rand: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
author: Pauli <paul.dale@oracle.com> 2020-10-30 15:53:22 +1000
committer: Pauli <paul.dale@oracle.com> 2020-11-20 08:24:21 +1000
commit: 03bede0cc8418e056d4ac551fbdc2283e0e9491f (patch)
tree: 116154c3e80bb806d6becadaefc35a8e1e7013b8 /crypto/rand
parent: 71febb399225ec5b0f85292fe9487d507fbafb7e (diff)
5 files changed, 81 insertions, 5 deletions
diff --git a/crypto/rand/build.info b/crypto/rand/build.info
index f58a026f3b..b9dc16a6c7 100644
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -1,7 +1,7 @@
 LIBS=../../libcrypto
 
 $COMMON=rand_lib.c rand_meth.c
-$CRYPTO=randfile.c rand_err.c rand_deprecated.c
+$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
 
 IF[{- !$disabled{'egd'} -}]
   $CRYPTO=$CRYPTO rand_egd.c
diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
new file mode 100644
index 0000000000..f79955180a
--- /dev/null
+++ b/crypto/rand/prov_seed.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/rand.h"
+#include "crypto/rand_pool.h"
+#include <openssl/core_dispatch.h>
+#include <openssl/err.h>
+
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char **pout, int entropy,
+                             size_t min_len, size_t max_len)
+{
+    size_t ret = 0;
+    size_t entropy_available;
+    RAND_POOL *pool;
+
+    pool = rand_pool_new(entropy, 1, min_len, max_len);
+    if (pool == NULL) {
+        ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Get entropy by polling system entropy sources. */
+    entropy_available = ossl_pool_acquire_entropy(pool);
+
+    if (entropy_available > 0) {
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
+    }
+
+    rand_pool_free(pool);
+    return ret;
+}
+
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                               unsigned char *buf, size_t len)
+{
+    OPENSSL_secure_clear_free(buf, len);
+}
+
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                           unsigned char **pout, size_t min_len, size_t max_len,
+                           const void *salt, size_t salt_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    pool = rand_pool_new(0, 0, min_len, max_len);
+    if (pool == NULL) {
+        ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ossl_pool_add_nonce_data(pool))
+        goto err;
+
+    if (salt != NULL && !rand_pool_add(pool, salt, salt_len, 0))
+        goto err;
+    ret   = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+ err:
+    rand_pool_free(pool);
+    return ret;
+}
+
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char *buf, size_t len)
+{
+    OPENSSL_clear_free(buf, len);
+}
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index b70cc4cb9f..ecf7cb2e59 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -87,8 +87,8 @@ static const ERR_STRING_DATA RAND_str_reasons[] = {
     "unable to get parent reseed prop counter"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH),
     "unable to get parent strength"},
-    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR),
-    "unable to get reseed prop ctr"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_RESEED_COUNTER),
+    "unable to get reseed counter"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_LOCK_PARENT),
     "unable to lock parent"},
     {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 9790b21646..73d509a8dc 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -27,7 +27,7 @@
 #include "e_os.h"
 
 #ifndef FIPS_MODULE
-# include "prov/rand_pool.h"
+# include "crypto/rand_pool.h"
 # include "prov/seeding.h"
 
 # ifndef OPENSSL_NO_ENGINE
diff --git a/crypto/rand/rand_pool.c b/crypto/rand/rand_pool.c
index c66c0e3fa8..ebb9078ce6 100644
--- a/crypto/rand/rand_pool.c
+++ b/crypto/rand/rand_pool.c
@@ -14,7 +14,7 @@
 #include "crypto/rand.h"
 #include <openssl/engine.h>
 #include "internal/thread_once.h"
-#include "prov/rand_pool.h"
+#include "crypto/rand_pool.h"
 
 /*
  * Allocate memory and initialize a new random pool
author	Pauli <paul.dale@oracle.com>	2020-10-30 15:53:22 +1000
committer	Pauli <paul.dale@oracle.com>	2020-11-20 08:24:21 +1000
commit	03bede0cc8418e056d4ac551fbdc2283e0e9491f (patch)
tree	116154c3e80bb806d6becadaefc35a8e1e7013b8 /crypto/rand
parent	71febb399225ec5b0f85292fe9487d507fbafb7e (diff)