rand: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
author: Pauli <paul.dale@oracle.com> 2020-10-30 15:53:22 +1000
committer: Pauli <paul.dale@oracle.com> 2020-11-20 08:24:21 +1000
commit: 03bede0cc8418e056d4ac551fbdc2283e0e9491f (patch)
tree: 116154c3e80bb806d6becadaefc35a8e1e7013b8 /include
parent: 71febb399225ec5b0f85292fe9487d507fbafb7e (diff)
4 files changed, 40 insertions, 2 deletions
diff --git a/include/crypto/rand.h b/include/crypto/rand.h
index a437565fe8..c870245521 100644
--- a/include/crypto/rand.h
+++ b/include/crypto/rand.h
@@ -19,6 +19,7 @@
 # define OSSL_CRYPTO_RAND_H
 
 # include <openssl/rand.h>
+# include "crypto/rand_pool.h"
 
 /*
  * Defines related to seed sources
@@ -93,4 +94,24 @@ void rand_pool_keep_random_devices_open(int keep);
  */
 void ossl_random_add_conf_module(void);
 
+/*
+ * Get and cleanup random seed material.
+ */
+size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char **pout, int entropy,
+                             size_t min_len, size_t max_len);
+void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle,
+                               unsigned char *buf, size_t len);
+size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                           unsigned char **pout, size_t min_len, size_t max_len,
+                           const void *salt, size_t salt_len);
+void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle,
+                             unsigned char *buf, size_t len);
+
+/*
+ * Get seeding material from the operating system sources.
+ */
+size_t ossl_pool_acquire_entropy(RAND_POOL *pool);
+int ossl_pool_add_nonce_data(RAND_POOL *pool);
+
 #endif
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index d4d581df57..bbd0429718 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -161,6 +161,23 @@ OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio,
 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
                                          void **cbarg))
 
+/* Functions to get seed material from the operating system */
+#define OSSL_FUNC_GET_ENTROPY                101
+#define OSSL_FUNC_CLEANUP_ENTROPY            102
+#define OSSL_FUNC_GET_NONCE                  103
+#define OSSL_FUNC_CLEANUP_NONCE              104
+OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle,
+                                          unsigned char **pout, int entropy,
+                                          size_t min_len, size_t max_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle,
+                                            unsigned char *buf, size_t len))
+OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle,
+                                        unsigned char **pout, size_t min_len,
+                                        size_t max_len, const void *salt,
+                                        size_t salt_len))
+OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle,
+                                          unsigned char *buf, size_t len))
+
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index f0b0cd0163..d41feeb144 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -219,13 +219,13 @@ extern "C" {
 /* Known RAND names */
 #define OSSL_RAND_PARAM_STATE                   "state"
 #define OSSL_RAND_PARAM_STRENGTH                "strength"
+#define OSSL_RAND_PARAM_MAX_REQUEST             "max_request"
 #define OSSL_RAND_PARAM_TEST_ENTROPY            "test_entropy"
 #define OSSL_RAND_PARAM_TEST_NONCE              "test_nonce"
 
 /* RAND/DRBG names */
 #define OSSL_DRBG_PARAM_RESEED_REQUESTS         "reseed_requests"
 #define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL    "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MAX_REQUEST             "max_request"
 #define OSSL_DRBG_PARAM_MIN_ENTROPYLEN          "min_entropylen"
 #define OSSL_DRBG_PARAM_MAX_ENTROPYLEN          "max_entropylen"
 #define OSSL_DRBG_PARAM_MIN_NONCELEN            "min_noncelen"
diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h
index 3eef9afdd2..40e5787308 100644
--- a/include/openssl/randerr.h
+++ b/include/openssl/randerr.h
@@ -102,7 +102,7 @@ int ERR_load_RAND_strings(void);
 # define RAND_R_UNABLE_TO_FETCH_DRBG                      144
 # define RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER  141
 # define RAND_R_UNABLE_TO_GET_PARENT_STRENGTH             138
-# define RAND_R_UNABLE_TO_GET_RESEED_PROP_CTR             142
+# define RAND_R_UNABLE_TO_GET_RESEED_COUNTER              142
 # define RAND_R_UNABLE_TO_LOCK_PARENT                     140
 # define RAND_R_UNSUPPORTED_DRBG_FLAGS                    132
 # define RAND_R_UNSUPPORTED_DRBG_TYPE                     120
author	Pauli <paul.dale@oracle.com>	2020-10-30 15:53:22 +1000
committer	Pauli <paul.dale@oracle.com>	2020-11-20 08:24:21 +1000
commit	03bede0cc8418e056d4ac551fbdc2283e0e9491f (patch)
tree	116154c3e80bb806d6becadaefc35a8e1e7013b8 /include
parent	71febb399225ec5b0f85292fe9487d507fbafb7e (diff)