2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/evp.h>
14 #include <openssl/engine.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/rand.h>
18 #include <openssl/core.h>
19 #include <openssl/core_names.h>
20 #include <openssl/crypto.h>
21 #include "crypto/asn1.h"
22 #include "crypto/evp.h"
23 #include "internal/cryptlib.h"
24 #include "internal/numbers.h"
25 #include "internal/provider.h"
26 #include "evp_local.h"
28 static int evp_rand_up_ref(void *vrand
)
30 EVP_RAND
*rand
= (EVP_RAND
*)vrand
;
34 return CRYPTO_UP_REF(&rand
->refcnt
, &ref
, rand
->refcnt_lock
);
38 static void evp_rand_free(void *vrand
){
39 EVP_RAND
*rand
= (EVP_RAND
*)vrand
;
43 CRYPTO_DOWN_REF(&rand
->refcnt
, &ref
, rand
->refcnt_lock
);
45 ossl_provider_free(rand
->prov
);
46 CRYPTO_THREAD_lock_free(rand
->refcnt_lock
);
52 static void *evp_rand_new(void)
54 EVP_RAND
*rand
= OPENSSL_zalloc(sizeof(*rand
));
57 || (rand
->refcnt_lock
= CRYPTO_THREAD_lock_new()) == NULL
) {
65 /* Enable locking of the underlying DRBG/RAND if available */
66 int EVP_RAND_enable_locking(EVP_RAND_CTX
*rand
)
68 if (rand
->meth
->enable_locking
!= NULL
)
69 return rand
->meth
->enable_locking(rand
->data
);
70 EVPerr(0, EVP_R_LOCKING_NOT_SUPPORTED
);
74 /* Lock the underlying DRBG/RAND if available */
75 static int evp_rand_lock(EVP_RAND_CTX
*rand
)
77 if (rand
->meth
->lock
!= NULL
)
78 return rand
->meth
->lock(rand
->data
);
82 /* Unlock the underlying DRBG/RAND if available */
83 static void evp_rand_unlock(EVP_RAND_CTX
*rand
)
85 if (rand
->meth
->unlock
!= NULL
)
86 rand
->meth
->unlock(rand
->data
);
89 static void *evp_rand_from_dispatch(int name_id
,
90 const OSSL_DISPATCH
*fns
,
93 EVP_RAND
*rand
= NULL
;
94 int fnrandcnt
= 0, fnctxcnt
= 0, fnlockcnt
= 0;
99 if ((rand
= evp_rand_new()) == NULL
) {
100 EVPerr(0, ERR_R_MALLOC_FAILURE
);
103 rand
->name_id
= name_id
;
104 rand
->dispatch
= fns
;
105 for (; fns
->function_id
!= 0; fns
++) {
106 switch (fns
->function_id
) {
107 case OSSL_FUNC_RAND_NEWCTX
:
108 if (rand
->newctx
!= NULL
)
110 rand
->newctx
= OSSL_FUNC_rand_newctx(fns
);
113 case OSSL_FUNC_RAND_FREECTX
:
114 if (rand
->freectx
!= NULL
)
116 rand
->freectx
= OSSL_FUNC_rand_freectx(fns
);
119 case OSSL_FUNC_RAND_INSTANTIATE
:
120 if (rand
->instantiate
!= NULL
)
122 rand
->instantiate
= OSSL_FUNC_rand_instantiate(fns
);
125 case OSSL_FUNC_RAND_UNINSTANTIATE
:
126 if (rand
->uninstantiate
!= NULL
)
128 rand
->uninstantiate
= OSSL_FUNC_rand_uninstantiate(fns
);
131 case OSSL_FUNC_RAND_GENERATE
:
132 if (rand
->generate
!= NULL
)
134 rand
->generate
= OSSL_FUNC_rand_generate(fns
);
137 case OSSL_FUNC_RAND_RESEED
:
138 if (rand
->reseed
!= NULL
)
140 rand
->reseed
= OSSL_FUNC_rand_reseed(fns
);
142 case OSSL_FUNC_RAND_NONCE
:
143 if (rand
->nonce
!= NULL
)
145 rand
->nonce
= OSSL_FUNC_rand_nonce(fns
);
147 case OSSL_FUNC_RAND_SET_CALLBACKS
:
148 if (rand
->set_callbacks
!= NULL
)
150 rand
->set_callbacks
= OSSL_FUNC_rand_set_callbacks(fns
);
152 case OSSL_FUNC_RAND_ENABLE_LOCKING
:
153 if (rand
->enable_locking
!= NULL
)
155 rand
->enable_locking
= OSSL_FUNC_rand_enable_locking(fns
);
158 case OSSL_FUNC_RAND_LOCK
:
159 if (rand
->lock
!= NULL
)
161 rand
->lock
= OSSL_FUNC_rand_lock(fns
);
164 case OSSL_FUNC_RAND_UNLOCK
:
165 if (rand
->unlock
!= NULL
)
167 rand
->unlock
= OSSL_FUNC_rand_unlock(fns
);
170 case OSSL_FUNC_RAND_GETTABLE_PARAMS
:
171 if (rand
->gettable_params
!= NULL
)
173 rand
->gettable_params
=
174 OSSL_FUNC_rand_gettable_params(fns
);
176 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS
:
177 if (rand
->gettable_ctx_params
!= NULL
)
179 rand
->gettable_ctx_params
=
180 OSSL_FUNC_rand_gettable_ctx_params(fns
);
182 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS
:
183 if (rand
->settable_ctx_params
!= NULL
)
185 rand
->settable_ctx_params
=
186 OSSL_FUNC_rand_settable_ctx_params(fns
);
188 case OSSL_FUNC_RAND_GET_PARAMS
:
189 if (rand
->get_params
!= NULL
)
191 rand
->get_params
= OSSL_FUNC_rand_get_params(fns
);
193 case OSSL_FUNC_RAND_GET_CTX_PARAMS
:
194 if (rand
->get_ctx_params
!= NULL
)
196 rand
->get_ctx_params
= OSSL_FUNC_rand_get_ctx_params(fns
);
199 case OSSL_FUNC_RAND_SET_CTX_PARAMS
:
200 if (rand
->set_ctx_params
!= NULL
)
202 rand
->set_ctx_params
= OSSL_FUNC_rand_set_ctx_params(fns
);
204 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION
:
205 if (rand
->verify_zeroization
!= NULL
)
207 rand
->verify_zeroization
= OSSL_FUNC_rand_verify_zeroization(fns
);
215 * In order to be a consistent set of functions we must have at least
216 * a complete set of "rand" functions and a complete set of context
217 * management functions. In FIPS mode, we also require the zeroization
218 * verification function.
220 * In addition, if locking can be enabled, we need a complete set of
225 || (fnlockcnt
!= 0 && fnlockcnt
!= 3)
231 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
235 if (prov
!= NULL
&& !ossl_provider_up_ref(prov
)) {
237 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
245 EVP_RAND
*EVP_RAND_fetch(OPENSSL_CTX
*libctx
, const char *algorithm
,
246 const char *properties
)
248 return evp_generic_fetch(libctx
, OSSL_OP_RAND
, algorithm
, properties
,
249 evp_rand_from_dispatch
, evp_rand_up_ref
,
253 int EVP_RAND_up_ref(EVP_RAND
*rand
)
255 return evp_rand_up_ref(rand
);
258 void EVP_RAND_free(EVP_RAND
*rand
)
263 int EVP_RAND_number(const EVP_RAND
*rand
)
265 return rand
->name_id
;
268 const char *EVP_RAND_name(const EVP_RAND
*rand
)
270 return evp_first_name(rand
->prov
, rand
->name_id
);
273 int EVP_RAND_is_a(const EVP_RAND
*rand
, const char *name
)
275 return evp_is_a(rand
->prov
, rand
->name_id
, NULL
, name
);
278 const OSSL_PROVIDER
*EVP_RAND_provider(const EVP_RAND
*rand
)
283 int EVP_RAND_get_params(EVP_RAND
*rand
, OSSL_PARAM params
[])
285 if (rand
->get_params
!= NULL
)
286 return rand
->get_params(params
);
290 EVP_RAND_CTX
*EVP_RAND_CTX_new(EVP_RAND
*rand
, EVP_RAND_CTX
*parent
)
293 void *parent_ctx
= NULL
;
294 const OSSL_DISPATCH
*parent_dispatch
= NULL
;
297 EVPerr(0, EVP_R_INVALID_NULL_ALGORITHM
);
301 ctx
= OPENSSL_zalloc(sizeof(*ctx
));
303 EVPerr(0, ERR_R_MALLOC_FAILURE
);
306 if (parent
!= NULL
) {
307 if (!EVP_RAND_enable_locking(parent
)) {
308 EVPerr(0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING
);
312 parent_ctx
= parent
->data
;
313 parent_dispatch
= parent
->meth
->dispatch
;
315 if ((ctx
->data
= rand
->newctx(ossl_provider_ctx(rand
->prov
), parent_ctx
,
316 parent_dispatch
)) == NULL
317 || !EVP_RAND_up_ref(rand
)) {
318 EVPerr(0, ERR_R_MALLOC_FAILURE
);
319 rand
->freectx(ctx
->data
);
327 void EVP_RAND_CTX_free(EVP_RAND_CTX
*ctx
)
330 ctx
->meth
->freectx(ctx
->data
);
332 EVP_RAND_free(ctx
->meth
);
337 EVP_RAND
*EVP_RAND_CTX_rand(EVP_RAND_CTX
*ctx
)
342 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX
*ctx
,
345 return ctx
->meth
->get_ctx_params(ctx
->data
, params
);
348 int EVP_RAND_get_ctx_params(EVP_RAND_CTX
*ctx
, OSSL_PARAM params
[])
352 if (!evp_rand_lock(ctx
))
354 res
= evp_rand_get_ctx_params_locked(ctx
, params
);
355 evp_rand_unlock(ctx
);
359 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX
*ctx
,
360 const OSSL_PARAM params
[])
362 if (ctx
->meth
->set_ctx_params
!= NULL
)
363 return ctx
->meth
->set_ctx_params(ctx
->data
, params
);
367 int EVP_RAND_set_ctx_params(EVP_RAND_CTX
*ctx
, const OSSL_PARAM params
[])
371 if (!evp_rand_lock(ctx
))
373 res
= evp_rand_set_ctx_params_locked(ctx
, params
);
374 evp_rand_unlock(ctx
);
378 const OSSL_PARAM
*EVP_RAND_gettable_params(const EVP_RAND
*rand
)
380 return rand
->gettable_params
== NULL
? NULL
: rand
->gettable_params();
383 const OSSL_PARAM
*EVP_RAND_gettable_ctx_params(const EVP_RAND
*rand
)
385 return rand
->gettable_ctx_params
== NULL
? NULL
386 : rand
->gettable_ctx_params();
389 const OSSL_PARAM
*EVP_RAND_settable_ctx_params(const EVP_RAND
*rand
)
391 return rand
->settable_ctx_params
== NULL
? NULL
392 : rand
->settable_ctx_params();
395 void EVP_RAND_do_all_provided(OPENSSL_CTX
*libctx
,
396 void (*fn
)(EVP_RAND
*rand
, void *arg
),
399 evp_generic_do_all(libctx
, OSSL_OP_RAND
,
400 (void (*)(void *, void *))fn
, arg
,
401 evp_rand_from_dispatch
, evp_rand_free
);
404 void EVP_RAND_names_do_all(const EVP_RAND
*rand
,
405 void (*fn
)(const char *name
, void *data
),
408 if (rand
->prov
!= NULL
)
409 evp_names_do_all(rand
->prov
, rand
->name_id
, fn
, data
);
412 static int evp_rand_instantiate_locked
413 (EVP_RAND_CTX
*ctx
, unsigned int strength
, int prediction_resistance
,
414 const unsigned char *pstr
, size_t pstr_len
)
416 return ctx
->meth
->instantiate(ctx
->data
, strength
, prediction_resistance
,
420 int EVP_RAND_instantiate(EVP_RAND_CTX
*ctx
, unsigned int strength
,
421 int prediction_resistance
,
422 const unsigned char *pstr
, size_t pstr_len
)
426 if (!evp_rand_lock(ctx
))
428 res
= evp_rand_instantiate_locked(ctx
, strength
, prediction_resistance
,
430 evp_rand_unlock(ctx
);
434 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX
*ctx
)
436 return ctx
->meth
->uninstantiate(ctx
->data
);
439 int EVP_RAND_uninstantiate(EVP_RAND_CTX
*ctx
)
443 if (!evp_rand_lock(ctx
))
445 res
= evp_rand_uninstantiate_locked(ctx
);
446 evp_rand_unlock(ctx
);
450 static int evp_rand_generate_locked(EVP_RAND_CTX
*ctx
, unsigned char *out
,
451 size_t outlen
, unsigned int strength
,
452 int prediction_resistance
,
453 const unsigned char *addin
,
456 size_t chunk
, max_request
= 0;
457 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
459 params
[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST
,
461 if (!evp_rand_get_ctx_params_locked(ctx
, params
)
462 || max_request
== 0) {
463 EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE
);
466 for (; outlen
> 0; outlen
-= chunk
, out
+= chunk
) {
467 chunk
= outlen
> max_request
? max_request
: outlen
;
468 if (!ctx
->meth
->generate(ctx
->data
, out
, chunk
, strength
,
469 prediction_resistance
, addin
, addin_len
)) {
470 EVPerr(0, EVP_R_GENERATE_ERROR
);
474 * Prediction resistance is only relevant the first time around,
475 * subsequently, the DRBG has already been properly reseeded.
477 prediction_resistance
= 0;
482 int EVP_RAND_generate(EVP_RAND_CTX
*ctx
, unsigned char *out
, size_t outlen
,
483 unsigned int strength
, int prediction_resistance
,
484 const unsigned char *addin
, size_t addin_len
)
488 if (!evp_rand_lock(ctx
))
490 res
= evp_rand_generate_locked(ctx
, out
, outlen
, strength
,
491 prediction_resistance
, addin
, addin_len
);
492 evp_rand_unlock(ctx
);
496 static int evp_rand_reseed_locked(EVP_RAND_CTX
*ctx
, int prediction_resistance
,
497 const unsigned char *ent
, size_t ent_len
,
498 const unsigned char *addin
, size_t addin_len
)
500 if (ctx
->meth
->reseed
!= NULL
)
501 return ctx
->meth
->reseed(ctx
->data
, prediction_resistance
,
502 ent
, ent_len
, addin
, addin_len
);
506 int EVP_RAND_reseed(EVP_RAND_CTX
*ctx
, int prediction_resistance
,
507 const unsigned char *ent
, size_t ent_len
,
508 const unsigned char *addin
, size_t addin_len
)
512 if (!evp_rand_lock(ctx
))
514 res
= evp_rand_reseed_locked(ctx
, prediction_resistance
,
515 ent
, ent_len
, addin
, addin_len
);
516 evp_rand_unlock(ctx
);
520 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX
*ctx
)
522 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
523 unsigned int strength
= 0;
525 params
[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH
, &strength
);
526 if (!evp_rand_get_ctx_params_locked(ctx
, params
))
531 unsigned int EVP_RAND_strength(EVP_RAND_CTX
*ctx
)
535 if (!evp_rand_lock(ctx
))
537 res
= evp_rand_strength_locked(ctx
);
538 evp_rand_unlock(ctx
);
542 static int evp_rand_nonce_locked(EVP_RAND_CTX
*ctx
, unsigned char *out
,
545 unsigned int str
= evp_rand_strength_locked(ctx
);
547 if (ctx
->meth
->nonce
== NULL
)
549 if (ctx
->meth
->nonce(ctx
->data
, out
, str
, outlen
, outlen
))
551 return evp_rand_generate_locked(ctx
, out
, outlen
, str
, 0, NULL
, 0);
554 int EVP_RAND_nonce(EVP_RAND_CTX
*ctx
, unsigned char *out
, size_t outlen
)
558 if (!evp_rand_lock(ctx
))
560 res
= evp_rand_nonce_locked(ctx
, out
, outlen
);
561 evp_rand_unlock(ctx
);
565 int EVP_RAND_state(EVP_RAND_CTX
*ctx
)
567 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
570 params
[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE
, &state
);
571 if (!EVP_RAND_get_ctx_params(ctx
, params
))
572 state
= EVP_RAND_STATE_ERROR
;
576 static int evp_rand_set_callbacks_locked(EVP_RAND_CTX
*ctx
,
577 OSSL_INOUT_CALLBACK
*get_entropy
,
578 OSSL_CALLBACK
*cleanup_entropy
,
579 OSSL_INOUT_CALLBACK
*get_nonce
,
580 OSSL_CALLBACK
*cleanup_nonce
,
583 if (ctx
->meth
->set_callbacks
== NULL
) {
584 EVPerr(0, EVP_R_UNABLE_TO_SET_CALLBACKS
);
587 ctx
->meth
->set_callbacks(ctx
->data
, get_entropy
, cleanup_entropy
,
588 get_nonce
, cleanup_nonce
, arg
);
592 int EVP_RAND_set_callbacks(EVP_RAND_CTX
*ctx
,
593 OSSL_INOUT_CALLBACK
*get_entropy
,
594 OSSL_CALLBACK
*cleanup_entropy
,
595 OSSL_INOUT_CALLBACK
*get_nonce
,
596 OSSL_CALLBACK
*cleanup_nonce
, void *arg
)
600 if (!evp_rand_lock(ctx
))
602 res
= evp_rand_set_callbacks_locked(ctx
, get_entropy
, cleanup_entropy
,
603 get_nonce
, cleanup_nonce
, arg
);
604 evp_rand_unlock(ctx
);
608 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX
*ctx
)
610 if (ctx
->meth
->verify_zeroization
!= NULL
)
611 return ctx
->meth
->verify_zeroization(ctx
->data
);
615 int EVP_RAND_verify_zeroization(EVP_RAND_CTX
*ctx
)
619 if (!evp_rand_lock(ctx
))
621 res
= evp_rand_verify_zeroization_locked(ctx
);
622 evp_rand_unlock(ctx
);