]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
Add a new provider API to generate random numbers.
authorPauli <ppzgs1@gmail.com>
Tue, 21 May 2024 04:56:32 +0000 (14:56 +1000)
committerPauli <ppzgs1@gmail.com>
Tue, 4 Feb 2025 20:20:10 +0000 (07:20 +1100)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24498)

crypto/provider_core.c
include/internal/provider.h
include/openssl/core_dispatch.h
include/openssl/rand.h
providers/fips/fipsprov.c

index a6f2ffa14ea8da332b73d103d6c1616c12e8ef0d..e1025f2ee18290d161b43708cb2ea3abafdbc567 100644 (file)
@@ -175,6 +175,7 @@ struct ossl_provider_st {
     OSSL_FUNC_provider_get_params_fn *get_params;
     OSSL_FUNC_provider_get_capabilities_fn *get_capabilities;
     OSSL_FUNC_provider_self_test_fn *self_test;
+    OSSL_FUNC_provider_random_fn *random;
     OSSL_FUNC_provider_query_operation_fn *query_operation;
     OSSL_FUNC_provider_unquery_operation_fn *unquery_operation;
 
@@ -1067,6 +1068,9 @@ static int provider_init(OSSL_PROVIDER *prov)
                 prov->self_test =
                     OSSL_FUNC_provider_self_test(provider_dispatch);
                 break;
+            case OSSL_FUNC_PROVIDER_RANDOM:
+                prov->random = OSSL_FUNC_provider_random(provider_dispatch);
+                break;
             case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
                 prov->get_capabilities =
                     OSSL_FUNC_provider_get_capabilities(provider_dispatch);
@@ -1860,6 +1864,13 @@ int ossl_provider_self_test(const OSSL_PROVIDER *prov)
  * If tracing is enabled, a message is printed indicating the requested
  * capabilities.
  */
+int ossl_provider_random(const OSSL_PROVIDER *prov, int which, void *buf, size_t n,
+                         unsigned int strength)
+{
+    return prov->random == NULL ? 0 : prov->random(prov->provctx, which, buf, n,
+                                                   strength);
+}
+
 int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
                                    const char *capability,
                                    OSSL_CALLBACK *cb,
index 7410c1005d3754ddf41289b50c9281421f247e16..eb8f1fbdb9f3bd092ebbb31cefe43b0c96ae3a9a 100644 (file)
@@ -84,6 +84,8 @@ int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
                                    OSSL_CALLBACK *cb,
                                    void *arg);
 int ossl_provider_self_test(const OSSL_PROVIDER *prov);
+int ossl_provider_random(const OSSL_PROVIDER *prov, int which, void *buf, size_t n,
+                         unsigned int strength);
 const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,
                                                     int *no_cache);
index edd25df090dd250421d559dde622231c329e0d63..315baffa55ebb73509fefaba750e3657b2d559f0 100644 (file)
@@ -248,13 +248,13 @@ OSSL_CORE_MAKE_FUNC(int, provider_free,
 
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
-OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
+OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx))
 # define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS    1025
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
                     provider_gettable_params,(void *provctx))
 # define OSSL_FUNC_PROVIDER_GET_PARAMS         1026
-OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx,
-                                             OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, provider_get_params, (void *provctx,
+                                               OSSL_PARAM params[]))
 # define OSSL_FUNC_PROVIDER_QUERY_OPERATION    1027
 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
                     (void *provctx, int operation_id, int *no_store))
@@ -269,6 +269,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx,
                     const char *capability, OSSL_CALLBACK *cb, void *arg))
 # define OSSL_FUNC_PROVIDER_SELF_TEST          1031
 OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx))
+# define OSSL_FUNC_PROVIDER_RANDOM             1032
+OSSL_CORE_MAKE_FUNC(int, provider_random, (void *provctx, int which,
+                                           void *buf, size_t n,
+                                           unsigned int strength))
 
 /* Operations */
 
index 1fa1129e3cf7dbfc2ff5437838f86d9044fadbf6..cb9fda49910d1acdaceeb9348b84479c839ee769 100644 (file)
@@ -118,6 +118,9 @@ OSSL_DEPRECATEDIN_1_1_0 int RAND_event(UINT, WPARAM, LPARAM);
 #  endif
 # endif
 
+#define OSSL_PROV_RANDOM_PUBLIC     0
+#define OSSL_PROV_RANDOM_PRIVATE    1
+
 #ifdef  __cplusplus
 }
 #endif
index 38d0ae9f7f77aa4f3dc554e0455137d35c2905de..568d9a6f95752ab07fb3885c6f4dc346e9c6c0c0 100644 (file)
@@ -41,6 +41,7 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params;
 static OSSL_FUNC_provider_get_params_fn fips_get_params;
 static OSSL_FUNC_provider_query_operation_fn fips_query;
 static OSSL_FUNC_provider_query_operation_fn fips_query_internal;
+static OSSL_FUNC_provider_random_fn fips_random;
 
 #define ALGC(NAMES, FUNC, CHECK)                \
     { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
@@ -121,6 +122,20 @@ void ossl_fips_prov_ossl_ctx_free(void *fgbl)
     OPENSSL_free(fgbl);
 }
 
+static int fips_random(ossl_unused void *vprov, int which, void *buf, size_t n,
+                       unsigned int strength)
+{
+    OSSL_LIB_CTX *libctx;
+    PROV_CTX *prov = (PROV_CTX *)vprov;
+
+    if (prov == NULL)
+        return 0;
+    libctx = ossl_prov_ctx_get0_libctx(prov);
+    if (which == OSSL_PROV_RANDOM_PRIVATE)
+        return RAND_priv_bytes_ex(libctx, buf, n, strength);
+    return RAND_bytes_ex(libctx, buf, n, strength);
+}
+
 /*
  * Parameters to retrieve from the core provider
  * NOTE: inside core_get_params() these will be loaded from config items
@@ -604,6 +619,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = {
     { OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
       (void (*)(void))ossl_prov_get_capabilities },
     { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test },
+    { OSSL_FUNC_PROVIDER_RANDOM, (void (*)(void))fips_random },
     OSSL_DISPATCH_END
 };