 | OPENSSL_free(out); | |
211 | } | |
212 | } | |
05e24c87 | 213 | |
0f113f3e MC |
214 | /* |
215 | * Set "additional input" when generating random data. This uses the current | |
216 | * PID, a time value and a counter. | |
6653c6f2 DSH |
217 | */ |
218 | ||
219 | static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) | |
0f113f3e MC |
220 | { |
221 | /* Use of static variables is OK as this happens under a lock */ | |
222 | static unsigned char buf[16]; | |
223 | static unsigned long counter; | |
224 | FIPS_get_timevec(buf, &counter); | |
225 | rand_hw_xor(buf, sizeof(buf)); | |
226 | *pout = buf; | |
227 | return sizeof(buf); | |
228 | } | |
6653c6f2 | 229 | |
0f113f3e MC |
230 | /* |
231 | * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is | |
05e24c87 DSH |
232 | * correctly seeded by RAND_poll(). |
233 | */ | |
234 | ||
235 | static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, | |
0f113f3e MC |
236 | double entropy) |
237 | { | |
238 | return RAND_SSLeay()->add(in, inlen, entropy); | |
239 | } | |
05e24c87 DSH |
240 | |
241 | static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) | |
0f113f3e MC |
242 | { |
243 | return RAND_SSLeay()->seed(in, inlen); | |
244 | } | |
05e24c87 DSH |
245 | |
246 | int RAND_init_fips(void) | |
0f113f3e MC |
247 | { |
248 | DRBG_CTX *dctx; | |
249 | size_t plen; | |
250 | unsigned char pers[32], *p; | |
251 | dctx = FIPS_get_default_drbg(); | |
252 | FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF); | |
253 | FIPS_drbg_set_callbacks(dctx, | |
254 | drbg_get_entropy, drbg_free_entropy, 20, | |
255 | drbg_get_entropy, drbg_free_entropy); | |
256 | FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, | |
257 | drbg_rand_seed, drbg_rand_add); | |
258 | /* Personalisation string: a string followed by date time vector */ | |
259 | strcpy((char *)pers, "OpenSSL DRBG2.0"); | |
260 | plen = drbg_get_adin(dctx, &p); | |
261 | memcpy(pers + 16, p, plen); | |
6653c6f2 | 262 | |
0f113f3e MC |
263 | FIPS_drbg_instantiate(dctx, pers, sizeof(pers)); |
264 | FIPS_rand_set_method(FIPS_drbg_method()); | |
265 | return 1; | |
266 | } | |
05e24c87 DSH |
267 | |
268 | #endif |