2
0

rand.h 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. /*
  2. * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Licensed under the Apache License 2.0 (the "License");
  11. * you may not use this file except in compliance with the License.
  12. * You may obtain a copy of the License at
  13. * https://www.openssl.org/source/license.html
  14. * or in the file LICENSE in the source distribution.
  15. */
  16. #ifndef OSSL_CRYPTO_RAND_H
  17. # define OSSL_CRYPTO_RAND_H
  18. # pragma once
  19. # include <openssl/rand.h>
  20. # include "crypto/rand_pool.h"
  21. # if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
  22. # include <Availability.h>
  23. # if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \
  24. (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
  25. # define OPENSSL_APPLE_CRYPTO_RANDOM 1
  26. # include <CommonCrypto/CommonCryptoError.h>
  27. # include <CommonCrypto/CommonRandom.h>
  28. # endif
  29. # endif
  30. /*
  31. * Defines related to seed sources
  32. */
  33. #ifndef DEVRANDOM
  34. /*
  35. * set this to a comma-separated list of 'random' device files to try out. By
  36. * default, we will try to read at least one of these files
  37. */
  38. # define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
  39. # if defined(__linux) && !defined(__ANDROID__)
  40. # ifndef DEVRANDOM_WAIT
  41. # define DEVRANDOM_WAIT "/dev/random"
  42. # endif
  43. /*
  44. * Linux kernels 4.8 and later changes how their random device works and there
  45. * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2)
  46. * should be used instead.
  47. */
  48. # ifndef DEVRANDOM_SAFE_KERNEL
  49. # define DEVRANDOM_SAFE_KERNEL 4, 8
  50. # endif
  51. /*
  52. * Some operating systems do not permit select(2) on their random devices,
  53. * defining this to zero will force the use of read(2) to extract one byte
  54. * from /dev/random.
  55. */
  56. # ifndef DEVRANDM_WAIT_USE_SELECT
  57. # define DEVRANDM_WAIT_USE_SELECT 1
  58. # endif
  59. /*
  60. * Define the shared memory identifier used to indicate if the operating
  61. * system has properly seeded the DEVRANDOM source.
  62. */
  63. # ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID
  64. # define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114
  65. # endif
  66. # endif
  67. #endif
  68. #if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
  69. /*
  70. * set this to a comma-separated list of 'egd' sockets to try out. These
  71. * sockets will be tried in the order listed in case accessing the device
  72. * files listed in DEVRANDOM did not return enough randomness.
  73. */
  74. # define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
  75. #endif
  76. void ossl_rand_cleanup_int(void);
  77. /*
  78. * Initialise the random pool reseeding sources.
  79. *
  80. * Returns 1 on success and 0 on failure.
  81. */
  82. int ossl_rand_pool_init(void);
  83. /*
  84. * Finalise the random pool reseeding sources.
  85. */
  86. void ossl_rand_pool_cleanup(void);
  87. /*
  88. * Control the random pool use of open file descriptors.
  89. */
  90. void ossl_rand_pool_keep_random_devices_open(int keep);
  91. /*
  92. * Configuration
  93. */
  94. void ossl_random_add_conf_module(void);
  95. /*
  96. * Get and cleanup random seed material.
  97. */
  98. size_t ossl_rand_get_entropy(OSSL_LIB_CTX *ctx,
  99. unsigned char **pout, int entropy,
  100. size_t min_len, size_t max_len);
  101. size_t ossl_rand_get_user_entropy(OSSL_LIB_CTX *ctx,
  102. unsigned char **pout, int entropy,
  103. size_t min_len, size_t max_len);
  104. void ossl_rand_cleanup_entropy(OSSL_LIB_CTX *ctx,
  105. unsigned char *buf, size_t len);
  106. void ossl_rand_cleanup_user_entropy(OSSL_LIB_CTX *ctx,
  107. unsigned char *buf, size_t len);
  108. size_t ossl_rand_get_nonce(OSSL_LIB_CTX *ctx,
  109. unsigned char **pout, size_t min_len, size_t max_len,
  110. const void *salt, size_t salt_len);
  111. size_t ossl_rand_get_user_nonce(OSSL_LIB_CTX *ctx, unsigned char **pout,
  112. size_t min_len, size_t max_len,
  113. const void *salt, size_t salt_len);
  114. void ossl_rand_cleanup_nonce(OSSL_LIB_CTX *ctx,
  115. unsigned char *buf, size_t len);
  116. void ossl_rand_cleanup_user_nonce(OSSL_LIB_CTX *ctx,
  117. unsigned char *buf, size_t len);
  118. /*
  119. * Get seeding material from the operating system sources.
  120. */
  121. size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
  122. int ossl_pool_add_nonce_data(RAND_POOL *pool);
  123. # ifdef FIPS_MODULE
  124. EVP_RAND_CTX *ossl_rand_get0_private_noncreating(OSSL_LIB_CTX *ctx);
  125. # else
  126. EVP_RAND_CTX *ossl_rand_get0_seed_noncreating(OSSL_LIB_CTX *ctx);
  127. # endif
  128. /* Generate a uniformly distributed random integer in the interval [0, upper) */
  129. uint32_t ossl_rand_uniform_uint32(OSSL_LIB_CTX *ctx, uint32_t upper, int *err);
  130. /*
  131. * Generate a uniformly distributed random integer in the interval
  132. * [lower, upper).
  133. */
  134. uint32_t ossl_rand_range_uint32(OSSL_LIB_CTX *ctx, uint32_t lower, uint32_t upper,
  135. int *err);
  136. #endif