123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412 |
- =pod
- =head1 NAME
- EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX,
- EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_CTX_up_ref, EVP_RAND_instantiate,
- EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce,
- EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength,
- EVP_RAND_get_state,
- EVP_RAND_get0_provider, EVP_RAND_CTX_get0_rand, EVP_RAND_is_a,
- EVP_RAND_get0_name, EVP_RAND_names_do_all,
- EVP_RAND_get0_description,
- EVP_RAND_CTX_get_params,
- EVP_RAND_CTX_set_params, EVP_RAND_do_all_provided, EVP_RAND_get_params,
- EVP_RAND_gettable_ctx_params, EVP_RAND_settable_ctx_params,
- EVP_RAND_CTX_gettable_params, EVP_RAND_CTX_settable_params,
- EVP_RAND_gettable_params, EVP_RAND_STATE_UNINITIALISED, EVP_RAND_STATE_READY,
- EVP_RAND_STATE_ERROR - EVP RAND routines
- =head1 SYNOPSIS
- #include <openssl/evp.h>
- typedef struct evp_rand_st EVP_RAND;
- typedef struct evp_rand_ctx_st EVP_RAND_CTX;
- EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
- const char *properties);
- int EVP_RAND_up_ref(EVP_RAND *rand);
- void EVP_RAND_free(EVP_RAND *rand);
- EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent);
- void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
- int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx);
- EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx);
- int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
- int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]);
- int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]);
- const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand);
- const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand);
- const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand);
- const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx);
- const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx);
- const char *EVP_RAND_get0_name(const EVP_RAND *rand);
- const char *EVP_RAND_get0_description(const EVP_RAND *rand);
- int EVP_RAND_is_a(const EVP_RAND *rand, const char *name);
- const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand);
- void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx,
- void (*fn)(EVP_RAND *rand, void *arg),
- void *arg);
- int EVP_RAND_names_do_all(const EVP_RAND *rand,
- void (*fn)(const char *name, void *data),
- void *data);
- int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
- int prediction_resistance,
- const unsigned char *pstr, size_t pstr_len,
- const OSSL_PARAM params[]);
- int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx);
- int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
- unsigned int strength, int prediction_resistance,
- const unsigned char *addin, size_t addin_len);
- int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
- const unsigned char *ent, size_t ent_len,
- const unsigned char *addin, size_t addin_len);
- int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen);
- int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx);
- int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx);
- unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx);
- int EVP_RAND_get_state(EVP_RAND_CTX *ctx);
- #define EVP_RAND_STATE_UNINITIALISED 0
- #define EVP_RAND_STATE_READY 1
- #define EVP_RAND_STATE_ERROR 2
- =head1 DESCRIPTION
- The EVP RAND routines are a high-level interface to random number generators
- both deterministic and not.
- If you just want to generate random bytes then you don't need to use
- these functions: just call RAND_bytes() or RAND_priv_bytes().
- If you want to do more, these calls should be used instead of the older
- RAND and RAND_DRBG functions.
- After creating a B<EVP_RAND_CTX> for the required algorithm using
- EVP_RAND_CTX_new(), inputs to the algorithm are supplied either by
- passing them as part of the EVP_RAND_instantiate() call or using calls to
- EVP_RAND_CTX_set_params() before calling EVP_RAND_instantiate(). Finally,
- call EVP_RAND_generate() to produce cryptographically secure random bytes.
- =head2 Types
- B<EVP_RAND> is a type that holds the implementation of a RAND.
- B<EVP_RAND_CTX> is a context type that holds the algorithm inputs.
- B<EVP_RAND_CTX> structures are reference counted.
- =head2 Algorithm implementation fetching
- EVP_RAND_fetch() fetches an implementation of a RAND I<algorithm>, given
- a library context I<libctx> and a set of I<properties>.
- See L<crypto(7)/ALGORITHM FETCHING> for further information.
- The returned value must eventually be freed with
- L<EVP_RAND_free(3)>.
- EVP_RAND_up_ref() increments the reference count of an already fetched
- RAND.
- EVP_RAND_free() frees a fetched algorithm.
- NULL is a valid parameter, for which this function is a no-op.
- =head2 Context manipulation functions
- EVP_RAND_CTX_new() creates a new context for the RAND implementation I<rand>.
- If not NULL, I<parent> specifies the seed source for this implementation.
- Not all random number generators need to have a seed source specified.
- If a parent is required, a NULL I<parent> will utilise the operating
- system entropy sources.
- It is recommended to minimise the number of random number generators that
- rely on the operating system for their randomness because this is often scarce.
- EVP_RAND_CTX_free() frees up the context I<ctx>. If I<ctx> is NULL, nothing
- is done.
- EVP_RAND_CTX_get0_rand() returns the B<EVP_RAND> associated with the context
- I<ctx>.
- =head2 Random Number Generator Functions
- EVP_RAND_instantiate() processes any parameters in I<params> and
- then instantiates the RAND I<ctx> with a minimum security strength
- of <strength> and personalisation string I<pstr> of length <pstr_len>.
- If I<prediction_resistance> is specified, fresh entropy from a live source
- will be sought. This call operates as per NIST SP 800-90A and SP 800-90C.
- EVP_RAND_uninstantiate() uninstantiates the RAND I<ctx> as per
- NIST SP 800-90A and SP 800-90C. Subsequent to this call, the RAND cannot
- be used to generate bytes. It can only be freed or instantiated again.
- EVP_RAND_generate() produces random bytes from the RAND I<ctx> with the
- additional input I<addin> of length I<addin_len>. The bytes
- produced will meet the security I<strength>.
- If I<prediction_resistance> is specified, fresh entropy from a live source
- will be sought. This call operates as per NIST SP 800-90A and SP 800-90C.
- EVP_RAND_reseed() reseeds the RAND with new entropy.
- Entropy I<ent> of length I<ent_len> bytes can be supplied as can additional
- input I<addin> of length I<addin_len> bytes. In the FIPS provider, both are
- treated as additional input as per NIST SP-800-90Ar1, Sections 9.1 and 9.2.
- Additional seed material is also drawn from the RAND's parent or the
- operating system. If I<prediction_resistance> is specified, fresh entropy
- from a live source will be sought. This call operates as per NIST SP 800-90A
- and SP 800-90C.
- EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
- bytes from the RAND I<ctx>. The function returns the length of the generated
- nonce. If I<out> is NULL, the length is still returned but no generation
- takes place. This allows a caller to dynamically allocate a buffer of the
- appropriate size.
- EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
- its parents. After this I<ctx> will operate in a thread safe manner, albeit
- more slowly. This function is not itself thread safe if called with the same
- I<ctx> from multiple threads. Typically locking should be enabled before a
- I<ctx> is shared across multiple threads.
- EVP_RAND_get_params() retrieves details about the implementation
- I<rand>.
- The set of parameters given with I<params> determine exactly what
- parameters should be retrieved.
- Note that a parameter that is unknown in the underlying context is
- simply ignored.
- EVP_RAND_CTX_get_params() retrieves chosen parameters, given the
- context I<ctx> and its underlying context.
- The set of parameters given with I<params> determine exactly what
- parameters should be retrieved.
- Note that a parameter that is unknown in the underlying context is
- simply ignored.
- EVP_RAND_CTX_set_params() passes chosen parameters to the underlying
- context, given a context I<ctx>.
- The set of parameters given with I<params> determine exactly what
- parameters are passed down.
- Note that a parameter that is unknown in the underlying context is
- simply ignored.
- Also, what happens when a needed parameter isn't passed down is
- defined by the implementation.
- EVP_RAND_gettable_params() returns an B<OSSL_PARAM> array that describes
- the retrievable and settable parameters. EVP_RAND_gettable_params() returns
- parameters that can be used with EVP_RAND_get_params(). See L<OSSL_PARAM(3)>
- for the use of B<OSSL_PARAM> as a parameter descriptor.
- EVP_RAND_gettable_ctx_params() and EVP_RAND_CTX_gettable_params() return
- constant B<OSSL_PARAM> arrays that describe the retrievable parameters that
- can be used with EVP_RAND_CTX_get_params(). EVP_RAND_gettable_ctx_params()
- returns the parameters that can be retrieved from the algorithm, whereas
- EVP_RAND_CTX_gettable_params() returns the parameters that can be retrieved
- in the context's current state. See L<OSSL_PARAM(3)> for the use of
- B<OSSL_PARAM> as a parameter descriptor.
- EVP_RAND_settable_ctx_params() and EVP_RAND_CTX_settable_params() return
- constant B<OSSL_PARAM> arrays that describe the settable parameters that
- can be used with EVP_RAND_CTX_set_params(). EVP_RAND_settable_ctx_params()
- returns the parameters that can be retrieved from the algorithm, whereas
- EVP_RAND_CTX_settable_params() returns the parameters that can be retrieved
- in the context's current state. See L<OSSL_PARAM(3)> for the use of
- B<OSSL_PARAM> as a parameter descriptor.
- =head2 Information functions
- EVP_RAND_get_strength() returns the security strength of the RAND I<ctx>.
- EVP_RAND_get_state() returns the current state of the RAND I<ctx>.
- States defined by the OpenSSL RNGs are:
- =over 4
- =item *
- EVP_RAND_STATE_UNINITIALISED: this RNG is currently uninitialised.
- The instantiate call will change this to the ready state.
- =item *
- EVP_RAND_STATE_READY: this RNG is currently ready to generate output.
- =item *
- EVP_RAND_STATE_ERROR: this RNG is in an error state.
- =back
- EVP_RAND_is_a() returns 1 if I<rand> is an implementation of an
- algorithm that's identifiable with I<name>, otherwise 0.
- EVP_RAND_get0_provider() returns the provider that holds the implementation
- of the given I<rand>.
- EVP_RAND_do_all_provided() traverses all RAND implemented by all activated
- providers in the given library context I<libctx>, and for each of the
- implementations, calls the given function I<fn> with the implementation method
- and the given I<arg> as argument.
- EVP_RAND_get0_name() returns the canonical name of I<rand>.
- EVP_RAND_names_do_all() traverses all names for I<rand>, and calls
- I<fn> with each name and I<data>.
- EVP_RAND_get0_description() returns a description of the rand, meant for
- display and human consumption. The description is at the discretion of
- the rand implementation.
- EVP_RAND_verify_zeroization() confirms if the internal DRBG state is
- currently zeroed. This is used by the FIPS provider to support the mandatory
- self tests.
- =head1 PARAMETERS
- The standard parameter names are:
- =over 4
- =item "state" (B<OSSL_RAND_PARAM_STATE>) <integer>
- Returns the state of the random number generator.
- =item "strength" (B<OSSL_RAND_PARAM_STRENGTH>) <unsigned integer>
- Returns the bit strength of the random number generator.
- =back
- For rands that are also deterministic random bit generators (DRBGs), these
- additional parameters are recognised. Not all
- parameters are relevant to, or are understood by all DRBG rands:
- =over 4
- =item "reseed_requests" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
- Reads or set the number of generate requests before reseeding the
- associated RAND ctx.
- =item "reseed_time_interval" (B<OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL>) <integer>
- Reads or set the number of elapsed seconds before reseeding the
- associated RAND ctx.
- =item "max_request" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
- Specifies the maximum number of bytes that can be generated in a single
- call to OSSL_FUNC_rand_generate.
- =item "min_entropylen" (B<OSSL_DRBG_PARAM_MIN_ENTROPYLEN>) <unsigned integer>
- =item "max_entropylen" (B<OSSL_DRBG_PARAM_MAX_ENTROPYLEN>) <unsigned integer>
- Specify the minimum and maximum number of bytes of random material that
- can be used to seed the DRBG.
- =item "min_noncelen" (B<OSSL_DRBG_PARAM_MIN_NONCELEN>) <unsigned integer>
- =item "max_noncelen" (B<OSSL_DRBG_PARAM_MAX_NONCELEN>) <unsigned integer>
- Specify the minimum and maximum number of bytes of nonce that can be used to
- seed the DRBG.
- =item "max_perslen" (B<OSSL_DRBG_PARAM_MAX_PERSLEN>) <unsigned integer>
- =item "max_adinlen" (B<OSSL_DRBG_PARAM_MAX_ADINLEN>) <unsigned integer>
- Specify the minimum and maximum number of bytes of personalisation string
- that can be used with the DRBG.
- =item "reseed_counter" (B<OSSL_DRBG_PARAM_RESEED_COUNTER>) <unsigned integer>
- Specifies the number of times the DRBG has been seeded or reseeded.
- =item "properties" (B<OSSL_RAND_PARAM_PROPERTIES>) <UTF8 string>
- =item "mac" (B<OSSL_RAND_PARAM_MAC>) <UTF8 string>
- =item "digest" (B<OSSL_RAND_PARAM_DIGEST>) <UTF8 string>
- =item "cipher" (B<OSSL_RAND_PARAM_CIPHER>) <UTF8 string>
- For RAND implementations that use an underlying computation MAC, digest or
- cipher, these parameters set what the algorithm should be.
- The value is always the name of the intended algorithm,
- or the properties in the case of B<OSSL_RAND_PARAM_PROPERTIES>.
- =back
- =head1 NOTES
- An B<EVP_RAND_CTX> needs to have locking enabled if it acts as the parent of
- more than one child and the children can be accessed concurrently. This must
- be done by explicitly calling EVP_RAND_enable_locking().
- The RAND life-cycle is described in L<life_cycle-rand(7)>. In the future,
- the transitions described there will be enforced. When this is done, it will
- not be considered a breaking change to the API.
- =head1 RETURN VALUES
- EVP_RAND_fetch() returns a pointer to a newly fetched B<EVP_RAND>, or
- NULL if allocation failed.
- EVP_RAND_get0_provider() returns a pointer to the provider for the RAND, or
- NULL on error.
- EVP_RAND_CTX_get0_rand() returns a pointer to the B<EVP_RAND> associated
- with the context.
- EVP_RAND_get0_name() returns the name of the random number generation
- algorithm.
- EVP_RAND_up_ref() returns 1 on success, 0 on error.
- EVP_RAND_names_do_all() returns 1 if the callback was called for all names. A
- return value of 0 means that the callback was not called for any names.
- EVP_RAND_CTX_new() returns either the newly allocated
- B<EVP_RAND_CTX> structure or NULL if an error occurred.
- EVP_RAND_CTX_free() does not return a value.
- EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
- EVP_RAND_nonce() returns the length of the nonce.
- EVP_RAND_get_strength() returns the strength of the random number generator
- in bits.
- EVP_RAND_gettable_params(), EVP_RAND_gettable_ctx_params() and
- EVP_RAND_settable_ctx_params() return an array of OSSL_PARAMs.
- EVP_RAND_verify_zeroization() returns 1 if the internal DRBG state is
- currently zeroed, and 0 if not.
- The remaining functions return 1 for success and 0 or a negative value for
- failure.
- =head1 SEE ALSO
- L<RAND_bytes(3)>,
- L<EVP_RAND-CTR-DRBG(7)>,
- L<EVP_RAND-HASH-DRBG(7)>,
- L<EVP_RAND-HMAC-DRBG(7)>,
- L<EVP_RAND-TEST-RAND(7)>,
- L<provider-rand(7)>,
- L<life_cycle-rand(7)>
- =head1 HISTORY
- EVP_RAND_CTX_up_ref() was added in OpenSSL 3.1.
- The remaining functions were added in OpenSSL 3.0.
- =head1 COPYRIGHT
- Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|