rand: add set0 calls for the private and public DRBGs

The FIPS 140-3 DSA and ECDSA tests need to be known answer tests which means
the entropy needs to be cooked.  This permits this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19486)

2 files changed, 22 insertions, 6 deletions

diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod
index f21b2f69d7..d842fe70d1 100644
--- a/doc/man3/EVP_RAND.pod
+++ b/doc/man3/EVP_RAND.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX,
-EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate,
+EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_CTX_up_ref, EVP_RAND_instantiate,
 EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce,
 EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength,
 EVP_RAND_get_state,
@@ -30,6 +30,7 @@ EVP_RAND_STATE_ERROR - EVP RAND routines
  void EVP_RAND_free(EVP_RAND *rand);
  EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent);
  void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
+ int EVP_RAND_CTX_up_ref(EVP_RAND_CTX *ctx);
  EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx);
  int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
  int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]);
@@ -367,6 +368,8 @@ B<EVP_RAND_CTX> structure or NULL if an error occurred.
 
 EVP_RAND_CTX_free() does not return a value.
 
+EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
+
 EVP_RAND_nonce() returns the length of the nonce.
 
 EVP_RAND_get_strength() returns the strength of the random number generator
diff --git a/doc/man3/RAND_get0_primary.pod b/doc/man3/RAND_get0_primary.pod
index 408d02077f..88a2f6c311 100644
--- a/doc/man3/RAND_get0_primary.pod
+++ b/doc/man3/RAND_get0_primary.pod
@@ -4,7 +4,9 @@
 
 RAND_get0_primary,
 RAND_get0_public,
-RAND_get0_private
+RAND_get0_private,
+RAND_set0_public,
+RAND_set0_private
 - get access to the global EVP_RAND_CTX instances
 
 =head1 SYNOPSIS
@@ -14,6 +16,8 @@ RAND_get0_private
  EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx);
  EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx);
  EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx);
+ int RAND_set0_public(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand);
+ int RAND_set0_private(OSSL_LIB_CTX *ctx, EVP_RAND_CTX *rand);
 
 =head1 DESCRIPTION
 
@@ -25,7 +29,10 @@ by RAND_bytes() and RAND_priv_bytes(), respectively.
 The I<primary> DRBG is a global instance, which is not intended to be used
 directly, but is used internally to reseed the other two instances.
 
-These functions here provide access to the shared DRBG instances.
+The three get functions provide access to the shared DRBG instances.
+
+The two set functions allow the public and private DRBG instances to be
+replaced by another random number generator.
 
 =head1 RETURN VALUES
 
@@ -38,8 +45,8 @@ for the given OSSL_LIB_CTX B<ctx>.
 RAND_get0_private() returns a pointer to the I<private> DRBG instance
 for the given OSSL_LIB_CTX B<ctx>.
 
-In all the above cases the B<ctx> parameter can
-be NULL in which case the default OSSL_LIB_CTX is used.
+RAND_set0_public() and RAND_set0_private() return 1 on success and 0
+on error.
 
 =head1 NOTES
 
@@ -61,6 +68,10 @@ To set the type of DRBG that will be instantiated, use the
 L<RAND_set_DRBG_type(3)> call before accessing the random number generation
 infrastructure.
 
+The two set functions, operate on the the current thread.  If you want to
+use the same random number generator across all threads, each thread
+must individually call the set functions.
+
 =head1 SEE ALSO
 
 L<EVP_RAND(3)>,
@@ -68,7 +79,9 @@ L<RAND_set_DRBG_type(3)>
 
 =head1 HISTORY
 
-These functions were added in OpenSSL 3.0.
+RAND_set0_public() and RAND_set0_private() were added in OpenSSL 3.1.
+
+The remaining functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT