rand_lib.c 7.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272
  1. /* crypto/rand/rand_lib.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <time.h>
  60. #include "cryptlib.h"
  61. #include <openssl/rand.h>
  62. #ifndef OPENSSL_NO_ENGINE
  63. #include <openssl/engine.h>
  64. #endif
  65. #ifdef OPENSSL_FIPS
  66. #include <openssl/fips.h>
  67. #include <openssl/fips_rand.h>
  68. #endif
  69. #ifndef OPENSSL_NO_ENGINE
  70. /* non-NULL if default_RAND_meth is ENGINE-provided */
  71. static ENGINE *funct_ref =NULL;
  72. #endif
  73. static const RAND_METHOD *default_RAND_meth = NULL;
  74. int RAND_set_rand_method(const RAND_METHOD *meth)
  75. {
  76. #ifdef OPENSSL_FIPS
  77. if (!FIPS_rand_set_method(meth))
  78. return 0;
  79. #endif
  80. #ifndef OPENSSL_NO_ENGINE
  81. if(funct_ref)
  82. {
  83. ENGINE_finish(funct_ref);
  84. funct_ref = NULL;
  85. }
  86. #endif
  87. default_RAND_meth = meth;
  88. return 1;
  89. }
  90. const RAND_METHOD *RAND_get_rand_method(void)
  91. {
  92. if (!default_RAND_meth)
  93. {
  94. #ifndef OPENSSL_NO_ENGINE
  95. ENGINE *e = ENGINE_get_default_RAND();
  96. if(e)
  97. {
  98. default_RAND_meth = ENGINE_get_RAND(e);
  99. if(!default_RAND_meth)
  100. {
  101. ENGINE_finish(e);
  102. e = NULL;
  103. }
  104. }
  105. if(e)
  106. funct_ref = e;
  107. else
  108. #endif
  109. default_RAND_meth = RAND_SSLeay();
  110. }
  111. return default_RAND_meth;
  112. }
  113. #ifndef OPENSSL_NO_ENGINE
  114. int RAND_set_rand_engine(ENGINE *engine)
  115. {
  116. const RAND_METHOD *tmp_meth = NULL;
  117. if(engine)
  118. {
  119. if(!ENGINE_init(engine))
  120. return 0;
  121. tmp_meth = ENGINE_get_RAND(engine);
  122. if(!tmp_meth)
  123. {
  124. ENGINE_finish(engine);
  125. return 0;
  126. }
  127. }
  128. /* This function releases any prior ENGINE so call it first */
  129. RAND_set_rand_method(tmp_meth);
  130. funct_ref = engine;
  131. return 1;
  132. }
  133. #endif
  134. void RAND_cleanup(void)
  135. {
  136. const RAND_METHOD *meth = RAND_get_rand_method();
  137. if (meth && meth->cleanup)
  138. meth->cleanup();
  139. RAND_set_rand_method(NULL);
  140. }
  141. void RAND_seed(const void *buf, int num)
  142. {
  143. const RAND_METHOD *meth = RAND_get_rand_method();
  144. if (meth && meth->seed)
  145. meth->seed(buf,num);
  146. }
  147. void RAND_add(const void *buf, int num, double entropy)
  148. {
  149. const RAND_METHOD *meth = RAND_get_rand_method();
  150. if (meth && meth->add)
  151. meth->add(buf,num,entropy);
  152. }
  153. int RAND_bytes(unsigned char *buf, int num)
  154. {
  155. const RAND_METHOD *meth = RAND_get_rand_method();
  156. if (meth && meth->bytes)
  157. return meth->bytes(buf,num);
  158. return(-1);
  159. }
  160. int RAND_pseudo_bytes(unsigned char *buf, int num)
  161. {
  162. const RAND_METHOD *meth = RAND_get_rand_method();
  163. if (meth && meth->pseudorand)
  164. return meth->pseudorand(buf,num);
  165. return(-1);
  166. }
  167. int RAND_status(void)
  168. {
  169. const RAND_METHOD *meth = RAND_get_rand_method();
  170. if (meth && meth->status)
  171. return meth->status();
  172. return 0;
  173. }
  174. #ifdef OPENSSL_FIPS
  175. /* FIPS DRBG initialisation code. This sets up the DRBG for use by the
  176. * rest of OpenSSL.
  177. */
  178. /* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
  179. * entropy internally through RAND_poll().
  180. */
  181. static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
  182. int entropy, size_t min_len, size_t max_len)
  183. {
  184. /* Round up request to multiple of block size */
  185. min_len = ((min_len + 19) / 20) * 20;
  186. *pout = OPENSSL_malloc(min_len);
  187. if (!*pout)
  188. return 0;
  189. if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
  190. {
  191. OPENSSL_free(*pout);
  192. *pout = NULL;
  193. return 0;
  194. }
  195. return min_len;
  196. }
  197. static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
  198. {
  199. OPENSSL_cleanse(out, olen);
  200. OPENSSL_free(out);
  201. }
  202. /* Set "additional input" when generating random data. This uses the
  203. * current PID, a time value and a counter.
  204. */
  205. static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
  206. {
  207. /* Use of static variables is OK as this happens under a lock */
  208. static unsigned char buf[16];
  209. static unsigned long counter;
  210. FIPS_get_timevec(buf, &counter);
  211. *pout = buf;
  212. return sizeof(buf);
  213. }
  214. /* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is
  215. * correctly seeded by RAND_poll().
  216. */
  217. static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
  218. double entropy)
  219. {
  220. return RAND_SSLeay()->add(in, inlen, entropy);
  221. }
  222. static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
  223. {
  224. return RAND_SSLeay()->seed(in, inlen);
  225. }
  226. int RAND_init_fips(void)
  227. {
  228. DRBG_CTX *dctx;
  229. size_t plen;
  230. unsigned char pers[32], *p;
  231. dctx = FIPS_get_default_drbg();
  232. FIPS_drbg_init(dctx, NID_aes_256_ctr, DRBG_FLAG_CTR_USE_DF);
  233. FIPS_drbg_set_callbacks(dctx,
  234. drbg_get_entropy, drbg_free_entropy, 20,
  235. drbg_get_entropy, drbg_free_entropy);
  236. FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
  237. drbg_rand_seed, drbg_rand_add);
  238. /* Personalisation string: a string followed by date time vector */
  239. strcpy((char *)pers, "OpenSSL DRBG2.0");
  240. plen = drbg_get_adin(dctx, &p);
  241. memcpy(pers + 16, p, plen);
  242. FIPS_drbg_instantiate(dctx, pers, sizeof(pers));
  243. FIPS_rand_set_method(FIPS_drbg_method());
  244. return 1;
  245. }
  246. #endif