]>
Commit | Line | Data |
---|---|---|
714a1bb3 | 1 | /* |
fecb3aae | 2 | * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. |
714a1bb3 P |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <openssl/crypto.h> | |
12 | #include <openssl/err.h> | |
13 | #include <openssl/rand.h> | |
f000e828 | 14 | #include <openssl/evp.h> |
714a1bb3 | 15 | #include "crypto/rand.h" |
2741128e | 16 | #include <openssl/proverr.h> |
714a1bb3 P |
17 | #include "drbg_local.h" |
18 | #include "internal/thread_once.h" | |
19 | #include "crypto/cryptlib.h" | |
f000e828 | 20 | #include "prov/seeding.h" |
08edd447 | 21 | #include "crypto/rand_pool.h" |
f000e828 | 22 | #include "prov/provider_ctx.h" |
aef30ad0 | 23 | #include "prov/providercommon.h" |
927d0566 | 24 | #include "crypto/context.h" |
714a1bb3 P |
25 | |
26 | /* | |
27 | * Support framework for NIST SP 800-90A DRBG | |
28 | * | |
29 | * See manual page PROV_DRBG(7) for a general overview. | |
30 | * | |
31 | * The OpenSSL model is to have new and free functions, and that new | |
32 | * does all initialization. That is not the NIST model, which has | |
33 | * instantiation and un-instantiate, and re-use within a new/free | |
34 | * lifecycle. (No doubt this comes from the desire to support hardware | |
35 | * DRBG, where allocation of resources on something like an HSM is | |
36 | * a much bigger deal than just re-setting an allocated resource.) | |
37 | */ | |
38 | ||
714a1bb3 P |
39 | /* NIST SP 800-90A DRBG recommends the use of a personalization string. */ |
40 | static const char ossl_pers_string[] = DRBG_DEFAULT_PERS_STRING; | |
41 | ||
714a1bb3 P |
42 | static const OSSL_DISPATCH *find_call(const OSSL_DISPATCH *dispatch, |
43 | int function); | |
44 | ||
f000e828 P |
45 | static int rand_drbg_restart(PROV_DRBG *drbg); |
46 | ||
b24d6c33 | 47 | int ossl_drbg_lock(void *vctx) |
714a1bb3 P |
48 | { |
49 | PROV_DRBG *drbg = vctx; | |
50 | ||
51 | if (drbg == NULL || drbg->lock == NULL) | |
52 | return 1; | |
53 | return CRYPTO_THREAD_write_lock(drbg->lock); | |
54 | } | |
55 | ||
b24d6c33 | 56 | void ossl_drbg_unlock(void *vctx) |
714a1bb3 P |
57 | { |
58 | PROV_DRBG *drbg = vctx; | |
59 | ||
60 | if (drbg != NULL && drbg->lock != NULL) | |
61 | CRYPTO_THREAD_unlock(drbg->lock); | |
62 | } | |
63 | ||
b24d6c33 | 64 | static int ossl_drbg_lock_parent(PROV_DRBG *drbg) |
714a1bb3 P |
65 | { |
66 | void *parent = drbg->parent; | |
714a1bb3 | 67 | |
f000e828 P |
68 | if (parent != NULL |
69 | && drbg->parent_lock != NULL | |
70 | && !drbg->parent_lock(parent)) { | |
71 | ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_LOCKING_NOT_ENABLED); | |
72 | return 0; | |
714a1bb3 P |
73 | } |
74 | return 1; | |
75 | } | |
76 | ||
b24d6c33 | 77 | static void ossl_drbg_unlock_parent(PROV_DRBG *drbg) |
714a1bb3 P |
78 | { |
79 | void *parent = drbg->parent; | |
714a1bb3 | 80 | |
f000e828 P |
81 | if (parent != NULL && drbg->parent_unlock != NULL) |
82 | drbg->parent_unlock(parent); | |
714a1bb3 P |
83 | } |
84 | ||
f000e828 | 85 | static int get_parent_strength(PROV_DRBG *drbg, unsigned int *str) |
714a1bb3 P |
86 | { |
87 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; | |
714a1bb3 | 88 | void *parent = drbg->parent; |
f000e828 | 89 | int res; |
714a1bb3 | 90 | |
f000e828 P |
91 | if (drbg->parent_get_ctx_params == NULL) { |
92 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH); | |
714a1bb3 P |
93 | return 0; |
94 | } | |
f000e828 P |
95 | |
96 | *params = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, str); | |
b24d6c33 | 97 | if (!ossl_drbg_lock_parent(drbg)) { |
f000e828 | 98 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOCK_PARENT); |
714a1bb3 P |
99 | return 0; |
100 | } | |
f000e828 | 101 | res = drbg->parent_get_ctx_params(parent, params); |
b24d6c33 | 102 | ossl_drbg_unlock_parent(drbg); |
f000e828 P |
103 | if (!res) { |
104 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH); | |
714a1bb3 P |
105 | return 0; |
106 | } | |
714a1bb3 P |
107 | return 1; |
108 | } | |
109 | ||
110 | static unsigned int get_parent_reseed_count(PROV_DRBG *drbg) | |
111 | { | |
112 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; | |
714a1bb3 | 113 | void *parent = drbg->parent; |
08edd447 | 114 | unsigned int r = 0; |
714a1bb3 | 115 | |
b0614f0a | 116 | *params = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, &r); |
b24d6c33 | 117 | if (!ossl_drbg_lock_parent(drbg)) { |
f000e828 | 118 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOCK_PARENT); |
714a1bb3 P |
119 | goto err; |
120 | } | |
08edd447 P |
121 | if (!drbg->parent_get_ctx_params(parent, params)) |
122 | r = 0; | |
b24d6c33 | 123 | ossl_drbg_unlock_parent(drbg); |
714a1bb3 P |
124 | return r; |
125 | ||
126 | err: | |
f000e828 | 127 | r = tsan_load(&drbg->reseed_counter) - 2; |
714a1bb3 P |
128 | if (r == 0) |
129 | r = UINT_MAX; | |
130 | return r; | |
131 | } | |
132 | ||
714a1bb3 | 133 | /* |
4f14a378 | 134 | * Implements the get_entropy() callback |
714a1bb3 P |
135 | * |
136 | * If the DRBG has a parent, then the required amount of entropy input | |
7d6766cb | 137 | * is fetched using the parent's ossl_prov_drbg_generate(). |
714a1bb3 P |
138 | * |
139 | * Otherwise, the entropy is polled from the system entropy sources | |
1dc188ba | 140 | * using ossl_pool_acquire_entropy(). |
714a1bb3 P |
141 | * |
142 | * If a random pool has been added to the DRBG using RAND_add(), then | |
143 | * its entropy will be used up first. | |
144 | */ | |
335e85f5 P |
145 | size_t ossl_drbg_get_seed(void *vdrbg, unsigned char **pout, |
146 | int entropy, size_t min_len, | |
147 | size_t max_len, int prediction_resistance, | |
148 | const unsigned char *adin, size_t adin_len) | |
714a1bb3 | 149 | { |
335e85f5 P |
150 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
151 | size_t bytes_needed; | |
08edd447 | 152 | unsigned char *buffer; |
714a1bb3 | 153 | |
08edd447 P |
154 | /* Figure out how many bytes we need */ |
155 | bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0; | |
156 | if (bytes_needed < min_len) | |
157 | bytes_needed = min_len; | |
158 | if (bytes_needed > max_len) | |
159 | bytes_needed = max_len; | |
714a1bb3 | 160 | |
08edd447 P |
161 | /* Allocate storage */ |
162 | buffer = OPENSSL_secure_malloc(bytes_needed); | |
163 | if (buffer == NULL) { | |
164 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
165 | return 0; | |
714a1bb3 P |
166 | } |
167 | ||
08edd447 | 168 | /* |
335e85f5 | 169 | * Get random data. Include our DRBG address as |
08edd447 P |
170 | * additional input, in order to provide a distinction between |
171 | * different DRBG child instances. | |
172 | * | |
173 | * Note: using the sizeof() operator on a pointer triggers | |
174 | * a warning in some static code analyzers, but it's | |
175 | * intentional and correct here. | |
176 | */ | |
335e85f5 P |
177 | if (!ossl_prov_drbg_generate(drbg, buffer, bytes_needed, |
178 | drbg->strength, prediction_resistance, | |
179 | (unsigned char *)&drbg, sizeof(drbg))) { | |
08edd447 P |
180 | OPENSSL_secure_clear_free(buffer, bytes_needed); |
181 | ERR_raise(ERR_LIB_PROV, PROV_R_GENERATE_ERROR); | |
182 | return 0; | |
714a1bb3 | 183 | } |
08edd447 P |
184 | *pout = buffer; |
185 | return bytes_needed; | |
714a1bb3 P |
186 | } |
187 | ||
335e85f5 P |
188 | /* Implements the cleanup_entropy() callback */ |
189 | void ossl_drbg_clear_seed(ossl_unused void *vdrbg, | |
190 | unsigned char *out, size_t outlen) | |
714a1bb3 | 191 | { |
08edd447 | 192 | OPENSSL_secure_clear_free(out, outlen); |
714a1bb3 | 193 | } |
f000e828 P |
194 | |
195 | static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy, | |
196 | size_t min_len, size_t max_len, | |
197 | int prediction_resistance) | |
198 | { | |
335e85f5 P |
199 | size_t bytes; |
200 | unsigned int p_str; | |
201 | ||
f000e828 | 202 | if (drbg->parent == NULL) |
08edd447 | 203 | #ifdef FIPS_MODULE |
1dc188ba | 204 | return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len, |
f000e828 | 205 | prediction_resistance); |
08edd447 P |
206 | #else |
207 | return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len, | |
208 | max_len); | |
f000e828 P |
209 | #endif |
210 | ||
335e85f5 P |
211 | if (drbg->parent_get_seed == NULL) { |
212 | ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED); | |
213 | return 0; | |
214 | } | |
215 | if (!get_parent_strength(drbg, &p_str)) | |
216 | return 0; | |
217 | if (drbg->strength > p_str) { | |
218 | /* | |
219 | * We currently don't support the algorithm from NIST SP 800-90C | |
220 | * 10.1.2 to use a weaker DRBG as source | |
221 | */ | |
222 | ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_STRENGTH_TOO_WEAK); | |
223 | return 0; | |
224 | } | |
225 | ||
226 | /* | |
227 | * Our lock is already held, but we need to lock our parent before | |
228 | * generating bits from it. Note: taking the lock will be a no-op | |
229 | * if locking is not required (while drbg->parent->lock == NULL). | |
230 | */ | |
231 | if (!ossl_drbg_lock_parent(drbg)) | |
232 | return 0; | |
233 | /* | |
234 | * Get random data from parent. Include our DRBG address as | |
235 | * additional input, in order to provide a distinction between | |
236 | * different DRBG child instances. | |
237 | * | |
238 | * Note: using the sizeof() operator on a pointer triggers | |
239 | * a warning in some static code analyzers, but it's | |
240 | * intentional and correct here. | |
241 | */ | |
242 | bytes = drbg->parent_get_seed(drbg->parent, pout, drbg->strength, | |
243 | min_len, max_len, prediction_resistance, | |
244 | (unsigned char *)&drbg, sizeof(drbg)); | |
245 | ossl_drbg_unlock_parent(drbg); | |
246 | return bytes; | |
f000e828 P |
247 | } |
248 | ||
249 | static void cleanup_entropy(PROV_DRBG *drbg, unsigned char *out, size_t outlen) | |
250 | { | |
08edd447 | 251 | if (drbg->parent == NULL) { |
f000e828 | 252 | #ifdef FIPS_MODULE |
1dc188ba | 253 | ossl_crngt_cleanup_entropy(drbg, out, outlen); |
08edd447 P |
254 | #else |
255 | ossl_prov_cleanup_entropy(drbg->provctx, out, outlen); | |
714a1bb3 | 256 | #endif |
335e85f5 P |
257 | } else if (drbg->parent_clear_seed != NULL) { |
258 | if (!ossl_drbg_lock_parent(drbg)) | |
259 | return; | |
260 | drbg->parent_clear_seed(drbg, out, outlen); | |
261 | ossl_drbg_unlock_parent(drbg); | |
08edd447 | 262 | } |
f000e828 | 263 | } |
714a1bb3 P |
264 | |
265 | #ifndef PROV_RAND_GET_RANDOM_NONCE | |
266 | typedef struct prov_drbg_nonce_global_st { | |
267 | CRYPTO_RWLOCK *rand_nonce_lock; | |
268 | int rand_nonce_count; | |
269 | } PROV_DRBG_NONCE_GLOBAL; | |
270 | ||
271 | /* | |
272 | * drbg_ossl_ctx_new() calls drgb_setup() which calls rand_drbg_get_nonce() | |
b4250010 | 273 | * which needs to get the rand_nonce_lock out of the OSSL_LIB_CTX...but since |
714a1bb3 P |
274 | * drbg_ossl_ctx_new() hasn't finished running yet we need the rand_nonce_lock |
275 | * to be in a different global data object. Otherwise we will go into an | |
276 | * infinite recursion loop. | |
277 | */ | |
927d0566 | 278 | void *ossl_prov_drbg_nonce_ctx_new(OSSL_LIB_CTX *libctx) |
714a1bb3 P |
279 | { |
280 | PROV_DRBG_NONCE_GLOBAL *dngbl = OPENSSL_zalloc(sizeof(*dngbl)); | |
281 | ||
282 | if (dngbl == NULL) | |
283 | return NULL; | |
284 | ||
285 | dngbl->rand_nonce_lock = CRYPTO_THREAD_lock_new(); | |
286 | if (dngbl->rand_nonce_lock == NULL) { | |
287 | OPENSSL_free(dngbl); | |
288 | return NULL; | |
289 | } | |
290 | ||
291 | return dngbl; | |
292 | } | |
293 | ||
927d0566 | 294 | void ossl_prov_drbg_nonce_ctx_free(void *vdngbl) |
714a1bb3 P |
295 | { |
296 | PROV_DRBG_NONCE_GLOBAL *dngbl = vdngbl; | |
297 | ||
298 | if (dngbl == NULL) | |
299 | return; | |
300 | ||
301 | CRYPTO_THREAD_lock_free(dngbl->rand_nonce_lock); | |
302 | ||
303 | OPENSSL_free(dngbl); | |
304 | } | |
305 | ||
714a1bb3 | 306 | /* Get a nonce from the operating system */ |
08edd447 P |
307 | static size_t prov_drbg_get_nonce(PROV_DRBG *drbg, unsigned char **pout, |
308 | size_t min_len, size_t max_len) | |
714a1bb3 | 309 | { |
f000e828 | 310 | size_t ret = 0, n; |
f000e828 | 311 | unsigned char *buf = NULL; |
08edd447 | 312 | OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); |
714a1bb3 | 313 | PROV_DRBG_NONCE_GLOBAL *dngbl |
927d0566 | 314 | = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_NONCE_INDEX); |
714a1bb3 | 315 | struct { |
08edd447 | 316 | void *drbg; |
714a1bb3 P |
317 | int count; |
318 | } data; | |
08edd447 | 319 | |
714a1bb3 P |
320 | if (dngbl == NULL) |
321 | return 0; | |
322 | ||
08edd447 P |
323 | if (drbg->parent != NULL && drbg->parent_nonce != NULL) { |
324 | n = drbg->parent_nonce(drbg->parent, NULL, 0, drbg->min_noncelen, | |
325 | drbg->max_noncelen); | |
326 | if (n > 0 && (buf = OPENSSL_malloc(n)) != NULL) { | |
327 | ret = drbg->parent_nonce(drbg->parent, buf, 0, | |
328 | drbg->min_noncelen, drbg->max_noncelen); | |
329 | if (ret == n) { | |
330 | *pout = buf; | |
331 | return ret; | |
f000e828 | 332 | } |
08edd447 | 333 | OPENSSL_free(buf); |
f000e828 P |
334 | } |
335 | } | |
336 | ||
08edd447 | 337 | /* Use the built in nonce source plus some of our specifics */ |
714a1bb3 | 338 | memset(&data, 0, sizeof(data)); |
08edd447 | 339 | data.drbg = drbg; |
714a1bb3 P |
340 | CRYPTO_atomic_add(&dngbl->rand_nonce_count, 1, &data.count, |
341 | dngbl->rand_nonce_lock); | |
08edd447 P |
342 | return ossl_prov_get_nonce(drbg->provctx, pout, min_len, max_len, |
343 | &data, sizeof(data)); | |
714a1bb3 | 344 | } |
f000e828 | 345 | #endif /* PROV_RAND_GET_RANDOM_NONCE */ |
714a1bb3 P |
346 | |
347 | /* | |
348 | * Instantiate |drbg|, after it has been initialized. Use |pers| and | |
349 | * |perslen| as prediction-resistance input. | |
350 | * | |
351 | * Requires that drbg->lock is already locked for write, if non-null. | |
352 | * | |
353 | * Returns 1 on success, 0 on failure. | |
354 | */ | |
7d6766cb P |
355 | int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength, |
356 | int prediction_resistance, | |
357 | const unsigned char *pers, size_t perslen) | |
714a1bb3 P |
358 | { |
359 | unsigned char *nonce = NULL, *entropy = NULL; | |
360 | size_t noncelen = 0, entropylen = 0; | |
361 | size_t min_entropy, min_entropylen, max_entropylen; | |
714a1bb3 P |
362 | |
363 | if (strength > drbg->strength) { | |
6debc6ab | 364 | ERR_raise(ERR_LIB_PROV, PROV_R_INSUFFICIENT_DRBG_STRENGTH); |
714a1bb3 P |
365 | goto end; |
366 | } | |
367 | min_entropy = drbg->strength; | |
368 | min_entropylen = drbg->min_entropylen; | |
369 | max_entropylen = drbg->max_entropylen; | |
370 | ||
371 | if (pers == NULL) { | |
372 | pers = (const unsigned char *)ossl_pers_string; | |
373 | perslen = sizeof(ossl_pers_string); | |
374 | } | |
375 | if (perslen > drbg->max_perslen) { | |
6debc6ab | 376 | ERR_raise(ERR_LIB_PROV, PROV_R_PERSONALISATION_STRING_TOO_LONG); |
714a1bb3 P |
377 | goto end; |
378 | } | |
379 | ||
f000e828 P |
380 | if (drbg->state != EVP_RAND_STATE_UNINITIALISED) { |
381 | if (drbg->state == EVP_RAND_STATE_ERROR) | |
6debc6ab | 382 | ERR_raise(ERR_LIB_PROV, PROV_R_IN_ERROR_STATE); |
714a1bb3 | 383 | else |
6debc6ab | 384 | ERR_raise(ERR_LIB_PROV, PROV_R_ALREADY_INSTANTIATED); |
714a1bb3 P |
385 | goto end; |
386 | } | |
387 | ||
f000e828 | 388 | drbg->state = EVP_RAND_STATE_ERROR; |
714a1bb3 P |
389 | |
390 | if (drbg->min_noncelen > 0) { | |
f000e828 P |
391 | if (drbg->parent_nonce != NULL) { |
392 | noncelen = drbg->parent_nonce(drbg->parent, NULL, drbg->strength, | |
393 | drbg->min_noncelen, | |
394 | drbg->max_noncelen); | |
395 | if (noncelen == 0) { | |
6debc6ab | 396 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); |
f000e828 P |
397 | goto end; |
398 | } | |
399 | nonce = OPENSSL_malloc(noncelen); | |
400 | if (nonce == NULL) { | |
6debc6ab | 401 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); |
f000e828 P |
402 | goto end; |
403 | } | |
404 | if (noncelen != drbg->parent_nonce(drbg->parent, nonce, | |
405 | drbg->strength, | |
406 | drbg->min_noncelen, | |
407 | drbg->max_noncelen)) { | |
6debc6ab | 408 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); |
c4d02214 | 409 | goto end; |
f000e828 | 410 | } |
714a1bb3 | 411 | #ifndef PROV_RAND_GET_RANDOM_NONCE |
f000e828 | 412 | } else if (drbg->parent != NULL) { |
714a1bb3 | 413 | #endif |
f000e828 P |
414 | /* |
415 | * NIST SP800-90Ar1 section 9.1 says you can combine getting | |
416 | * the entropy and nonce in 1 call by increasing the entropy | |
417 | * with 50% and increasing the minimum length to accommodate | |
418 | * the length of the nonce. We do this in case a nonce is | |
419 | * required and there is no parental nonce capability. | |
420 | */ | |
421 | min_entropy += drbg->strength / 2; | |
422 | min_entropylen += drbg->min_noncelen; | |
423 | max_entropylen += drbg->max_noncelen; | |
714a1bb3 P |
424 | } |
425 | #ifndef PROV_RAND_GET_RANDOM_NONCE | |
426 | else { /* parent == NULL */ | |
08edd447 | 427 | noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen, |
714a1bb3 P |
428 | drbg->max_noncelen); |
429 | if (noncelen < drbg->min_noncelen | |
430 | || noncelen > drbg->max_noncelen) { | |
6debc6ab | 431 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_NONCE); |
714a1bb3 P |
432 | goto end; |
433 | } | |
434 | } | |
435 | #endif | |
436 | } | |
437 | ||
f000e828 | 438 | drbg->reseed_next_counter = tsan_load(&drbg->reseed_counter); |
714a1bb3 P |
439 | if (drbg->reseed_next_counter) { |
440 | drbg->reseed_next_counter++; | |
f000e828 | 441 | if (!drbg->reseed_next_counter) |
714a1bb3 P |
442 | drbg->reseed_next_counter = 1; |
443 | } | |
444 | ||
445 | entropylen = get_entropy(drbg, &entropy, min_entropy, | |
446 | min_entropylen, max_entropylen, | |
447 | prediction_resistance); | |
448 | if (entropylen < min_entropylen | |
449 | || entropylen > max_entropylen) { | |
6debc6ab | 450 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_ENTROPY); |
714a1bb3 P |
451 | goto end; |
452 | } | |
453 | ||
f000e828 P |
454 | if (!drbg->instantiate(drbg, entropy, entropylen, nonce, noncelen, |
455 | pers, perslen)) { | |
caf569a5 | 456 | cleanup_entropy(drbg, entropy, entropylen); |
6debc6ab | 457 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_INSTANTIATING_DRBG); |
714a1bb3 P |
458 | goto end; |
459 | } | |
caf569a5 | 460 | cleanup_entropy(drbg, entropy, entropylen); |
714a1bb3 | 461 | |
f000e828 | 462 | drbg->state = EVP_RAND_STATE_READY; |
b0614f0a | 463 | drbg->generate_counter = 1; |
714a1bb3 | 464 | drbg->reseed_time = time(NULL); |
f000e828 | 465 | tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter); |
714a1bb3 P |
466 | |
467 | end: | |
08edd447 P |
468 | if (nonce != NULL) |
469 | ossl_prov_cleanup_nonce(drbg->provctx, nonce, noncelen); | |
f000e828 | 470 | if (drbg->state == EVP_RAND_STATE_READY) |
714a1bb3 P |
471 | return 1; |
472 | return 0; | |
473 | } | |
474 | ||
f000e828 P |
475 | /* |
476 | * Uninstantiate |drbg|. Must be instantiated before it can be used. | |
477 | * | |
478 | * Requires that drbg->lock is already locked for write, if non-null. | |
479 | * | |
480 | * Returns 1 on success, 0 on failure. | |
481 | */ | |
7d6766cb | 482 | int ossl_prov_drbg_uninstantiate(PROV_DRBG *drbg) |
f000e828 P |
483 | { |
484 | drbg->state = EVP_RAND_STATE_UNINITIALISED; | |
485 | return 1; | |
486 | } | |
487 | ||
714a1bb3 P |
488 | /* |
489 | * Reseed |drbg|, mixing in the specified data | |
490 | * | |
491 | * Requires that drbg->lock is already locked for write, if non-null. | |
492 | * | |
493 | * Returns 1 on success, 0 on failure. | |
494 | */ | |
7d6766cb P |
495 | int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance, |
496 | const unsigned char *ent, size_t ent_len, | |
497 | const unsigned char *adin, size_t adinlen) | |
714a1bb3 P |
498 | { |
499 | unsigned char *entropy = NULL; | |
500 | size_t entropylen = 0; | |
501 | ||
aef30ad0 P |
502 | if (!ossl_prov_is_running()) |
503 | return 0; | |
504 | ||
f000e828 P |
505 | if (drbg->state != EVP_RAND_STATE_READY) { |
506 | /* try to recover from previous errors */ | |
507 | rand_drbg_restart(drbg); | |
508 | ||
509 | if (drbg->state == EVP_RAND_STATE_ERROR) { | |
6debc6ab | 510 | ERR_raise(ERR_LIB_PROV, PROV_R_IN_ERROR_STATE); |
f000e828 P |
511 | return 0; |
512 | } | |
513 | if (drbg->state == EVP_RAND_STATE_UNINITIALISED) { | |
6debc6ab | 514 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_INSTANTIATED); |
f000e828 P |
515 | return 0; |
516 | } | |
714a1bb3 | 517 | } |
f000e828 P |
518 | |
519 | if (ent != NULL) { | |
520 | if (ent_len < drbg->min_entropylen) { | |
6debc6ab | 521 | ERR_raise(ERR_LIB_RAND, RAND_R_ENTROPY_OUT_OF_RANGE); |
f000e828 P |
522 | drbg->state = EVP_RAND_STATE_ERROR; |
523 | return 0; | |
524 | } | |
525 | if (ent_len > drbg->max_entropylen) { | |
6debc6ab | 526 | ERR_raise(ERR_LIB_RAND, RAND_R_ENTROPY_INPUT_TOO_LONG); |
f000e828 P |
527 | drbg->state = EVP_RAND_STATE_ERROR; |
528 | return 0; | |
529 | } | |
714a1bb3 P |
530 | } |
531 | ||
532 | if (adin == NULL) { | |
533 | adinlen = 0; | |
534 | } else if (adinlen > drbg->max_adinlen) { | |
6debc6ab | 535 | ERR_raise(ERR_LIB_PROV, PROV_R_ADDITIONAL_INPUT_TOO_LONG); |
714a1bb3 P |
536 | return 0; |
537 | } | |
538 | ||
f000e828 | 539 | drbg->state = EVP_RAND_STATE_ERROR; |
714a1bb3 | 540 | |
f000e828 | 541 | drbg->reseed_next_counter = tsan_load(&drbg->reseed_counter); |
714a1bb3 P |
542 | if (drbg->reseed_next_counter) { |
543 | drbg->reseed_next_counter++; | |
f000e828 | 544 | if (!drbg->reseed_next_counter) |
714a1bb3 P |
545 | drbg->reseed_next_counter = 1; |
546 | } | |
547 | ||
f000e828 | 548 | if (ent != NULL) { |
1d30b0a4 | 549 | #ifdef FIPS_MODULE |
f000e828 P |
550 | /* |
551 | * NIST SP-800-90A mandates that entropy *shall not* be provided | |
552 | * by the consuming application. Instead the data is added as additional | |
553 | * input. | |
554 | * | |
555 | * (NIST SP-800-90Ar1, Sections 9.1 and 9.2) | |
556 | */ | |
557 | if (!drbg->reseed(drbg, NULL, 0, ent, ent_len)) { | |
558 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_RESEED); | |
559 | return 0; | |
560 | } | |
561 | #else | |
562 | if (!drbg->reseed(drbg, ent, ent_len, adin, adinlen)) { | |
563 | ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_RESEED); | |
564 | return 0; | |
565 | } | |
566 | /* There isn't much point adding the same additional input twice */ | |
567 | adin = NULL; | |
568 | adinlen = 0; | |
569 | #endif | |
570 | } | |
571 | ||
572 | /* Reseed using our sources in addition */ | |
714a1bb3 P |
573 | entropylen = get_entropy(drbg, &entropy, drbg->strength, |
574 | drbg->min_entropylen, drbg->max_entropylen, | |
575 | prediction_resistance); | |
576 | if (entropylen < drbg->min_entropylen | |
577 | || entropylen > drbg->max_entropylen) { | |
6debc6ab | 578 | ERR_raise(ERR_LIB_PROV, PROV_R_ERROR_RETRIEVING_ENTROPY); |
714a1bb3 P |
579 | goto end; |
580 | } | |
581 | ||
f000e828 | 582 | if (!drbg->reseed(drbg, entropy, entropylen, adin, adinlen)) |
714a1bb3 P |
583 | goto end; |
584 | ||
f000e828 | 585 | drbg->state = EVP_RAND_STATE_READY; |
b0614f0a | 586 | drbg->generate_counter = 1; |
714a1bb3 | 587 | drbg->reseed_time = time(NULL); |
f000e828 P |
588 | tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter); |
589 | if (drbg->parent != NULL) | |
590 | drbg->parent_reseed_counter = get_parent_reseed_count(drbg); | |
714a1bb3 P |
591 | |
592 | end: | |
f000e828 P |
593 | cleanup_entropy(drbg, entropy, entropylen); |
594 | if (drbg->state == EVP_RAND_STATE_READY) | |
714a1bb3 P |
595 | return 1; |
596 | return 0; | |
597 | } | |
598 | ||
599 | /* | |
600 | * Generate |outlen| bytes into the buffer at |out|. Reseed if we need | |
601 | * to or if |prediction_resistance| is set. Additional input can be | |
602 | * sent in |adin| and |adinlen|. | |
603 | * | |
604 | * Requires that drbg->lock is already locked for write, if non-null. | |
605 | * | |
606 | * Returns 1 on success, 0 on failure. | |
607 | * | |
608 | */ | |
7d6766cb P |
609 | int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, |
610 | unsigned int strength, int prediction_resistance, | |
611 | const unsigned char *adin, size_t adinlen) | |
714a1bb3 P |
612 | { |
613 | int fork_id; | |
614 | int reseed_required = 0; | |
615 | ||
aef30ad0 P |
616 | if (!ossl_prov_is_running()) |
617 | return 0; | |
618 | ||
f000e828 P |
619 | if (drbg->state != EVP_RAND_STATE_READY) { |
620 | /* try to recover from previous errors */ | |
621 | rand_drbg_restart(drbg); | |
622 | ||
623 | if (drbg->state == EVP_RAND_STATE_ERROR) { | |
6debc6ab | 624 | ERR_raise(ERR_LIB_PROV, PROV_R_IN_ERROR_STATE); |
714a1bb3 P |
625 | return 0; |
626 | } | |
f000e828 | 627 | if (drbg->state == EVP_RAND_STATE_UNINITIALISED) { |
6debc6ab | 628 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_INSTANTIATED); |
714a1bb3 P |
629 | return 0; |
630 | } | |
631 | } | |
f000e828 | 632 | if (strength > drbg->strength) { |
6debc6ab | 633 | ERR_raise(ERR_LIB_PROV, PROV_R_INSUFFICIENT_DRBG_STRENGTH); |
f000e828 P |
634 | return 0; |
635 | } | |
714a1bb3 P |
636 | |
637 | if (outlen > drbg->max_request) { | |
6debc6ab | 638 | ERR_raise(ERR_LIB_PROV, PROV_R_REQUEST_TOO_LARGE_FOR_DRBG); |
714a1bb3 P |
639 | return 0; |
640 | } | |
641 | if (adinlen > drbg->max_adinlen) { | |
6debc6ab | 642 | ERR_raise(ERR_LIB_PROV, PROV_R_ADDITIONAL_INPUT_TOO_LONG); |
714a1bb3 P |
643 | return 0; |
644 | } | |
645 | ||
646 | fork_id = openssl_get_fork_id(); | |
647 | ||
648 | if (drbg->fork_id != fork_id) { | |
649 | drbg->fork_id = fork_id; | |
650 | reseed_required = 1; | |
651 | } | |
652 | ||
653 | if (drbg->reseed_interval > 0) { | |
b0614f0a | 654 | if (drbg->generate_counter >= drbg->reseed_interval) |
714a1bb3 P |
655 | reseed_required = 1; |
656 | } | |
657 | if (drbg->reseed_time_interval > 0) { | |
658 | time_t now = time(NULL); | |
659 | if (now < drbg->reseed_time | |
660 | || now - drbg->reseed_time >= drbg->reseed_time_interval) | |
661 | reseed_required = 1; | |
662 | } | |
f000e828 P |
663 | if (drbg->parent != NULL |
664 | && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) | |
665 | reseed_required = 1; | |
714a1bb3 P |
666 | |
667 | if (reseed_required || prediction_resistance) { | |
7d6766cb P |
668 | if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0, |
669 | adin, adinlen)) { | |
6debc6ab | 670 | ERR_raise(ERR_LIB_PROV, PROV_R_RESEED_ERROR); |
714a1bb3 P |
671 | return 0; |
672 | } | |
673 | adin = NULL; | |
674 | adinlen = 0; | |
675 | } | |
676 | ||
f000e828 P |
677 | if (!drbg->generate(drbg, out, outlen, adin, adinlen)) { |
678 | drbg->state = EVP_RAND_STATE_ERROR; | |
6debc6ab | 679 | ERR_raise(ERR_LIB_PROV, PROV_R_GENERATE_ERROR); |
714a1bb3 P |
680 | return 0; |
681 | } | |
682 | ||
b0614f0a | 683 | drbg->generate_counter++; |
714a1bb3 P |
684 | |
685 | return 1; | |
686 | } | |
687 | ||
714a1bb3 | 688 | /* |
f000e828 P |
689 | * Restart |drbg|, using the specified entropy or additional input |
690 | * | |
691 | * Tries its best to get the drbg instantiated by all means, | |
692 | * regardless of its current state. | |
693 | * | |
694 | * Optionally, a |buffer| of |len| random bytes can be passed, | |
695 | * which is assumed to contain at least |entropy| bits of entropy. | |
696 | * | |
697 | * If |entropy| > 0, the buffer content is used as entropy input. | |
698 | * | |
699 | * If |entropy| == 0, the buffer content is used as additional input | |
700 | * | |
701 | * Returns 1 on success, 0 on failure. | |
702 | * | |
703 | * This function is used internally only. | |
714a1bb3 | 704 | */ |
f000e828 | 705 | static int rand_drbg_restart(PROV_DRBG *drbg) |
714a1bb3 | 706 | { |
f000e828 P |
707 | /* repair error state */ |
708 | if (drbg->state == EVP_RAND_STATE_ERROR) | |
709 | drbg->uninstantiate(drbg); | |
710 | ||
711 | /* repair uninitialized state */ | |
712 | if (drbg->state == EVP_RAND_STATE_UNINITIALISED) | |
713 | /* reinstantiate drbg */ | |
7d6766cb | 714 | ossl_prov_drbg_instantiate(drbg, drbg->strength, 0, NULL, 0); |
714a1bb3 | 715 | |
f000e828 | 716 | return drbg->state == EVP_RAND_STATE_READY; |
714a1bb3 | 717 | } |
714a1bb3 P |
718 | |
719 | /* Provider support from here down */ | |
720 | static const OSSL_DISPATCH *find_call(const OSSL_DISPATCH *dispatch, | |
721 | int function) | |
722 | { | |
723 | if (dispatch != NULL) | |
f000e828 | 724 | while (dispatch->function_id != 0) { |
714a1bb3 P |
725 | if (dispatch->function_id == function) |
726 | return dispatch; | |
f000e828 P |
727 | dispatch++; |
728 | } | |
714a1bb3 P |
729 | return NULL; |
730 | } | |
731 | ||
b24d6c33 | 732 | int ossl_drbg_enable_locking(void *vctx) |
714a1bb3 P |
733 | { |
734 | PROV_DRBG *drbg = vctx; | |
714a1bb3 | 735 | |
f000e828 P |
736 | if (drbg != NULL && drbg->lock == NULL) { |
737 | if (drbg->parent_enable_locking != NULL) | |
738 | if (!drbg->parent_enable_locking(drbg->parent)) { | |
739 | ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_LOCKING_NOT_ENABLED); | |
714a1bb3 P |
740 | return 0; |
741 | } | |
742 | drbg->lock = CRYPTO_THREAD_lock_new(); | |
743 | if (drbg->lock == NULL) { | |
f000e828 | 744 | ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_CREATE_LOCK); |
714a1bb3 P |
745 | return 0; |
746 | } | |
747 | } | |
748 | return 1; | |
749 | } | |
750 | ||
751 | /* | |
752 | * Allocate memory and initialize a new DRBG. The DRBG is allocated on | |
753 | * the secure heap if |secure| is nonzero and the secure heap is enabled. | |
754 | * The |parent|, if not NULL, will be used as random source for reseeding. | |
755 | * This also requires the parent's provider context and the parent's lock. | |
756 | * | |
757 | * Returns a pointer to the new DRBG instance on success, NULL on failure. | |
758 | */ | |
1dc188ba | 759 | PROV_DRBG *ossl_rand_drbg_new |
f000e828 P |
760 | (void *provctx, void *parent, const OSSL_DISPATCH *p_dispatch, |
761 | int (*dnew)(PROV_DRBG *ctx), | |
762 | int (*instantiate)(PROV_DRBG *drbg, | |
763 | const unsigned char *entropy, size_t entropylen, | |
764 | const unsigned char *nonce, size_t noncelen, | |
765 | const unsigned char *pers, size_t perslen), | |
766 | int (*uninstantiate)(PROV_DRBG *ctx), | |
767 | int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len, | |
768 | const unsigned char *adin, size_t adin_len), | |
769 | int (*generate)(PROV_DRBG *, unsigned char *out, size_t outlen, | |
770 | const unsigned char *adin, size_t adin_len)) | |
714a1bb3 | 771 | { |
aef30ad0 | 772 | PROV_DRBG *drbg; |
f000e828 P |
773 | unsigned int p_str; |
774 | const OSSL_DISPATCH *pfunc; | |
714a1bb3 | 775 | |
aef30ad0 P |
776 | if (!ossl_prov_is_running()) |
777 | return NULL; | |
778 | ||
779 | drbg = OPENSSL_zalloc(sizeof(*drbg)); | |
714a1bb3 P |
780 | if (drbg == NULL) { |
781 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
782 | return NULL; | |
783 | } | |
784 | ||
f000e828 P |
785 | drbg->provctx = provctx; |
786 | drbg->instantiate = instantiate; | |
787 | drbg->uninstantiate = uninstantiate; | |
788 | drbg->reseed = reseed; | |
789 | drbg->generate = generate; | |
790 | drbg->fork_id = openssl_get_fork_id(); | |
791 | ||
792 | /* Extract parent's functions */ | |
714a1bb3 | 793 | drbg->parent = parent; |
f000e828 | 794 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_ENABLE_LOCKING)) != NULL) |
363b1e5d | 795 | drbg->parent_enable_locking = OSSL_FUNC_rand_enable_locking(pfunc); |
f000e828 | 796 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_LOCK)) != NULL) |
363b1e5d | 797 | drbg->parent_lock = OSSL_FUNC_rand_lock(pfunc); |
f000e828 | 798 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_UNLOCK)) != NULL) |
363b1e5d | 799 | drbg->parent_unlock = OSSL_FUNC_rand_unlock(pfunc); |
f000e828 | 800 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_GET_CTX_PARAMS)) != NULL) |
363b1e5d | 801 | drbg->parent_get_ctx_params = OSSL_FUNC_rand_get_ctx_params(pfunc); |
f000e828 | 802 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_NONCE)) != NULL) |
363b1e5d | 803 | drbg->parent_nonce = OSSL_FUNC_rand_nonce(pfunc); |
335e85f5 P |
804 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_GET_SEED)) != NULL) |
805 | drbg->parent_get_seed = OSSL_FUNC_rand_get_seed(pfunc); | |
806 | if ((pfunc = find_call(p_dispatch, OSSL_FUNC_RAND_CLEAR_SEED)) != NULL) | |
807 | drbg->parent_clear_seed = OSSL_FUNC_rand_clear_seed(pfunc); | |
714a1bb3 P |
808 | |
809 | /* Set some default maximums up */ | |
810 | drbg->max_entropylen = DRBG_MAX_LENGTH; | |
811 | drbg->max_noncelen = DRBG_MAX_LENGTH; | |
812 | drbg->max_perslen = DRBG_MAX_LENGTH; | |
813 | drbg->max_adinlen = DRBG_MAX_LENGTH; | |
b0614f0a | 814 | drbg->generate_counter = 1; |
f000e828 P |
815 | drbg->reseed_counter = 1; |
816 | drbg->reseed_interval = RESEED_INTERVAL; | |
817 | drbg->reseed_time_interval = TIME_INTERVAL; | |
714a1bb3 | 818 | |
f000e828 | 819 | if (!dnew(drbg)) |
714a1bb3 P |
820 | goto err; |
821 | ||
822 | if (parent != NULL) { | |
823 | if (!get_parent_strength(drbg, &p_str)) | |
824 | goto err; | |
825 | if (drbg->strength > p_str) { | |
826 | /* | |
827 | * We currently don't support the algorithm from NIST SP 800-90C | |
828 | * 10.1.2 to use a weaker DRBG as source | |
829 | */ | |
f000e828 | 830 | ERR_raise(ERR_LIB_PROV, PROV_R_PARENT_STRENGTH_TOO_WEAK); |
714a1bb3 P |
831 | goto err; |
832 | } | |
833 | } | |
8ff861dc P |
834 | #ifdef TSAN_REQUIRES_LOCKING |
835 | if (!ossl_drbg_enable_locking(drbg)) | |
836 | goto err; | |
837 | #endif | |
714a1bb3 P |
838 | return drbg; |
839 | ||
840 | err: | |
1dc188ba | 841 | ossl_rand_drbg_free(drbg); |
714a1bb3 P |
842 | return NULL; |
843 | } | |
844 | ||
1dc188ba | 845 | void ossl_rand_drbg_free(PROV_DRBG *drbg) |
714a1bb3 P |
846 | { |
847 | if (drbg == NULL) | |
848 | return; | |
849 | ||
714a1bb3 | 850 | CRYPTO_THREAD_lock_free(drbg->lock); |
f000e828 | 851 | OPENSSL_free(drbg); |
714a1bb3 P |
852 | } |
853 | ||
b24d6c33 | 854 | int ossl_drbg_get_ctx_params(PROV_DRBG *drbg, OSSL_PARAM params[]) |
714a1bb3 P |
855 | { |
856 | OSSL_PARAM *p; | |
857 | ||
f000e828 | 858 | p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE); |
714a1bb3 P |
859 | if (p != NULL && !OSSL_PARAM_set_int(p, drbg->state)) |
860 | return 0; | |
861 | ||
862 | p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH); | |
863 | if (p != NULL && !OSSL_PARAM_set_int(p, drbg->strength)) | |
864 | return 0; | |
865 | ||
08edd447 | 866 | p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); |
714a1bb3 P |
867 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_request)) |
868 | return 0; | |
869 | ||
f000e828 | 870 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MIN_ENTROPYLEN); |
714a1bb3 P |
871 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->min_entropylen)) |
872 | return 0; | |
873 | ||
f000e828 | 874 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MAX_ENTROPYLEN); |
714a1bb3 P |
875 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_entropylen)) |
876 | return 0; | |
877 | ||
f000e828 | 878 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MIN_NONCELEN); |
714a1bb3 P |
879 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->min_noncelen)) |
880 | return 0; | |
881 | ||
f000e828 | 882 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MAX_NONCELEN); |
714a1bb3 P |
883 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_noncelen)) |
884 | return 0; | |
885 | ||
f000e828 | 886 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MAX_PERSLEN); |
714a1bb3 P |
887 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_perslen)) |
888 | return 0; | |
889 | ||
f000e828 | 890 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MAX_ADINLEN); |
714a1bb3 P |
891 | if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_adinlen)) |
892 | return 0; | |
893 | ||
f000e828 P |
894 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_RESEED_REQUESTS); |
895 | if (p != NULL && !OSSL_PARAM_set_uint(p, drbg->reseed_interval)) | |
714a1bb3 P |
896 | return 0; |
897 | ||
f000e828 P |
898 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_RESEED_TIME); |
899 | if (p != NULL && !OSSL_PARAM_set_time_t(p, drbg->reseed_time)) | |
714a1bb3 P |
900 | return 0; |
901 | ||
f000e828 | 902 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL); |
714a1bb3 P |
903 | if (p != NULL && !OSSL_PARAM_set_time_t(p, drbg->reseed_time_interval)) |
904 | return 0; | |
905 | ||
b0614f0a | 906 | p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_RESEED_COUNTER); |
714a1bb3 | 907 | if (p != NULL |
f000e828 | 908 | && !OSSL_PARAM_set_uint(p, tsan_load(&drbg->reseed_counter))) |
714a1bb3 P |
909 | return 0; |
910 | return 1; | |
911 | } | |
912 | ||
b24d6c33 | 913 | int ossl_drbg_set_ctx_params(PROV_DRBG *drbg, const OSSL_PARAM params[]) |
714a1bb3 P |
914 | { |
915 | const OSSL_PARAM *p; | |
916 | ||
20b8dc6f P |
917 | if (params == NULL) |
918 | return 1; | |
919 | ||
f000e828 | 920 | p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_RESEED_REQUESTS); |
714a1bb3 P |
921 | if (p != NULL && !OSSL_PARAM_get_uint(p, &drbg->reseed_interval)) |
922 | return 0; | |
923 | ||
f000e828 | 924 | p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL); |
714a1bb3 P |
925 | if (p != NULL && !OSSL_PARAM_get_time_t(p, &drbg->reseed_time_interval)) |
926 | return 0; | |
927 | return 1; | |
928 | } |