list: add capability to print details about the current DRBGs

This allows a user to confirm that the DRBG their configuration specified is being used. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12931)
author: Pauli <paul.dale@oracle.com> 2020-09-22 09:36:53 +1000
committer: Pauli <paul.dale@oracle.com> 2020-09-23 15:28:30 +1000
commit: 2ff4e15dc2a981a447859558c8de2c96ba804c5b (patch)
tree: a3d58430aa50035ca49b64fcf7fcdd4ae4cc8a8e /apps/list.c
parent: 0ed26fb63c814458e9906a916fe3ce5ca961842f (diff)
1 files changed, 79 insertions, 2 deletions
diff --git a/apps/list.c b/apps/list.c
index fd018991e1..b2ddef9201 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -19,6 +19,7 @@
 #include <openssl/encoder.h>
 #include <openssl/decoder.h>
 #include <openssl/core_names.h>
+#include <openssl/rand.h>
 #include "apps.h"
 #include "app_params.h"
 #include "progs.h"
@@ -352,6 +353,74 @@ static void list_random_generators(void)
     sk_EVP_RAND_pop_free(rands, EVP_RAND_free);
 }
 
+static void display_random(const char *name, EVP_RAND_CTX *drbg)
+{
+    EVP_RAND *rand;
+    uint64_t u;
+    const char *p;
+    const OSSL_PARAM *gettables;
+    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+    unsigned char buf[1000];
+
+    BIO_printf(bio_out, "%s:\n", name);
+    if (drbg != NULL) {
+        rand = EVP_RAND_CTX_rand(drbg);
+
+        BIO_printf(bio_out, "  %s", EVP_RAND_name(rand));
+        BIO_printf(bio_out, " @ %s\n",
+                   OSSL_PROVIDER_name(EVP_RAND_provider(rand)));
+
+        switch (EVP_RAND_state(drbg)) {
+        case EVP_RAND_STATE_UNINITIALISED:
+            p = "uninitialised";
+            break;
+        case EVP_RAND_STATE_READY:
+            p = "ready";
+            break;
+        case EVP_RAND_STATE_ERROR:
+            p = "error";
+            break;
+        default:
+            p = "unknown";
+            break;
+        }
+        BIO_printf(bio_out, "  state = %s\n", p);
+
+        gettables = EVP_RAND_gettable_ctx_params(rand);
+        if (gettables != NULL)
+            for (; gettables->key != NULL; gettables++) {
+                /* State has been dealt with already, so ignore */
+                if (strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0)
+                    continue;
+                /* Outside of verbose mode, we skip non-string values */
+                if (gettables->data_type != OSSL_PARAM_UTF8_STRING
+                        && gettables->data_type != OSSL_PARAM_UTF8_PTR
+                        && !verbose)
+                    continue;
+                params->key = gettables->key;
+                params->data_type = gettables->data_type;
+                if (gettables->data_type == OSSL_PARAM_UNSIGNED_INTEGER
+                        || gettables->data_type == OSSL_PARAM_INTEGER) {
+                    params->data = &u;
+                    params->data_size = sizeof(u);
+                } else {
+                    params->data = buf;
+                    params->data_size = sizeof(buf);
+                }
+                params->return_size = 0;
+                if (EVP_RAND_get_ctx_params(drbg, params))
+                    print_param_value(params, 2);
+            }
+    }
+}
+
+static void list_random_instances(void)
+{
+    display_random("primary", RAND_get0_primary(NULL));
+    display_random("public", RAND_get0_public(NULL));
+    display_random("private", RAND_get0_private(NULL));
+}
+
 /*
  * Encoders
  */
@@ -819,8 +888,8 @@ typedef enum HELPLIST_CHOICE {
     OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS,
     OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
     OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED,
-    OPT_KDF_ALGORITHMS, OPT_RANDOM_GENERATORS, OPT_ENCODERS,
-    OPT_DECODERS,
+    OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS,
+    OPT_ENCODERS, OPT_DECODERS,
     OPT_MISSING_HELP, OPT_OBJECTS,
 #ifndef OPENSSL_NO_DEPRECATED_3_0
     OPT_ENGINES, 
@@ -844,6 +913,8 @@ const OPTIONS list_options[] = {
      "List of message digest algorithms"},
     {"kdf-algorithms", OPT_KDF_ALGORITHMS, '-',
      "List of key derivation and pseudo random function algorithms"},
+    {"random-instances", OPT_RANDOM_INSTANCES, '-',
+     "List the primary, pubic and private random number generator details"},
     {"random-generators", OPT_RANDOM_GENERATORS, '-',
      "List of random number generators"},
     {"mac-algorithms", OPT_MAC_ALGORITHMS, '-',
@@ -880,6 +951,7 @@ int list_main(int argc, char **argv)
     int one = 0, done = 0;
     struct {
         unsigned int commands:1;
+        unsigned int random_instances:1;
         unsigned int random_generators:1;
         unsigned int digest_commands:1;
         unsigned int digest_algorithms:1;
@@ -928,6 +1000,9 @@ opthelp:
         case OPT_KDF_ALGORITHMS:
             todo.kdf_algorithms = 1;
             break;
+        case OPT_RANDOM_INSTANCES:
+            todo.random_instances = 1;
+            break;
         case OPT_RANDOM_GENERATORS:
             todo.random_generators = 1;
             break;
@@ -986,6 +1061,8 @@ opthelp:
 
     if (todo.commands)
         list_type(FT_general, one);
+    if (todo.random_instances)
+        list_random_instances();
     if (todo.random_generators)
         list_random_generators();
     if (todo.digest_commands)
author	Pauli <paul.dale@oracle.com>	2020-09-22 09:36:53 +1000
committer	Pauli <paul.dale@oracle.com>	2020-09-23 15:28:30 +1000
commit	2ff4e15dc2a981a447859558c8de2c96ba804c5b (patch)
tree	a3d58430aa50035ca49b64fcf7fcdd4ae4cc8a8e /apps/list.c
parent	0ed26fb63c814458e9906a916fe3ce5ca961842f (diff)