2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/evp.h>
14 #include <openssl/engine.h>
15 #include <openssl/evp.h>
16 #include <openssl/x509v3.h>
17 #include <openssl/rand.h>
18 #include <openssl/core.h>
19 #include <openssl/core_names.h>
20 #include <openssl/crypto.h>
21 #include "internal/cryptlib.h"
22 #include "internal/numbers.h"
23 #include "internal/provider.h"
24 #include "internal/core.h"
25 #include "crypto/asn1.h"
26 #include "crypto/evp.h"
27 #include "evp_local.h"
33 const char *description
;
34 CRYPTO_REF_COUNT refcnt
;
35 CRYPTO_RWLOCK
*refcnt_lock
;
37 const OSSL_DISPATCH
*dispatch
;
38 OSSL_FUNC_rand_newctx_fn
*newctx
;
39 OSSL_FUNC_rand_freectx_fn
*freectx
;
40 OSSL_FUNC_rand_instantiate_fn
*instantiate
;
41 OSSL_FUNC_rand_uninstantiate_fn
*uninstantiate
;
42 OSSL_FUNC_rand_generate_fn
*generate
;
43 OSSL_FUNC_rand_reseed_fn
*reseed
;
44 OSSL_FUNC_rand_nonce_fn
*nonce
;
45 OSSL_FUNC_rand_enable_locking_fn
*enable_locking
;
46 OSSL_FUNC_rand_lock_fn
*lock
;
47 OSSL_FUNC_rand_unlock_fn
*unlock
;
48 OSSL_FUNC_rand_gettable_params_fn
*gettable_params
;
49 OSSL_FUNC_rand_gettable_ctx_params_fn
*gettable_ctx_params
;
50 OSSL_FUNC_rand_settable_ctx_params_fn
*settable_ctx_params
;
51 OSSL_FUNC_rand_get_params_fn
*get_params
;
52 OSSL_FUNC_rand_get_ctx_params_fn
*get_ctx_params
;
53 OSSL_FUNC_rand_set_ctx_params_fn
*set_ctx_params
;
54 OSSL_FUNC_rand_verify_zeroization_fn
*verify_zeroization
;
57 static int evp_rand_up_ref(void *vrand
)
59 EVP_RAND
*rand
= (EVP_RAND
*)vrand
;
63 return CRYPTO_UP_REF(&rand
->refcnt
, &ref
, rand
->refcnt_lock
);
67 static void evp_rand_free(void *vrand
)
69 EVP_RAND
*rand
= (EVP_RAND
*)vrand
;
74 CRYPTO_DOWN_REF(&rand
->refcnt
, &ref
, rand
->refcnt_lock
);
77 OPENSSL_free(rand
->type_name
);
78 ossl_provider_free(rand
->prov
);
79 CRYPTO_THREAD_lock_free(rand
->refcnt_lock
);
83 static void *evp_rand_new(void)
85 EVP_RAND
*rand
= OPENSSL_zalloc(sizeof(*rand
));
88 || (rand
->refcnt_lock
= CRYPTO_THREAD_lock_new()) == NULL
) {
96 /* Enable locking of the underlying DRBG/RAND if available */
97 int EVP_RAND_enable_locking(EVP_RAND_CTX
*rand
)
99 if (rand
->meth
->enable_locking
!= NULL
)
100 return rand
->meth
->enable_locking(rand
->algctx
);
101 ERR_raise(ERR_LIB_EVP
, EVP_R_LOCKING_NOT_SUPPORTED
);
105 /* Lock the underlying DRBG/RAND if available */
106 static int evp_rand_lock(EVP_RAND_CTX
*rand
)
108 if (rand
->meth
->lock
!= NULL
)
109 return rand
->meth
->lock(rand
->algctx
);
113 /* Unlock the underlying DRBG/RAND if available */
114 static void evp_rand_unlock(EVP_RAND_CTX
*rand
)
116 if (rand
->meth
->unlock
!= NULL
)
117 rand
->meth
->unlock(rand
->algctx
);
120 static void *evp_rand_from_algorithm(int name_id
,
121 const OSSL_ALGORITHM
*algodef
,
124 const OSSL_DISPATCH
*fns
= algodef
->implementation
;
125 EVP_RAND
*rand
= NULL
;
126 int fnrandcnt
= 0, fnctxcnt
= 0, fnlockcnt
= 0, fnenablelockcnt
= 0;
128 int fnzeroizecnt
= 0;
131 if ((rand
= evp_rand_new()) == NULL
) {
132 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
135 rand
->name_id
= name_id
;
136 if ((rand
->type_name
= ossl_algorithm_get1_first_name(algodef
)) == NULL
) {
140 rand
->description
= algodef
->algorithm_description
;
141 rand
->dispatch
= fns
;
142 for (; fns
->function_id
!= 0; fns
++) {
143 switch (fns
->function_id
) {
144 case OSSL_FUNC_RAND_NEWCTX
:
145 if (rand
->newctx
!= NULL
)
147 rand
->newctx
= OSSL_FUNC_rand_newctx(fns
);
150 case OSSL_FUNC_RAND_FREECTX
:
151 if (rand
->freectx
!= NULL
)
153 rand
->freectx
= OSSL_FUNC_rand_freectx(fns
);
156 case OSSL_FUNC_RAND_INSTANTIATE
:
157 if (rand
->instantiate
!= NULL
)
159 rand
->instantiate
= OSSL_FUNC_rand_instantiate(fns
);
162 case OSSL_FUNC_RAND_UNINSTANTIATE
:
163 if (rand
->uninstantiate
!= NULL
)
165 rand
->uninstantiate
= OSSL_FUNC_rand_uninstantiate(fns
);
168 case OSSL_FUNC_RAND_GENERATE
:
169 if (rand
->generate
!= NULL
)
171 rand
->generate
= OSSL_FUNC_rand_generate(fns
);
174 case OSSL_FUNC_RAND_RESEED
:
175 if (rand
->reseed
!= NULL
)
177 rand
->reseed
= OSSL_FUNC_rand_reseed(fns
);
179 case OSSL_FUNC_RAND_NONCE
:
180 if (rand
->nonce
!= NULL
)
182 rand
->nonce
= OSSL_FUNC_rand_nonce(fns
);
184 case OSSL_FUNC_RAND_ENABLE_LOCKING
:
185 if (rand
->enable_locking
!= NULL
)
187 rand
->enable_locking
= OSSL_FUNC_rand_enable_locking(fns
);
190 case OSSL_FUNC_RAND_LOCK
:
191 if (rand
->lock
!= NULL
)
193 rand
->lock
= OSSL_FUNC_rand_lock(fns
);
196 case OSSL_FUNC_RAND_UNLOCK
:
197 if (rand
->unlock
!= NULL
)
199 rand
->unlock
= OSSL_FUNC_rand_unlock(fns
);
202 case OSSL_FUNC_RAND_GETTABLE_PARAMS
:
203 if (rand
->gettable_params
!= NULL
)
205 rand
->gettable_params
=
206 OSSL_FUNC_rand_gettable_params(fns
);
208 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS
:
209 if (rand
->gettable_ctx_params
!= NULL
)
211 rand
->gettable_ctx_params
=
212 OSSL_FUNC_rand_gettable_ctx_params(fns
);
214 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS
:
215 if (rand
->settable_ctx_params
!= NULL
)
217 rand
->settable_ctx_params
=
218 OSSL_FUNC_rand_settable_ctx_params(fns
);
220 case OSSL_FUNC_RAND_GET_PARAMS
:
221 if (rand
->get_params
!= NULL
)
223 rand
->get_params
= OSSL_FUNC_rand_get_params(fns
);
225 case OSSL_FUNC_RAND_GET_CTX_PARAMS
:
226 if (rand
->get_ctx_params
!= NULL
)
228 rand
->get_ctx_params
= OSSL_FUNC_rand_get_ctx_params(fns
);
231 case OSSL_FUNC_RAND_SET_CTX_PARAMS
:
232 if (rand
->set_ctx_params
!= NULL
)
234 rand
->set_ctx_params
= OSSL_FUNC_rand_set_ctx_params(fns
);
236 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION
:
237 if (rand
->verify_zeroization
!= NULL
)
239 rand
->verify_zeroization
= OSSL_FUNC_rand_verify_zeroization(fns
);
247 * In order to be a consistent set of functions we must have at least
248 * a complete set of "rand" functions and a complete set of context
249 * management functions. In FIPS mode, we also require the zeroization
250 * verification function.
252 * In addition, if locking can be enabled, we need a complete set of
257 || (fnenablelockcnt
!= 0 && fnenablelockcnt
!= 1)
258 || (fnlockcnt
!= 0 && fnlockcnt
!= 2)
264 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
268 if (prov
!= NULL
&& !ossl_provider_up_ref(prov
)) {
270 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
278 EVP_RAND
*EVP_RAND_fetch(OSSL_LIB_CTX
*libctx
, const char *algorithm
,
279 const char *properties
)
281 return evp_generic_fetch(libctx
, OSSL_OP_RAND
, algorithm
, properties
,
282 evp_rand_from_algorithm
, evp_rand_up_ref
,
286 int EVP_RAND_up_ref(EVP_RAND
*rand
)
288 return evp_rand_up_ref(rand
);
291 void EVP_RAND_free(EVP_RAND
*rand
)
296 int EVP_RAND_number(const EVP_RAND
*rand
)
298 return rand
->name_id
;
301 const char *EVP_RAND_name(const EVP_RAND
*rand
)
303 return rand
->type_name
;
306 const char *EVP_RAND_description(const EVP_RAND
*rand
)
308 return rand
->description
;
311 int EVP_RAND_is_a(const EVP_RAND
*rand
, const char *name
)
313 return evp_is_a(rand
->prov
, rand
->name_id
, NULL
, name
);
316 const OSSL_PROVIDER
*EVP_RAND_provider(const EVP_RAND
*rand
)
321 int EVP_RAND_get_params(EVP_RAND
*rand
, OSSL_PARAM params
[])
323 if (rand
->get_params
!= NULL
)
324 return rand
->get_params(params
);
328 static int evp_rand_ctx_up_ref(EVP_RAND_CTX
*ctx
)
332 return CRYPTO_UP_REF(&ctx
->refcnt
, &ref
, ctx
->refcnt_lock
);
335 EVP_RAND_CTX
*EVP_RAND_CTX_new(EVP_RAND
*rand
, EVP_RAND_CTX
*parent
)
338 void *parent_ctx
= NULL
;
339 const OSSL_DISPATCH
*parent_dispatch
= NULL
;
342 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_NULL_ALGORITHM
);
346 ctx
= OPENSSL_zalloc(sizeof(*ctx
));
347 if (ctx
== NULL
|| (ctx
->refcnt_lock
= CRYPTO_THREAD_lock_new()) == NULL
) {
349 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
352 if (parent
!= NULL
) {
353 if (!evp_rand_ctx_up_ref(parent
)) {
354 ERR_raise(ERR_LIB_EVP
, ERR_R_INTERNAL_ERROR
);
355 CRYPTO_THREAD_lock_free(ctx
->refcnt_lock
);
359 parent_ctx
= parent
->algctx
;
360 parent_dispatch
= parent
->meth
->dispatch
;
362 if ((ctx
->algctx
= rand
->newctx(ossl_provider_ctx(rand
->prov
), parent_ctx
,
363 parent_dispatch
)) == NULL
364 || !EVP_RAND_up_ref(rand
)) {
365 ERR_raise(ERR_LIB_EVP
, ERR_R_MALLOC_FAILURE
);
366 rand
->freectx(ctx
->algctx
);
367 CRYPTO_THREAD_lock_free(ctx
->refcnt_lock
);
369 EVP_RAND_CTX_free(parent
);
373 ctx
->parent
= parent
;
378 void EVP_RAND_CTX_free(EVP_RAND_CTX
*ctx
)
381 EVP_RAND_CTX
*parent
;
386 CRYPTO_DOWN_REF(&ctx
->refcnt
, &ref
, ctx
->refcnt_lock
);
389 parent
= ctx
->parent
;
390 ctx
->meth
->freectx(ctx
->algctx
);
392 EVP_RAND_free(ctx
->meth
);
393 CRYPTO_THREAD_lock_free(ctx
->refcnt_lock
);
395 EVP_RAND_CTX_free(parent
);
398 EVP_RAND
*EVP_RAND_CTX_rand(EVP_RAND_CTX
*ctx
)
403 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX
*ctx
,
406 return ctx
->meth
->get_ctx_params(ctx
->algctx
, params
);
409 int EVP_RAND_CTX_get_params(EVP_RAND_CTX
*ctx
, OSSL_PARAM params
[])
413 if (!evp_rand_lock(ctx
))
415 res
= evp_rand_get_ctx_params_locked(ctx
, params
);
416 evp_rand_unlock(ctx
);
420 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX
*ctx
,
421 const OSSL_PARAM params
[])
423 if (ctx
->meth
->set_ctx_params
!= NULL
)
424 return ctx
->meth
->set_ctx_params(ctx
->algctx
, params
);
428 int EVP_RAND_CTX_set_params(EVP_RAND_CTX
*ctx
, const OSSL_PARAM params
[])
432 if (!evp_rand_lock(ctx
))
434 res
= evp_rand_set_ctx_params_locked(ctx
, params
);
435 evp_rand_unlock(ctx
);
439 const OSSL_PARAM
*EVP_RAND_gettable_params(const EVP_RAND
*rand
)
441 if (rand
->gettable_params
== NULL
)
443 return rand
->gettable_params(ossl_provider_ctx(EVP_RAND_provider(rand
)));
446 const OSSL_PARAM
*EVP_RAND_gettable_ctx_params(const EVP_RAND
*rand
)
450 if (rand
->gettable_ctx_params
== NULL
)
452 provctx
= ossl_provider_ctx(EVP_RAND_provider(rand
));
453 return rand
->gettable_ctx_params(NULL
, provctx
);
456 const OSSL_PARAM
*EVP_RAND_settable_ctx_params(const EVP_RAND
*rand
)
460 if (rand
->settable_ctx_params
== NULL
)
462 provctx
= ossl_provider_ctx(EVP_RAND_provider(rand
));
463 return rand
->settable_ctx_params(NULL
, provctx
);
466 const OSSL_PARAM
*EVP_RAND_CTX_gettable_params(EVP_RAND_CTX
*ctx
)
470 if (ctx
->meth
->gettable_ctx_params
== NULL
)
472 provctx
= ossl_provider_ctx(EVP_RAND_provider(ctx
->meth
));
473 return ctx
->meth
->gettable_ctx_params(ctx
->algctx
, provctx
);
476 const OSSL_PARAM
*EVP_RAND_CTX_settable_params(EVP_RAND_CTX
*ctx
)
480 if (ctx
->meth
->settable_ctx_params
== NULL
)
482 provctx
= ossl_provider_ctx(EVP_RAND_provider(ctx
->meth
));
483 return ctx
->meth
->settable_ctx_params(ctx
->algctx
, provctx
);
486 void EVP_RAND_do_all_provided(OSSL_LIB_CTX
*libctx
,
487 void (*fn
)(EVP_RAND
*rand
, void *arg
),
490 evp_generic_do_all(libctx
, OSSL_OP_RAND
,
491 (void (*)(void *, void *))fn
, arg
,
492 evp_rand_from_algorithm
, evp_rand_free
);
495 int EVP_RAND_names_do_all(const EVP_RAND
*rand
,
496 void (*fn
)(const char *name
, void *data
),
499 if (rand
->prov
!= NULL
)
500 return evp_names_do_all(rand
->prov
, rand
->name_id
, fn
, data
);
505 static int evp_rand_instantiate_locked
506 (EVP_RAND_CTX
*ctx
, unsigned int strength
, int prediction_resistance
,
507 const unsigned char *pstr
, size_t pstr_len
, const OSSL_PARAM params
[])
509 return ctx
->meth
->instantiate(ctx
->algctx
, strength
, prediction_resistance
,
510 pstr
, pstr_len
, params
);
513 int EVP_RAND_instantiate(EVP_RAND_CTX
*ctx
, unsigned int strength
,
514 int prediction_resistance
,
515 const unsigned char *pstr
, size_t pstr_len
,
516 const OSSL_PARAM params
[])
520 if (!evp_rand_lock(ctx
))
522 res
= evp_rand_instantiate_locked(ctx
, strength
, prediction_resistance
,
523 pstr
, pstr_len
, params
);
524 evp_rand_unlock(ctx
);
528 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX
*ctx
)
530 return ctx
->meth
->uninstantiate(ctx
->algctx
);
533 int EVP_RAND_uninstantiate(EVP_RAND_CTX
*ctx
)
537 if (!evp_rand_lock(ctx
))
539 res
= evp_rand_uninstantiate_locked(ctx
);
540 evp_rand_unlock(ctx
);
544 static int evp_rand_generate_locked(EVP_RAND_CTX
*ctx
, unsigned char *out
,
545 size_t outlen
, unsigned int strength
,
546 int prediction_resistance
,
547 const unsigned char *addin
,
550 size_t chunk
, max_request
= 0;
551 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
553 params
[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST
,
555 if (!evp_rand_get_ctx_params_locked(ctx
, params
)
556 || max_request
== 0) {
557 ERR_raise(ERR_LIB_EVP
, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE
);
560 for (; outlen
> 0; outlen
-= chunk
, out
+= chunk
) {
561 chunk
= outlen
> max_request
? max_request
: outlen
;
562 if (!ctx
->meth
->generate(ctx
->algctx
, out
, chunk
, strength
,
563 prediction_resistance
, addin
, addin_len
)) {
564 ERR_raise(ERR_LIB_EVP
, EVP_R_GENERATE_ERROR
);
568 * Prediction resistance is only relevant the first time around,
569 * subsequently, the DRBG has already been properly reseeded.
571 prediction_resistance
= 0;
576 int EVP_RAND_generate(EVP_RAND_CTX
*ctx
, unsigned char *out
, size_t outlen
,
577 unsigned int strength
, int prediction_resistance
,
578 const unsigned char *addin
, size_t addin_len
)
582 if (!evp_rand_lock(ctx
))
584 res
= evp_rand_generate_locked(ctx
, out
, outlen
, strength
,
585 prediction_resistance
, addin
, addin_len
);
586 evp_rand_unlock(ctx
);
590 static int evp_rand_reseed_locked(EVP_RAND_CTX
*ctx
, int prediction_resistance
,
591 const unsigned char *ent
, size_t ent_len
,
592 const unsigned char *addin
, size_t addin_len
)
594 if (ctx
->meth
->reseed
!= NULL
)
595 return ctx
->meth
->reseed(ctx
->algctx
, prediction_resistance
,
596 ent
, ent_len
, addin
, addin_len
);
600 int EVP_RAND_reseed(EVP_RAND_CTX
*ctx
, int prediction_resistance
,
601 const unsigned char *ent
, size_t ent_len
,
602 const unsigned char *addin
, size_t addin_len
)
606 if (!evp_rand_lock(ctx
))
608 res
= evp_rand_reseed_locked(ctx
, prediction_resistance
,
609 ent
, ent_len
, addin
, addin_len
);
610 evp_rand_unlock(ctx
);
614 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX
*ctx
)
616 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
617 unsigned int strength
= 0;
619 params
[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH
, &strength
);
620 if (!evp_rand_get_ctx_params_locked(ctx
, params
))
625 unsigned int EVP_RAND_strength(EVP_RAND_CTX
*ctx
)
629 if (!evp_rand_lock(ctx
))
631 res
= evp_rand_strength_locked(ctx
);
632 evp_rand_unlock(ctx
);
636 static int evp_rand_nonce_locked(EVP_RAND_CTX
*ctx
, unsigned char *out
,
639 unsigned int str
= evp_rand_strength_locked(ctx
);
641 if (ctx
->meth
->nonce
== NULL
)
643 if (ctx
->meth
->nonce(ctx
->algctx
, out
, str
, outlen
, outlen
))
645 return evp_rand_generate_locked(ctx
, out
, outlen
, str
, 0, NULL
, 0);
648 int EVP_RAND_nonce(EVP_RAND_CTX
*ctx
, unsigned char *out
, size_t outlen
)
652 if (!evp_rand_lock(ctx
))
654 res
= evp_rand_nonce_locked(ctx
, out
, outlen
);
655 evp_rand_unlock(ctx
);
659 int EVP_RAND_state(EVP_RAND_CTX
*ctx
)
661 OSSL_PARAM params
[2] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
664 params
[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE
, &state
);
665 if (!EVP_RAND_CTX_get_params(ctx
, params
))
666 state
= EVP_RAND_STATE_ERROR
;
670 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX
*ctx
)
672 if (ctx
->meth
->verify_zeroization
!= NULL
)
673 return ctx
->meth
->verify_zeroization(ctx
->algctx
);
677 int EVP_RAND_verify_zeroization(EVP_RAND_CTX
*ctx
)
681 if (!evp_rand_lock(ctx
))
683 res
= evp_rand_verify_zeroization_locked(ctx
);
684 evp_rand_unlock(ctx
);