rand: set up EVP and DRBG infrastructure for RAND from providers.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)

3 files changed, 44 insertions, 9 deletions

diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 7da0186392..e7b522a810 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -180,6 +180,26 @@ extern "C" {
 #define OSSL_KDF_NAME_KBKDF         "KBKDF"
 #define OSSL_KDF_NAME_KRB5KDF       "KRB5KDF"
 
+/* Know RAND names */
+#define OSSL_RAND_PARAM_STATUS                  "status"
+#define OSSL_RAND_PARAM_STRENGTH                "strength"
+#define OSSL_RAND_PARAM_RESEED_REQUESTS         "reseed_requests"
+#define OSSL_RAND_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
+#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
+#define OSSL_RAND_PARAM_MIN_ENTROPYLEN          "min_entropylen"
+#define OSSL_RAND_PARAM_MAX_ENTROPYLEN          "max_entropylen"
+#define OSSL_RAND_PARAM_MIN_NONCELEN            "min_noncelen"
+#define OSSL_RAND_PARAM_MAX_NONCELEN            "max_noncelen"
+#define OSSL_RAND_PARAM_MAX_PERSLEN             "max_perslen"
+#define OSSL_RAND_PARAM_MAX_ADINLEN             "max_adinlen"
+#define OSSL_RAND_PARAM_RESEED_CTR              "reseed_counter"
+#define OSSL_RAND_PARAM_RESEED_PROP_CTR         "reseed_prop_counter"
+#define OSSL_RAND_PARAM_PROPERTIES              OSSL_ALG_PARAM_PROPERTIES
+#define OSSL_RAND_PARAM_DIGEST                  OSSL_ALG_PARAM_DIGEST
+#define OSSL_RAND_PARAM_CIPHER                  OSSL_ALG_PARAM_CIPHER
+#define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
+#define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
+
 /* PKEY parameters */
 /* Common PKEY parameters */
 #define OSSL_PKEY_PARAM_BITS                "bits" /* integer */
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index ce8306e5bc..acc758e462 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -359,24 +359,28 @@ OSSL_CORE_MAKE_FUNC(int, OP_kdf_set_ctx_params,
 # define OSSL_FUNC_RAND_GET_CTX_PARAMS               15
 # define OSSL_FUNC_RAND_SET_CTX_PARAMS               16
 # define OSSL_FUNC_RAND_SET_CALLBACKS                17
+# define OSSL_FUNC_RAND_VERIFY_ZEROIZATION           18
 
 OSSL_CORE_MAKE_FUNC(void *, OP_rand_newctx,
-                    (void *provctx, int secure, unsigned int df, void *parent,
+                    (void *provctx, int secure, void *parent,
                     const OSSL_DISPATCH *parent_calls))
 OSSL_CORE_MAKE_FUNC(void, OP_rand_freectx, (void *vctx))
 OSSL_CORE_MAKE_FUNC(int, OP_rand_instantiate,
-                    (void *vdrbg, int strength, int prediction_resistance,
+                    (void *vdrbg, unsigned int strength,
+                     int prediction_resistance,
                      const unsigned char *pstr, size_t pstr_len))
 OSSL_CORE_MAKE_FUNC(int, OP_rand_uninstantiate, (void *vdrbg))
 OSSL_CORE_MAKE_FUNC(int, OP_rand_generate,
                     (void *vctx, unsigned char *out, size_t outlen,
-                     int strength, int prediction_resistance,
+                     unsigned int strength, int prediction_resistance,
                      const unsigned char *addin, size_t addin_len))
 OSSL_CORE_MAKE_FUNC(int, OP_rand_reseed,
                     (void *vctx, int prediction_resistance,
+                     const unsigned char *ent, size_t ent_len,
                      const unsigned char *addin, size_t addin_len))
-OSSL_CORE_MAKE_FUNC(int, OP_rand_nonce,
-                    (void *vctx, unsigned char *out, size_t outlen))
+OSSL_CORE_MAKE_FUNC(size_t, OP_rand_nonce,
+                    (void *vctx, unsigned char *out, int strength,
+                     size_t min_noncelen, size_t max_noncelen))
 OSSL_CORE_MAKE_FUNC(int, OP_rand_set_callbacks,
                     (void *vctx,
                      OSSL_CALLBACK *get_entropy, OSSL_CALLBACK *cleanup_entropy,
@@ -392,6 +396,8 @@ OSSL_CORE_MAKE_FUNC(int, OP_rand_get_ctx_params,
                     (void *vctx, OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, OP_rand_set_ctx_params,
                     (void *vctx, const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, OP_rand_verify_zeroization,
+                    (void *vctx))
 
 /*-
  * Key management
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9d8b447525..2e6f855031 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1073,7 +1073,7 @@ void EVP_MD_do_all_provided(OPENSSL_CTX *libctx,
 
 /* RAND stuff */
 EVP_RAND *EVP_RAND_fetch(OPENSSL_CTX *libctx, const char *algorithm,
-                       const char *properties);
+                         const char *properties);
 int EVP_RAND_up_ref(EVP_RAND *rand);
 void EVP_RAND_free(EVP_RAND *rand);
 int EVP_RAND_number(const EVP_RAND *rand);
@@ -1082,7 +1082,7 @@ int EVP_RAND_is_a(const EVP_RAND *rand, const char *name);
 const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand);
 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]);
 
-EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, int secure, unsigned int df,
+EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, int secure,
                                EVP_RAND_CTX *parent);
 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx);
 EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx);
@@ -1099,14 +1099,15 @@ void EVP_RAND_names_do_all(const EVP_RAND *rand,
                            void (*fn)(const char *name, void *data),
                            void *data);
 
-int EVP_RAND_CTX_instantiate(EVP_RAND_CTX *ctx, int strength,
+int EVP_RAND_CTX_instantiate(EVP_RAND_CTX *ctx, unsigned int strength,
                              int prediction_resistance,
                              const unsigned char *pstr, size_t pstr_len);
 int EVP_RAND_CTX_uninstantiate(EVP_RAND_CTX *ctx);
 int EVP_RAND_CTX_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen,
-                          int strength, int prediction_resistance,
+                          unsigned int strength, int prediction_resistance,
                           const unsigned char *addin, size_t addin_len);
 int EVP_RAND_CTX_reseed(EVP_RAND_CTX *ctx, int prediction_resistance,
+                        const unsigned char *ent, size_t ent_len,
                         const unsigned char *addin, size_t addin_len);
 int EVP_RAND_CTX_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen);
 int EVP_RAND_CTX_set_callbacks(const EVP_RAND_CTX *rand,
@@ -1114,6 +1115,14 @@ int EVP_RAND_CTX_set_callbacks(const EVP_RAND_CTX *rand,
                                OSSL_CALLBACK *cleanup_entropy,
                                OSSL_CALLBACK *get_nonce,
                                OSSL_CALLBACK *cleanup_nonce);
+int EVP_RAND_CTX_enable_locking(EVP_RAND_CTX *ctx);
+int EVP_RAND_CTX_verify_zeroization(EVP_RAND_CTX *ctx);
+unsigned int EVP_RAND_CTX_strength(EVP_RAND_CTX *ctx);
+int EVP_RAND_CTX_state(EVP_RAND_CTX *ctx);
+
+#define EVP_RAND_STATE_UNINITIALISED    0
+#define EVP_RAND_STATE_READY            1
+#define EVP_RAND_STATE_ERROR            2
 
 /* PKEY stuff */
 DEPRECATEDIN_3_0(int EVP_PKEY_decrypt_old(unsigned char *dec_key,