Home Explore Help
Register Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 1
Files Issues 1 Wiki
Tree: 35e6ea3bdc
Branches Tags
openssl
/
providers
/
implementations
/
rands
/
crngt.c

crngt.c 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. /*
    2. 

  2.  * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
    4. 

  4.  *
    5. 

  5.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    6. 

  6.  * this file except in compliance with the License.  You can obtain a copy
    7. 

  7.  * in the file LICENSE in the source distribution or at
    8. 

  8.  * https://www.openssl.org/source/license.html
    9. 

  9.  */
    10. 

  10. 

  11. /*
    12. 

  12.  * Implementation of the FIPS 140-2 section 4.9.2 Conditional Tests.
    13. 

  13.  */
    14. 

  14. 

  15. #include <string.h>
    16. 

  16. #include <openssl/evp.h>
    17. 

  17. #include <openssl/core_dispatch.h>
    18. 

  18. #include <openssl/params.h>
    19. 

  19. #include <openssl/self_test.h>
    20. 

  20. #include "prov/providercommon.h"
    21. 

  21. #include "prov/provider_ctx.h"
    22. 

  22. #include "internal/cryptlib.h"
    23. 

  23. #include "prov/rand_pool.h"
    24. 

  24. #include "drbg_local.h"
    25. 

  25. #include "prov/seeding.h"
    26. 

  26. 

  27. typedef struct crng_test_global_st {
    28. 

  28.     unsigned char crngt_prev[EVP_MAX_MD_SIZE];
    29. 

  29.     RAND_POOL *crngt_pool;
    30. 

  30. } CRNG_TEST_GLOBAL;
    31. 

  31. 

  32. static int crngt_get_entropy(OPENSSL_CTX *ctx, RAND_POOL *pool,
    33. 

  33.                              unsigned char *buf, unsigned char *md,
    34. 

  34.                              unsigned int *md_size)
    35. 

  35. {
    36. 

  36.     int r;
    37. 

  37.     size_t n;
    38. 

  38.     unsigned char *p;
    39. 

  39.     EVP_MD *fmd;
    40. 

  40. 

  41.     if (pool == NULL)
    42. 

  42.         return 0;
    43. 

  43. 

  44.     n = prov_pool_acquire_entropy(pool);
    45. 

  45.     if (n >= CRNGT_BUFSIZ) {
    46. 

  46.         fmd = EVP_MD_fetch(ctx, "SHA256", "");
    47. 

  47.         if (fmd == NULL)
    48. 

  48.             return 0;
    49. 

  49.         p = rand_pool_detach(pool);
    50. 

  50.         r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, fmd, NULL);
    51. 

  51.         if (r != 0)
    52. 

  52.             memcpy(buf, p, CRNGT_BUFSIZ);
    53. 

  53.         rand_pool_reattach(pool, p);
    54. 

  54.         EVP_MD_free(fmd);
    55. 

  55.         return r;
    56. 

  56.     }
    57. 

  57.     return 0;
    58. 

  58. }
    59. 

  59. 

  60. static void rand_crng_ossl_ctx_free(void *vcrngt_glob)
    61. 

  61. {
    62. 

  62.     CRNG_TEST_GLOBAL *crngt_glob = vcrngt_glob;
    63. 

  63. 

  64.     rand_pool_free(crngt_glob->crngt_pool);
    65. 

  65.     OPENSSL_free(crngt_glob);
    66. 

  66. }
    67. 

  67. 

  68. static void *rand_crng_ossl_ctx_new(OPENSSL_CTX *ctx)
    69. 

  69. {
    70. 

  70.     unsigned char buf[CRNGT_BUFSIZ];
    71. 

  71.     CRNG_TEST_GLOBAL *crngt_glob = OPENSSL_zalloc(sizeof(*crngt_glob));
    72. 

  72. 

  73.     if (crngt_glob == NULL)
    74. 

  74.         return NULL;
    75. 

  75. 

  76.     if ((crngt_glob->crngt_pool
    77. 

  77.          = rand_pool_new(0, 1, CRNGT_BUFSIZ, CRNGT_BUFSIZ)) == NULL) {
    78. 

  78.         OPENSSL_free(crngt_glob);
    79. 

  79.         return NULL;
    80. 

  80.     }
    81. 

  81.     if (crngt_get_entropy(ctx, crngt_glob->crngt_pool, buf,
    82. 

  82.                           crngt_glob->crngt_prev, NULL)) {
    83. 

  83.         OPENSSL_cleanse(buf, sizeof(buf));
    84. 

  84.         return crngt_glob;
    85. 

  85.     }
    86. 

  86.     rand_pool_free(crngt_glob->crngt_pool);
    87. 

  87.     OPENSSL_free(crngt_glob);
    88. 

  88.     return NULL;
    89. 

  89. }
    90. 

  90. 

  91. static const OPENSSL_CTX_METHOD rand_crng_ossl_ctx_method = {
    92. 

  92.     rand_crng_ossl_ctx_new,
    93. 

  93.     rand_crng_ossl_ctx_free,
    94. 

  94. };
    95. 

  95. 

  96. static int prov_crngt_compare_previous(const unsigned char *prev,
    97. 

  97.                                         const unsigned char *cur,
    98. 

  98.                                         size_t sz)
    99. 

  99. {
    100. 

  100.     const int res = memcmp(prev, cur, sz) != 0;
    101. 

  101. 

  102.     if (!res)
    103. 

  103.         ossl_set_error_state(OSSL_SELF_TEST_TYPE_CRNG);
    104. 

  104.     return res;
    105. 

  105. }
    106. 

  106. 

  107. size_t prov_crngt_get_entropy(PROV_DRBG *drbg,
    108. 

  108.                               unsigned char **pout,
    109. 

  109.                               int entropy, size_t min_len, size_t max_len,
    110. 

  110.                               int prediction_resistance)
    111. 

  111. {
    112. 

  112.     unsigned char buf[CRNGT_BUFSIZ], md[EVP_MAX_MD_SIZE];
    113. 

  113.     unsigned int sz;
    114. 

  114.     RAND_POOL *pool;
    115. 

  115.     size_t q, r = 0, s, t = 0;
    116. 

  116.     int attempts = 3;
    117. 

  117.     OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(drbg->provctx);
    118. 

  118.     CRNG_TEST_GLOBAL *crngt_glob
    119. 

  119.         = openssl_ctx_get_data(libctx, OPENSSL_CTX_RAND_CRNGT_INDEX,
    120. 

  120.                                &rand_crng_ossl_ctx_method);
    121. 

  121. 

  122.     if (crngt_glob == NULL)
    123. 

  123.         return 0;
    124. 

  124. 

  125.     if ((pool = rand_pool_new(entropy, 1, min_len, max_len)) == NULL)
    126. 

  126.         return 0;
    127. 

  127. 

  128.     while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
    129. 

  129.         s = q > sizeof(buf) ? sizeof(buf) : q;
    130. 

  130.         if (!crngt_get_entropy(libctx, crngt_glob->crngt_pool, buf, md,
    131. 

  131.                                &sz)
    132. 

  132.             || !prov_crngt_compare_previous(crngt_glob->crngt_prev, md, sz)
    133. 

  133.             || !rand_pool_add(pool, buf, s, s * 8))
    134. 

  134.             goto err;
    135. 

  135.         memcpy(crngt_glob->crngt_prev, md, sz);
    136. 

  136.         t += s;
    137. 

  137.         attempts++;
    138. 

  138.     }
    139. 

  139.     r = t;
    140. 

  140.     *pout = rand_pool_detach(pool);
    141. 

  141. err:
    142. 

  142.     OPENSSL_cleanse(buf, sizeof(buf));
    143. 

  143.     rand_pool_free(pool);
    144. 

  144.     return r;
    145. 

  145. }
    146. 

  146. 

  147. void prov_crngt_cleanup_entropy(PROV_DRBG *drbg,
    148. 

  148.                                 unsigned char *out, size_t outlen)
    149. 

  149. {
    150. 

  150.     OPENSSL_secure_clear_free(out, outlen);
    151. 

  151. }
    152.