seed_src.c@ 100947

Last change on this file since 100947 was 99366, checked in by vboxsync, 22 months ago
openssl-3.1.0: Applied and adjusted our OpenSSL changes to 3.0.7. bugref:10418
File size: 8.0 KB

Line
1	/*
2	* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <string.h>
11	#include <openssl/rand.h>
12	#include <openssl/core_dispatch.h>
13	#include <openssl/e_os2.h>
14	#include <openssl/params.h>
15	#include <openssl/core_names.h>
16	#include <openssl/evp.h>
17	#include <openssl/err.h>
18	#include <openssl/randerr.h>
19	#include <openssl/proverr.h>
20	#include "prov/implementations.h"
21	#include "prov/provider_ctx.h"
22	#include "crypto/rand.h"
23	#include "crypto/rand_pool.h"
24
25	static OSSL_FUNC_rand_newctx_fn seed_src_new;
26	static OSSL_FUNC_rand_freectx_fn seed_src_free;
27	static OSSL_FUNC_rand_instantiate_fn seed_src_instantiate;
28	static OSSL_FUNC_rand_uninstantiate_fn seed_src_uninstantiate;
29	static OSSL_FUNC_rand_generate_fn seed_src_generate;
30	static OSSL_FUNC_rand_reseed_fn seed_src_reseed;
31	static OSSL_FUNC_rand_gettable_ctx_params_fn seed_src_gettable_ctx_params;
32	static OSSL_FUNC_rand_get_ctx_params_fn seed_src_get_ctx_params;
33	static OSSL_FUNC_rand_verify_zeroization_fn seed_src_verify_zeroization;
34	static OSSL_FUNC_rand_enable_locking_fn seed_src_enable_locking;
35	static OSSL_FUNC_rand_lock_fn seed_src_lock;
36	static OSSL_FUNC_rand_unlock_fn seed_src_unlock;
37	static OSSL_FUNC_rand_get_seed_fn seed_get_seed;
38	static OSSL_FUNC_rand_clear_seed_fn seed_clear_seed;
39
40	typedef struct {
41	void *provctx;
42	int state;
43	} PROV_SEED_SRC;
44
45	static void seed_src_new(void provctx, void *parent,
46	const OSSL_DISPATCH *parent_dispatch)
47	{
48	PROV_SEED_SRC *s;
49
50	if (parent != NULL) {
51	ERR_raise(ERR_LIB_PROV, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT);
52	return NULL;
53	}
54
55	s = OPENSSL_zalloc(sizeof(*s));
56	if (s == NULL) {
57	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
58	return NULL;
59	}
60
61	s->provctx = provctx;
62	s->state = EVP_RAND_STATE_UNINITIALISED;
63	return s;
64	}
65
66	static void seed_src_free(void *vseed)
67	{
68	OPENSSL_free(vseed);
69	}
70
71	static int seed_src_instantiate(void *vseed, unsigned int strength,
72	int prediction_resistance,
73	const unsigned char *pstr, size_t pstr_len,
74	ossl_unused const OSSL_PARAM params[])
75	{
76	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
77
78	s->state = EVP_RAND_STATE_READY;
79	return 1;
80	}
81
82	static int seed_src_uninstantiate(void *vseed)
83	{
84	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
85
86	s->state = EVP_RAND_STATE_UNINITIALISED;
87	return 1;
88	}
89
90	static int seed_src_generate(void vseed, unsigned char out, size_t outlen,
91	unsigned int strength,
92	ossl_unused int prediction_resistance,
93	ossl_unused const unsigned char *adin,
94	ossl_unused size_t adin_len)
95	{
96	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
97	size_t entropy_available;
98	RAND_POOL *pool;
99
100	if (s->state != EVP_RAND_STATE_READY) {
101	ERR_raise(ERR_LIB_PROV,
102	s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
103	: PROV_R_NOT_INSTANTIATED);
104	return 0;
105	}
106
107	pool = ossl_rand_pool_new(strength, 1, outlen, outlen);
108	if (pool == NULL) {
109	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
110	return 0;
111	}
112
113	/* Get entropy by polling system entropy sources. */
114	entropy_available = ossl_pool_acquire_entropy(pool);
115
116	if (entropy_available > 0)
117	memcpy(out, ossl_rand_pool_buffer(pool), ossl_rand_pool_length(pool));
118
119	ossl_rand_pool_free(pool);
120	return entropy_available > 0;
121	}
122
123	static int seed_src_reseed(void *vseed,
124	ossl_unused int prediction_resistance,
125	ossl_unused const unsigned char *ent,
126	ossl_unused size_t ent_len,
127	ossl_unused const unsigned char *adin,
128	ossl_unused size_t adin_len)
129	{
130	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
131
132	if (s->state != EVP_RAND_STATE_READY) {
133	ERR_raise(ERR_LIB_PROV,
134	s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
135	: PROV_R_NOT_INSTANTIATED);
136	return 0;
137	}
138	return 1;
139	}
140
141	static int seed_src_get_ctx_params(void *vseed, OSSL_PARAM params[])
142	{
143	PROV_SEED_SRC s = (PROV_SEED_SRC )vseed;
144	OSSL_PARAM *p;
145
146	p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
147	if (p != NULL && !OSSL_PARAM_set_int(p, s->state))
148	return 0;
149
150	p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
151	if (p != NULL && !OSSL_PARAM_set_int(p, 1024))
152	return 0;
153
154	p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
155	if (p != NULL && !OSSL_PARAM_set_size_t(p, 128))
156	return 0;
157	return 1;
158	}
159
160	static const OSSL_PARAM seed_src_gettable_ctx_params(ossl_unused void vseed,
161	ossl_unused void *provctx)
162	{
163	static const OSSL_PARAM known_gettable_ctx_params[] = {
164	OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
165	OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
166	OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
167	OSSL_PARAM_END
168	};
169	return known_gettable_ctx_params;
170	}
171
172	static int seed_src_verify_zeroization(ossl_unused void *vseed)
173	{
174	return 1;
175	}
176
177	static size_t seed_get_seed(void vseed, unsigned char *pout,
178	int entropy, size_t min_len, size_t max_len,
179	int prediction_resistance,
180	const unsigned char *adin, size_t adin_len)
181	{
182	size_t bytes_needed;
183	unsigned char *p;
184
185	/*
186	* Figure out how many bytes we need.
187	* This assumes that the seed sources provide eight bits of entropy
188	* per byte. For lower quality sources, the formula will need to be
189	* different.
190	*/
191	bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
192	if (bytes_needed < min_len)
193	bytes_needed = min_len;
194	if (bytes_needed > max_len) {
195	ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
196	return 0;
197	}
198
199	p = OPENSSL_secure_malloc(bytes_needed);
200	if (p == NULL) {
201	ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
202	return 0;
203	}
204	if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance,
205	adin, adin_len) != 0) {
206	*pout = p;
207	return bytes_needed;
208	}
209	OPENSSL_secure_clear_free(p, bytes_needed);
210	return 0;
211	}
212
213	static void seed_clear_seed(ossl_unused void *vdrbg,
214	unsigned char *out, size_t outlen)
215	{
216	OPENSSL_secure_clear_free(out, outlen);
217	}
218
219	static int seed_src_enable_locking(ossl_unused void *vseed)
220	{
221	return 1;
222	}
223
224	int seed_src_lock(ossl_unused void *vctx)
225	{
226	return 1;
227	}
228
229	void seed_src_unlock(ossl_unused void *vctx)
230	{
231	}
232
233	const OSSL_DISPATCH ossl_seed_src_functions[] = {
234	{ OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new },
235	{ OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free },
236	{ OSSL_FUNC_RAND_INSTANTIATE,
237	(void(*)(void))seed_src_instantiate },
238	{ OSSL_FUNC_RAND_UNINSTANTIATE,
239	(void(*)(void))seed_src_uninstantiate },
240	{ OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate },
241	{ OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed },
242	{ OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking },
243	{ OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock },
244	{ OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock },
245	{ OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
246	(void(*)(void))seed_src_gettable_ctx_params },
247	{ OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params },
248	{ OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
249	(void(*)(void))seed_src_verify_zeroization },
250	{ OSSL_FUNC_RAND_GET_SEED, (void(*)(void))seed_get_seed },
251	{ OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))seed_clear_seed },
252	{ 0, NULL }
253	};

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.0/providers/implementations/rands/seed_src.c@ 100947

Download in other formats: