From: Pauli Date: Tue, 21 May 2024 04:56:32 +0000 (+1000) Subject: Add a new provider API to generate random numbers. X-Git-Tag: openssl-3.5.0-alpha1~666 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=37172e2ab8377706c6ce5c79e4bc700cff522f6f;p=thirdparty%2Fopenssl.git Add a new provider API to generate random numbers. Reviewed-by: Tim Hudson Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/24498) --- diff --git a/crypto/provider_core.c b/crypto/provider_core.c index a6f2ffa14ea..e1025f2ee18 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -175,6 +175,7 @@ struct ossl_provider_st { OSSL_FUNC_provider_get_params_fn *get_params; OSSL_FUNC_provider_get_capabilities_fn *get_capabilities; OSSL_FUNC_provider_self_test_fn *self_test; + OSSL_FUNC_provider_random_fn *random; OSSL_FUNC_provider_query_operation_fn *query_operation; OSSL_FUNC_provider_unquery_operation_fn *unquery_operation; @@ -1067,6 +1068,9 @@ static int provider_init(OSSL_PROVIDER *prov) prov->self_test = OSSL_FUNC_provider_self_test(provider_dispatch); break; + case OSSL_FUNC_PROVIDER_RANDOM: + prov->random = OSSL_FUNC_provider_random(provider_dispatch); + break; case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: prov->get_capabilities = OSSL_FUNC_provider_get_capabilities(provider_dispatch); @@ -1860,6 +1864,13 @@ int ossl_provider_self_test(const OSSL_PROVIDER *prov) * If tracing is enabled, a message is printed indicating the requested * capabilities. */ +int ossl_provider_random(const OSSL_PROVIDER *prov, int which, void *buf, size_t n, + unsigned int strength) +{ + return prov->random == NULL ? 0 : prov->random(prov->provctx, which, buf, n, + strength); +} + int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, const char *capability, OSSL_CALLBACK *cb, diff --git a/include/internal/provider.h b/include/internal/provider.h index 7410c1005d3..eb8f1fbdb9f 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -84,6 +84,8 @@ int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, OSSL_CALLBACK *cb, void *arg); int ossl_provider_self_test(const OSSL_PROVIDER *prov); +int ossl_provider_random(const OSSL_PROVIDER *prov, int which, void *buf, size_t n, + unsigned int strength); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index edd25df090d..315baffa55e 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -248,13 +248,13 @@ OSSL_CORE_MAKE_FUNC(int, provider_free, /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */ # define OSSL_FUNC_PROVIDER_TEARDOWN 1024 -OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx)) +OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx)) # define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS 1025 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, provider_gettable_params,(void *provctx)) # define OSSL_FUNC_PROVIDER_GET_PARAMS 1026 -OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, - OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, provider_get_params, (void *provctx, + OSSL_PARAM params[])) # define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, (void *provctx, int operation_id, int *no_store)) @@ -269,6 +269,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, const char *capability, OSSL_CALLBACK *cb, void *arg)) # define OSSL_FUNC_PROVIDER_SELF_TEST 1031 OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx)) +# define OSSL_FUNC_PROVIDER_RANDOM 1032 +OSSL_CORE_MAKE_FUNC(int, provider_random, (void *provctx, int which, + void *buf, size_t n, + unsigned int strength)) /* Operations */ diff --git a/include/openssl/rand.h b/include/openssl/rand.h index 1fa1129e3cf..cb9fda49910 100644 --- a/include/openssl/rand.h +++ b/include/openssl/rand.h @@ -118,6 +118,9 @@ OSSL_DEPRECATEDIN_1_1_0 int RAND_event(UINT, WPARAM, LPARAM); # endif # endif +#define OSSL_PROV_RANDOM_PUBLIC 0 +#define OSSL_PROV_RANDOM_PRIVATE 1 + #ifdef __cplusplus } #endif diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 38d0ae9f7f7..568d9a6f957 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -41,6 +41,7 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params; static OSSL_FUNC_provider_get_params_fn fips_get_params; static OSSL_FUNC_provider_query_operation_fn fips_query; static OSSL_FUNC_provider_query_operation_fn fips_query_internal; +static OSSL_FUNC_provider_random_fn fips_random; #define ALGC(NAMES, FUNC, CHECK) \ { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK } @@ -121,6 +122,20 @@ void ossl_fips_prov_ossl_ctx_free(void *fgbl) OPENSSL_free(fgbl); } +static int fips_random(ossl_unused void *vprov, int which, void *buf, size_t n, + unsigned int strength) +{ + OSSL_LIB_CTX *libctx; + PROV_CTX *prov = (PROV_CTX *)vprov; + + if (prov == NULL) + return 0; + libctx = ossl_prov_ctx_get0_libctx(prov); + if (which == OSSL_PROV_RANDOM_PRIVATE) + return RAND_priv_bytes_ex(libctx, buf, n, strength); + return RAND_bytes_ex(libctx, buf, n, strength); +} + /* * Parameters to retrieve from the core provider * NOTE: inside core_get_params() these will be loaded from config items @@ -604,6 +619,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = { { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))ossl_prov_get_capabilities }, { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test }, + { OSSL_FUNC_PROVIDER_RANDOM, (void (*)(void))fips_random }, OSSL_DISPATCH_END };