diff options
author | Pauli <paul.dale@oracle.com> | 2020-05-08 10:22:45 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-06-24 20:05:41 +1000 |
commit | 714a1bb380ddb2bf7538f6a61f47ac87200e3e06 (patch) | |
tree | 429c1298eed420258ad1fb2974638ef1b5bc3e1f /include | |
parent | 94478bd8d7303dc1656d142caabaf05b2a2180eb (diff) |
rand: set up EVP and DRBG infrastructure for RAND from providers.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/core_names.h | 20 | ||||
-rw-r--r-- | include/openssl/core_numbers.h | 16 | ||||
-rw-r--r-- | include/openssl/evp.h | 17 |
3 files changed, 44 insertions, 9 deletions
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 7da0186392..e7b522a810 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -180,6 +180,26 @@ extern "C" { #define OSSL_KDF_NAME_KBKDF "KBKDF" #define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +/* Know RAND names */ +#define OSSL_RAND_PARAM_STATUS "status" +#define OSSL_RAND_PARAM_STRENGTH "strength" +#define OSSL_RAND_PARAM_RESEED_REQUESTS "reseed_requests" +#define OSSL_RAND_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval" +#define OSSL_RAND_PARAM_MAX_REQUEST "max_request" +#define OSSL_RAND_PARAM_MIN_ENTROPYLEN "min_entropylen" +#define OSSL_RAND_PARAM_MAX_ENTROPYLEN "max_entropylen" +#define OSSL_RAND_PARAM_MIN_NONCELEN "min_noncelen" +#define OSSL_RAND_PARAM_MAX_NONCELEN "max_noncelen" +#define OSSL_RAND_PARAM_MAX_PERSLEN "max_perslen" +#define OSSL_RAND_PARAM_MAX_ADINLEN "max_adinlen" +#define OSSL_RAND_PARAM_RESEED_CTR "reseed_counter" +#define OSSL_RAND_PARAM_RESEED_PROP_CTR "reseed_prop_counter" +#define OSSL_RAND_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES +#define OSSL_RAND_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST +#define OSSL_RAND_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER +#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" +#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" + /* PKEY parameters */ /* Common PKEY parameters */ #define OSSL_PKEY_PARAM_BITS "bits" /* integer */ diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index ce8306e5bc..acc758e462 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -359,24 +359,28 @@ OSSL_CORE_MAKE_FUNC(int, OP_kdf_set_ctx_params, # define OSSL_FUNC_RAND_GET_CTX_PARAMS 15 # define OSSL_FUNC_RAND_SET_CTX_PARAMS 16 # define OSSL_FUNC_RAND_SET_CALLBACKS 17 +# define OSSL_FUNC_RAND_VERIFY_ZEROIZATION 18 OSSL_CORE_MAKE_FUNC(void *, OP_rand_newctx, - (void *provctx, int secure, unsigned int df, void *parent, + (void *provctx, int secure, void *parent, const OSSL_DISPATCH *parent_calls)) OSSL_CORE_MAKE_FUNC(void, OP_rand_freectx, (void *vctx)) OSSL_CORE_MAKE_FUNC(int, OP_rand_instantiate, - (void *vdrbg, int strength, int prediction_resistance, + (void *vdrbg, unsigned int strength, + int prediction_resistance, const unsigned char *pstr, size_t pstr_len)) OSSL_CORE_MAKE_FUNC(int, OP_rand_uninstantiate, (void *vdrbg)) OSSL_CORE_MAKE_FUNC(int, OP_rand_generate, (void *vctx, unsigned char *out, size_t outlen, - int strength, int prediction_resistance, + unsigned int strength, int prediction_resistance, const unsigned char *addin, size_t addin_len)) OSSL_CORE_MAKE_FUNC(int, OP_rand_reseed, (void *vctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, const unsigned char *addin, size_t addin_len)) -OSSL_CORE_MAKE_FUNC(int, OP_rand_nonce, - (void *vctx, unsigned char *out, size_t outlen)) +OSSL_CORE_MAKE_FUNC(size_t, OP_rand_nonce, + (void *vctx, unsigned char *out, int strength, + size_t min_noncelen, size_t max_noncelen)) OSSL_CORE_MAKE_FUNC(int, OP_rand_set_callbacks, (void *vctx, OSSL_CALLBACK *get_entropy, OSSL_CALLBACK *cleanup_entropy, @@ -392,6 +396,8 @@ OSSL_CORE_MAKE_FUNC(int, OP_rand_get_ctx_params, (void *vctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_rand_set_ctx_params, (void *vctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(int, OP_rand_verify_zeroization, + (void *vctx)) /*- * Key management diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 9d8b447525..2e6f855031 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1073,7 +1073,7 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx, /* RAND stuff */ EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm, - const char *properties); + const char *properties); int EVP_RAND_up_ref(EVP_RAND *rand); void EVP_RAND_free(EVP_RAND *rand); int EVP_RAND_number(const EVP_RAND *rand); @@ -1082,7 +1082,7 @@ int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand); int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); -EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, int secure, unsigned int df, +EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, int secure, EVP_RAND_CTX *parent); void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx); @@ -1099,14 +1099,15 @@ void EVP_RAND_names_do_all(const EVP_RAND *rand, void (*fn)(const char *name, void *data), void *data); -int EVP_RAND_CTX_instantiate(EVP_RAND_CTX *ctx, int strength, +int EVP_RAND_CTX_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, const unsigned char *pstr, size_t pstr_len); int EVP_RAND_CTX_uninstantiate(EVP_RAND_CTX *ctx); int EVP_RAND_CTX_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, - int strength, int prediction_resistance, + unsigned int strength, int prediction_resistance, const unsigned char *addin, size_t addin_len); int EVP_RAND_CTX_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, + const unsigned char *ent, size_t ent_len, const unsigned char *addin, size_t addin_len); int EVP_RAND_CTX_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); int EVP_RAND_CTX_set_callbacks(const EVP_RAND_CTX *rand, @@ -1114,6 +1115,14 @@ int EVP_RAND_CTX_set_callbacks(const EVP_RAND_CTX *rand, OSSL_CALLBACK *cleanup_entropy, OSSL_CALLBACK *get_nonce, OSSL_CALLBACK *cleanup_nonce); +int EVP_RAND_CTX_enable_locking(EVP_RAND_CTX *ctx); +int EVP_RAND_CTX_verify_zeroization(EVP_RAND_CTX *ctx); +unsigned int EVP_RAND_CTX_strength(EVP_RAND_CTX *ctx); +int EVP_RAND_CTX_state(EVP_RAND_CTX *ctx); + +#define EVP_RAND_STATE_UNINITIALISED 0 +#define EVP_RAND_STATE_READY 1 +#define EVP_RAND_STATE_ERROR 2 /* PKEY stuff */ DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key, |