2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core_dispatch.h>
11 #include "prov/seeding.h"
12 #include "prov/providercommon.h"
14 static OSSL_FUNC_get_entropy_fn
*c_get_entropy
= NULL
;
15 static OSSL_FUNC_get_user_entropy_fn
*c_get_user_entropy
= NULL
;
16 static OSSL_FUNC_cleanup_entropy_fn
*c_cleanup_entropy
= NULL
;
17 static OSSL_FUNC_get_nonce_fn
*c_get_nonce
= NULL
;
18 static OSSL_FUNC_get_user_nonce_fn
*c_get_user_nonce
= NULL
;
19 static OSSL_FUNC_cleanup_nonce_fn
*c_cleanup_nonce
= NULL
;
23 * The FIPS provider uses an internal library context which is what the
24 * passed provider context references. Since the seed source is external
25 * to the FIPS provider, this is the wrong one. We need to convert this
26 * to the correct core handle before up-calling libcrypto.
28 # define CORE_HANDLE(provctx) \
29 FIPS_get_core_handle(ossl_prov_ctx_get0_libctx(provctx))
32 * The non-FIPS path *should* be unused because the full DRBG chain including
33 * seed source is instantiated. However, that might not apply for third
34 * party providers, so this is retained for compatibility.
36 # define CORE_HANDLE(provctx) ossl_prov_ctx_get0_handle(provctx)
39 int ossl_prov_seeding_from_dispatch(const OSSL_DISPATCH
*fns
)
41 for (; fns
->function_id
!= 0; fns
++) {
43 * We do not support the scenario of an application linked against
44 * multiple versions of libcrypto (e.g. one static and one dynamic), but
45 * sharing a single fips.so. We do a simple sanity check here.
47 #define set_func(c, f) \
48 do { if (c == NULL) c = f; else if (c != f) return 0; } while (0)
49 switch (fns
->function_id
) {
50 case OSSL_FUNC_GET_ENTROPY
:
51 set_func(c_get_entropy
, OSSL_FUNC_get_entropy(fns
));
53 case OSSL_FUNC_GET_USER_ENTROPY
:
54 set_func(c_get_user_entropy
, OSSL_FUNC_get_user_entropy(fns
));
56 case OSSL_FUNC_CLEANUP_ENTROPY
:
57 set_func(c_cleanup_entropy
, OSSL_FUNC_cleanup_entropy(fns
));
59 case OSSL_FUNC_GET_NONCE
:
60 set_func(c_get_nonce
, OSSL_FUNC_get_nonce(fns
));
62 case OSSL_FUNC_GET_USER_NONCE
:
63 set_func(c_get_user_nonce
, OSSL_FUNC_get_user_nonce(fns
));
65 case OSSL_FUNC_CLEANUP_NONCE
:
66 set_func(c_cleanup_nonce
, OSSL_FUNC_cleanup_nonce(fns
));
74 size_t ossl_prov_get_entropy(PROV_CTX
*prov_ctx
, unsigned char **pout
,
75 int entropy
, size_t min_len
, size_t max_len
)
77 const OSSL_CORE_HANDLE
*handle
= CORE_HANDLE(prov_ctx
);
79 if (c_get_user_entropy
!= NULL
)
80 return c_get_user_entropy(handle
, pout
, entropy
, min_len
, max_len
);
81 if (c_get_entropy
!= NULL
)
82 return c_get_entropy(handle
, pout
, entropy
, min_len
, max_len
);
86 void ossl_prov_cleanup_entropy(PROV_CTX
*prov_ctx
, unsigned char *buf
,
89 if (c_cleanup_entropy
!= NULL
)
90 c_cleanup_entropy(CORE_HANDLE(prov_ctx
), buf
, len
);
93 size_t ossl_prov_get_nonce(PROV_CTX
*prov_ctx
, unsigned char **pout
,
94 size_t min_len
, size_t max_len
,
95 const void *salt
, size_t salt_len
)
97 const OSSL_CORE_HANDLE
*handle
= CORE_HANDLE(prov_ctx
);
99 if (c_get_user_nonce
!= NULL
)
100 return c_get_user_nonce(handle
, pout
, min_len
, max_len
, salt
, salt_len
);
101 if (c_get_nonce
!= NULL
)
102 return c_get_nonce(handle
, pout
, min_len
, max_len
, salt
, salt_len
);
106 void ossl_prov_cleanup_nonce(PROV_CTX
*prov_ctx
, unsigned char *buf
, size_t len
)
108 if (c_cleanup_nonce
!= NULL
)
109 c_cleanup_nonce(CORE_HANDLE(prov_ctx
), buf
, len
);