prov_seed.c 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. /*
  2. * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "rand_local.h"
  10. #include "crypto/evp.h"
  11. #include "crypto/rand.h"
  12. #include "crypto/rand_pool.h"
  13. #include "internal/core.h"
  14. #include <openssl/core_dispatch.h>
  15. #include <openssl/err.h>
  16. size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx,
  17. unsigned char **pout, int entropy,
  18. size_t min_len, size_t max_len)
  19. {
  20. size_t ret = 0;
  21. size_t entropy_available;
  22. RAND_POOL *pool;
  23. pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
  24. if (pool == NULL) {
  25. ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
  26. return 0;
  27. }
  28. /* Get entropy by polling system entropy sources. */
  29. entropy_available = ossl_pool_acquire_entropy(pool);
  30. if (entropy_available > 0) {
  31. ret = ossl_rand_pool_length(pool);
  32. *pout = ossl_rand_pool_detach(pool);
  33. }
  34. ossl_rand_pool_free(pool);
  35. return ret;
  36. }
  37. size_t ossl_rand_get_user_entropy(OSSL_LIB_CTX *ctx,
  38. unsigned char **pout, int entropy,
  39. size_t min_len, size_t max_len)
  40. {
  41. EVP_RAND_CTX *rng = ossl_rand_get0_seed_noncreating(ctx);
  42. if (rng != NULL && evp_rand_can_seed(rng))
  43. return evp_rand_get_seed(rng, pout, entropy, min_len, max_len,
  44. 0, NULL, 0);
  45. else
  46. return ossl_rand_get_entropy(ctx, pout, entropy, min_len, max_len);
  47. }
  48. void ossl_rand_cleanup_entropy(ossl_unused OSSL_LIB_CTX *ctx,
  49. unsigned char *buf, size_t len)
  50. {
  51. OPENSSL_secure_clear_free(buf, len);
  52. }
  53. void ossl_rand_cleanup_user_entropy(OSSL_LIB_CTX *ctx,
  54. unsigned char *buf, size_t len)
  55. {
  56. EVP_RAND_CTX *rng = ossl_rand_get0_seed_noncreating(ctx);
  57. if (rng != NULL && evp_rand_can_seed(rng))
  58. evp_rand_clear_seed(rng, buf, len);
  59. else
  60. OPENSSL_secure_clear_free(buf, len);
  61. }
  62. size_t ossl_rand_get_nonce(ossl_unused OSSL_LIB_CTX *ctx,
  63. unsigned char **pout,
  64. size_t min_len, ossl_unused size_t max_len,
  65. const void *salt, size_t salt_len)
  66. {
  67. size_t ret = 0;
  68. RAND_POOL *pool;
  69. pool = ossl_rand_pool_new(0, 0, min_len, max_len);
  70. if (pool == NULL) {
  71. ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
  72. return 0;
  73. }
  74. if (!ossl_pool_add_nonce_data(pool))
  75. goto err;
  76. if (salt != NULL && !ossl_rand_pool_add(pool, salt, salt_len, 0))
  77. goto err;
  78. ret = ossl_rand_pool_length(pool);
  79. *pout = ossl_rand_pool_detach(pool);
  80. err:
  81. ossl_rand_pool_free(pool);
  82. return ret;
  83. }
  84. size_t ossl_rand_get_user_nonce(OSSL_LIB_CTX *ctx,
  85. unsigned char **pout,
  86. size_t min_len, size_t max_len,
  87. const void *salt, size_t salt_len)
  88. {
  89. unsigned char *buf;
  90. EVP_RAND_CTX *rng = ossl_rand_get0_seed_noncreating(ctx);
  91. if (rng == NULL)
  92. return ossl_rand_get_nonce(ctx, pout, min_len, max_len, salt, salt_len);
  93. if ((buf = OPENSSL_malloc(min_len)) == NULL)
  94. return 0;
  95. if (!EVP_RAND_generate(rng, buf, min_len, 0, 0, salt, salt_len)) {
  96. OPENSSL_free(buf);
  97. return 0;
  98. }
  99. *pout = buf;
  100. return min_len;
  101. }
  102. void ossl_rand_cleanup_nonce(ossl_unused OSSL_LIB_CTX *ctx,
  103. unsigned char *buf, size_t len)
  104. {
  105. OPENSSL_clear_free(buf, len);
  106. }
  107. void ossl_rand_cleanup_user_nonce(ossl_unused OSSL_LIB_CTX *ctx,
  108. unsigned char *buf, size_t len)
  109. {
  110. OPENSSL_clear_free(buf, len);
  111. }