X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=crypto%2Fevp%2Fevp_rand.c;h=ecfc876cda8617b23914c97ac360b1ad12b2d66e;hb=da1c088f599af3755aaeed1c447a39621ef12e1f;hp=a2c59ee947a8fb3e434d42596ec7f7cce9e20c1a;hpb=132abb21f977c31477387c0585a4384e99f45b5c;p=thirdparty%2Fopenssl.git diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index a2c59ee947..ecfc876cda 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -1,5 +1,5 @@ /* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,58 +7,84 @@ * https://www.openssl.org/source/license.html */ -#include - #include #include -#include #include -#include #include #include #include #include -#include "crypto/asn1.h" -#include "crypto/evp.h" #include "internal/cryptlib.h" #include "internal/numbers.h" #include "internal/provider.h" +#include "internal/core.h" +#include "crypto/evp.h" #include "evp_local.h" +struct evp_rand_st { + OSSL_PROVIDER *prov; + int name_id; + char *type_name; + const char *description; + CRYPTO_REF_COUNT refcnt; + + const OSSL_DISPATCH *dispatch; + OSSL_FUNC_rand_newctx_fn *newctx; + OSSL_FUNC_rand_freectx_fn *freectx; + OSSL_FUNC_rand_instantiate_fn *instantiate; + OSSL_FUNC_rand_uninstantiate_fn *uninstantiate; + OSSL_FUNC_rand_generate_fn *generate; + OSSL_FUNC_rand_reseed_fn *reseed; + OSSL_FUNC_rand_nonce_fn *nonce; + OSSL_FUNC_rand_enable_locking_fn *enable_locking; + OSSL_FUNC_rand_lock_fn *lock; + OSSL_FUNC_rand_unlock_fn *unlock; + OSSL_FUNC_rand_gettable_params_fn *gettable_params; + OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params; + OSSL_FUNC_rand_get_params_fn *get_params; + OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params; + OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params; + OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization; +} /* EVP_RAND */ ; + static int evp_rand_up_ref(void *vrand) { EVP_RAND *rand = (EVP_RAND *)vrand; int ref = 0; if (rand != NULL) - return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock); + return CRYPTO_UP_REF(&rand->refcnt, &ref); return 1; } -static void evp_rand_free(void *vrand){ +static void evp_rand_free(void *vrand) +{ EVP_RAND *rand = (EVP_RAND *)vrand; int ref = 0; - if (rand != NULL) { - CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock); - if (ref <= 0) { - ossl_provider_free(rand->prov); - CRYPTO_THREAD_lock_free(rand->refcnt_lock); - OPENSSL_free(rand); - } - } + if (rand == NULL) + return; + CRYPTO_DOWN_REF(&rand->refcnt, &ref); + if (ref > 0) + return; + OPENSSL_free(rand->type_name); + ossl_provider_free(rand->prov); + CRYPTO_FREE_REF(&rand->refcnt); + OPENSSL_free(rand); } static void *evp_rand_new(void) { EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand)); - if (rand == NULL - || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { + if (rand == NULL) + return NULL; + + if (!CRYPTO_NEW_REF(&rand->refcnt, 1)) { OPENSSL_free(rand); return NULL; } - rand->refcnt = 1; return rand; } @@ -66,8 +92,8 @@ static void *evp_rand_new(void) int EVP_RAND_enable_locking(EVP_RAND_CTX *rand) { if (rand->meth->enable_locking != NULL) - return rand->meth->enable_locking(rand->data); - EVPerr(0, EVP_R_LOCKING_NOT_SUPPORTED); + return rand->meth->enable_locking(rand->algctx); + ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED); return 0; } @@ -75,7 +101,7 @@ int EVP_RAND_enable_locking(EVP_RAND_CTX *rand) static int evp_rand_lock(EVP_RAND_CTX *rand) { if (rand->meth->lock != NULL) - return rand->meth->lock(rand->data); + return rand->meth->lock(rand->algctx); return 1; } @@ -83,24 +109,30 @@ static int evp_rand_lock(EVP_RAND_CTX *rand) static void evp_rand_unlock(EVP_RAND_CTX *rand) { if (rand->meth->unlock != NULL) - rand->meth->unlock(rand->data); + rand->meth->unlock(rand->algctx); } -static void *evp_rand_from_dispatch(int name_id, - const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) +static void *evp_rand_from_algorithm(int name_id, + const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov) { + const OSSL_DISPATCH *fns = algodef->implementation; EVP_RAND *rand = NULL; - int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0; + int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0; #ifdef FIPS_MODULE int fnzeroizecnt = 0; #endif if ((rand = evp_rand_new()) == NULL) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB); return NULL; } rand->name_id = name_id; + if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { + evp_rand_free(rand); + return NULL; + } + rand->description = algodef->algorithm_description; rand->dispatch = fns; for (; fns->function_id != 0; fns++) { switch (fns->function_id) { @@ -144,16 +176,11 @@ static void *evp_rand_from_dispatch(int name_id, break; rand->nonce = OSSL_FUNC_rand_nonce(fns); break; - case OSSL_FUNC_RAND_SET_CALLBACKS: - if (rand->set_callbacks != NULL) - break; - rand->set_callbacks = OSSL_FUNC_rand_set_callbacks(fns); - break; case OSSL_FUNC_RAND_ENABLE_LOCKING: if (rand->enable_locking != NULL) break; rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns); - fnlockcnt++; + fnenablelockcnt++; break; case OSSL_FUNC_RAND_LOCK: if (rand->lock != NULL) @@ -222,7 +249,8 @@ static void *evp_rand_from_dispatch(int name_id, */ if (fnrandcnt != 3 || fnctxcnt != 3 - || (fnlockcnt != 0 && fnlockcnt != 3) + || (fnenablelockcnt != 0 && fnenablelockcnt != 1) + || (fnlockcnt != 0 && fnlockcnt != 2) #ifdef FIPS_MODULE || fnzeroizecnt != 1 #endif @@ -242,11 +270,11 @@ static void *evp_rand_from_dispatch(int name_id, return rand; } -EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm, +EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties) { return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties, - evp_rand_from_dispatch, evp_rand_up_ref, + evp_rand_from_algorithm, evp_rand_up_ref, evp_rand_free); } @@ -260,22 +288,27 @@ void EVP_RAND_free(EVP_RAND *rand) evp_rand_free(rand); } -int EVP_RAND_number(const EVP_RAND *rand) +int evp_rand_get_number(const EVP_RAND *rand) { return rand->name_id; } -const char *EVP_RAND_name(const EVP_RAND *rand) +const char *EVP_RAND_get0_name(const EVP_RAND *rand) { - return evp_first_name(rand->prov, rand->name_id); + return rand->type_name; +} + +const char *EVP_RAND_get0_description(const EVP_RAND *rand) +{ + return rand->description; } int EVP_RAND_is_a(const EVP_RAND *rand, const char *name) { - return evp_is_a(rand->prov, rand->name_id, NULL, name); + return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name); } -const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand) +const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand) { return rand->prov; } @@ -287,6 +320,13 @@ int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]) return 1; } +int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx) +{ + int ref = 0; + + return CRYPTO_UP_REF(&ctx->refcnt, &ref); +} + EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) { EVP_RAND_CTX *ctx; @@ -294,164 +334,231 @@ EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) const OSSL_DISPATCH *parent_dispatch = NULL; if (rand == NULL) { - EVPerr(0, EVP_R_INVALID_NULL_ALGORITHM); + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); return NULL; } ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) { - EVPerr(0, ERR_R_MALLOC_FAILURE); + if (ctx == NULL) + return NULL; + if (!CRYPTO_NEW_REF(&ctx->refcnt, 1)) { + OPENSSL_free(ctx); return NULL; } if (parent != NULL) { - if (!EVP_RAND_enable_locking(parent)) { - EVPerr(0, EVP_R_UNABLE_TO_ENABLE_PARENT_LOCKING); + if (!EVP_RAND_CTX_up_ref(parent)) { + ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); + CRYPTO_FREE_REF(&ctx->refcnt); OPENSSL_free(ctx); return NULL; } - parent_ctx = parent->data; + parent_ctx = parent->algctx; parent_dispatch = parent->meth->dispatch; } - if ((ctx->data = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx, - parent_dispatch)) == NULL + if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx, + parent_dispatch)) == NULL || !EVP_RAND_up_ref(rand)) { - EVPerr(0, ERR_R_MALLOC_FAILURE); - rand->freectx(ctx->data); + ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB); + rand->freectx(ctx->algctx); + CRYPTO_FREE_REF(&ctx->refcnt); OPENSSL_free(ctx); + EVP_RAND_CTX_free(parent); return NULL; } ctx->meth = rand; + ctx->parent = parent; return ctx; } void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx) { - if (ctx != NULL) { - ctx->meth->freectx(ctx->data); - ctx->data = NULL; - EVP_RAND_free(ctx->meth); - OPENSSL_free(ctx); - } + int ref = 0; + EVP_RAND_CTX *parent; + + if (ctx == NULL) + return; + + CRYPTO_DOWN_REF(&ctx->refcnt, &ref); + if (ref > 0) + return; + parent = ctx->parent; + ctx->meth->freectx(ctx->algctx); + ctx->algctx = NULL; + EVP_RAND_free(ctx->meth); + CRYPTO_FREE_REF(&ctx->refcnt); + OPENSSL_free(ctx); + EVP_RAND_CTX_free(parent); } -EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx) +EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx) { return ctx->meth; } -int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) +static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx, + OSSL_PARAM params[]) +{ + return ctx->meth->get_ctx_params(ctx->algctx, params); +} + +int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) { int res; if (!evp_rand_lock(ctx)) return 0; - res = ctx->meth->get_ctx_params(ctx->data, params); + res = evp_rand_get_ctx_params_locked(ctx, params); evp_rand_unlock(ctx); return res; } -int EVP_RAND_set_ctx_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]) +static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx, + const OSSL_PARAM params[]) { - int res = 1; + if (ctx->meth->set_ctx_params != NULL) + return ctx->meth->set_ctx_params(ctx->algctx, params); + return 1; +} - if (ctx->meth->set_ctx_params != NULL) { - if (!evp_rand_lock(ctx)) - return 0; - res = ctx->meth->set_ctx_params(ctx->data, params); - evp_rand_unlock(ctx); - /* Clear out the cache state because the values can change on a set */ - ctx->strength = 0; - ctx->max_request = 0; - } +int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]) +{ + int res; + + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_set_ctx_params_locked(ctx, params); + evp_rand_unlock(ctx); return res; } const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand) { - return rand->gettable_params == NULL ? NULL : rand->gettable_params(); + if (rand->gettable_params == NULL) + return NULL; + return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand))); } const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand) { - return rand->gettable_ctx_params == NULL ? NULL - : rand->gettable_ctx_params(); + void *provctx; + + if (rand->gettable_ctx_params == NULL) + return NULL; + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); + return rand->gettable_ctx_params(NULL, provctx); } const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand) { - return rand->settable_ctx_params == NULL ? NULL - :rand->settable_ctx_params(); + void *provctx; + + if (rand->settable_ctx_params == NULL) + return NULL; + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); + return rand->settable_ctx_params(NULL, provctx); +} + +const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx) +{ + void *provctx; + + if (ctx->meth->gettable_ctx_params == NULL) + return NULL; + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); + return ctx->meth->gettable_ctx_params(ctx->algctx, provctx); } -void EVP_RAND_do_all_provided(OPENSSL_CTX *libctx, +const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx) +{ + void *provctx; + + if (ctx->meth->settable_ctx_params == NULL) + return NULL; + provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); + return ctx->meth->settable_ctx_params(ctx->algctx, provctx); +} + +void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_RAND *rand, void *arg), void *arg) { evp_generic_do_all(libctx, OSSL_OP_RAND, (void (*)(void *, void *))fn, arg, - evp_rand_from_dispatch, evp_rand_free); + evp_rand_from_algorithm, evp_rand_up_ref, + evp_rand_free); } -void EVP_RAND_names_do_all(const EVP_RAND *rand, - void (*fn)(const char *name, void *data), - void *data) +int EVP_RAND_names_do_all(const EVP_RAND *rand, + void (*fn)(const char *name, void *data), + void *data) { if (rand->prov != NULL) - evp_names_do_all(rand->prov, rand->name_id, fn, data); + return evp_names_do_all(rand->prov, rand->name_id, fn, data); + + return 1; +} + +static int evp_rand_instantiate_locked + (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[]) +{ + return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance, + pstr, pstr_len, params); } int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len) + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]) { int res; if (!evp_rand_lock(ctx)) return 0; - res = ctx->meth->instantiate(ctx->data, strength, prediction_resistance, - pstr, pstr_len); + res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance, + pstr, pstr_len, params); evp_rand_unlock(ctx); return res; } +static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx) +{ + return ctx->meth->uninstantiate(ctx->algctx); +} + int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx) { int res; if (!evp_rand_lock(ctx)) return 0; - res = ctx->meth->uninstantiate(ctx->data); + res = evp_rand_uninstantiate_locked(ctx); evp_rand_unlock(ctx); return res; } -int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *addin, size_t addin_len) +static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out, + size_t outlen, unsigned int strength, + int prediction_resistance, + const unsigned char *addin, + size_t addin_len) { - size_t chunk; - OSSL_PARAM params[2]; - int res = 0; + size_t chunk, max_request = 0; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (!evp_rand_lock(ctx)) + params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST, + &max_request); + if (!evp_rand_get_ctx_params_locked(ctx, params) + || max_request == 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); return 0; - if (ctx->max_request == 0) { - params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, - &chunk); - params[1] = OSSL_PARAM_construct_end(); - /* Cannot call EVP_RAND_get_ctx_params() since we have the lock */ - if (!ctx->meth->get_ctx_params(ctx->data, params) || chunk == 0) { - EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); - goto err; - } - ctx->max_request = chunk; } for (; outlen > 0; outlen -= chunk, out += chunk) { - chunk = outlen > ctx->max_request ? ctx->max_request : outlen; - if (!ctx->meth->generate(ctx->data, out, chunk, strength, + chunk = outlen > max_request ? max_request : outlen; + if (!ctx->meth->generate(ctx->algctx, out, chunk, strength, prediction_resistance, addin, addin_len)) { - EVPerr(0, EVP_R_GENERATE_ERROR); - goto err; + ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR); + return 0; } /* * Prediction resistance is only relevant the first time around, @@ -459,94 +566,117 @@ int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, */ prediction_resistance = 0; } - res = 1; -err: + return 1; +} + +int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len) +{ + int res; + + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_generate_locked(ctx, out, outlen, strength, + prediction_resistance, addin, addin_len); evp_rand_unlock(ctx); return res; } +static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, + const unsigned char *addin, size_t addin_len) +{ + if (ctx->meth->reseed != NULL) + return ctx->meth->reseed(ctx->algctx, prediction_resistance, + ent, ent_len, addin, addin_len); + return 1; +} + int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, const unsigned char *ent, size_t ent_len, const unsigned char *addin, size_t addin_len) { - int res = 1; + int res; if (!evp_rand_lock(ctx)) return 0; - if (ctx->meth->reseed != NULL) - res = ctx->meth->reseed(ctx->data, prediction_resistance, - ent, ent_len, addin, addin_len); + res = evp_rand_reseed_locked(ctx, prediction_resistance, + ent, ent_len, addin, addin_len); evp_rand_unlock(ctx); return res; } -int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) +static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned int strength = 0; + + params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); + if (!evp_rand_get_ctx_params_locked(ctx, params)) + return 0; + return strength; +} + +unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx) { - int res = 1; - unsigned int str = EVP_RAND_strength(ctx); + unsigned int res; if (!evp_rand_lock(ctx)) return 0; - if (ctx->meth->nonce == NULL - || !ctx->meth->nonce(ctx->data, out, str, outlen, outlen)) - res = ctx->meth->generate(ctx->data, out, outlen, str, 0, NULL, 0); + res = evp_rand_strength_locked(ctx); evp_rand_unlock(ctx); return res; } -unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx) +static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out, + size_t outlen) +{ + unsigned int str = evp_rand_strength_locked(ctx); + + if (ctx->meth->nonce == NULL) + return 0; + if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen)) + return 1; + return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0); +} + +int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) { - OSSL_PARAM params[2]; int res; - if (ctx->strength == 0) { - params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, - &ctx->strength); - params[1] = OSSL_PARAM_construct_end(); - res = EVP_RAND_get_ctx_params(ctx, params); - if (!res) - return 0; - } - return ctx->strength; + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_nonce_locked(ctx, out, outlen); + evp_rand_unlock(ctx); + return res; } -int EVP_RAND_state(EVP_RAND_CTX *ctx) +int EVP_RAND_get_state(EVP_RAND_CTX *ctx) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - int status, res; + int state; - params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, - &status); - res = EVP_RAND_get_ctx_params(ctx, params); - if (!res) - status = EVP_RAND_STATE_ERROR; - return status; + params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state); + if (!EVP_RAND_CTX_get_params(ctx, params)) + state = EVP_RAND_STATE_ERROR; + return state; } -int EVP_RAND_set_callbacks(EVP_RAND_CTX *ctx, - OSSL_INOUT_CALLBACK *get_entropy, - OSSL_CALLBACK *cleanup_entropy, - OSSL_INOUT_CALLBACK *get_nonce, - OSSL_CALLBACK *cleanup_nonce, void *arg) +static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx) { - if (ctx->meth->set_callbacks == NULL) { - EVPerr(0, EVP_R_UNABLE_TO_SET_CALLBACKS); - return 0; - } - ctx->meth->set_callbacks(ctx->data, get_entropy, cleanup_entropy, - get_nonce, cleanup_nonce, arg); - return 1; + if (ctx->meth->verify_zeroization != NULL) + return ctx->meth->verify_zeroization(ctx->algctx); + return 0; } int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx) { - int res = 0; + int res; - if (ctx->meth->verify_zeroization != NULL) { - if (!evp_rand_lock(ctx)) - return 0; - res = ctx->meth->verify_zeroization(ctx->data); - evp_rand_unlock(ctx); - } + if (!evp_rand_lock(ctx)) + return 0; + res = evp_rand_verify_zeroization_locked(ctx); + evp_rand_unlock(ctx); return res; }