prov: move the entropy source out of the FIPS provider

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13226)

4 files changed, 77 insertions, 4 deletions

diff --git a/providers/common/build.info b/providers/common/build.info
index b6d56682a9..8de65f3fa8 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -2,6 +2,6 @@ SUBDIRS=der
 
 SOURCE[../libcommon.a]=provider_err.c provider_ctx.c
 $FIPSCOMMON=provider_util.c capabilities.c bio_prov.c digest_to_nid.c\
-            securitycheck.c
+            securitycheck.c provider_seeding.c
 SOURCE[../libnonfips.a]=$FIPSCOMMON securitycheck_default.c
 SOURCE[../libfips.a]=$FIPSCOMMON securitycheck_fips.c
diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h
index 05ca8abef0..86a3667641 100644
--- a/providers/common/include/prov/providercommonerr.h
+++ b/providers/common/include/prov/providercommonerr.h
@@ -141,6 +141,7 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_NO_PARAMETERS_SET                         177
 # define PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE  178
 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL                   106
+# define PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS     228
 # define PROV_R_PARENT_LOCKING_NOT_ENABLED                182
 # define PROV_R_PARENT_STRENGTH_TOO_WEAK                  194
 # define PROV_R_PATH_MUST_BE_ABSOLUTE                     219
@@ -158,7 +159,6 @@ int ERR_load_PROV_strings(void);
 # define PROV_R_UNABLE_TO_FIND_CIPHERS                    207
 # define PROV_R_UNABLE_TO_GET_ENTROPY                     202
 # define PROV_R_UNABLE_TO_GET_NONCE                       203
-# define PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER  198
 # define PROV_R_UNABLE_TO_GET_PARENT_STRENGTH             199
 # define PROV_R_UNABLE_TO_INITIALISE_CIPHERS              208
 # define PROV_R_UNABLE_TO_LOAD_SHA1                       143
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
index 2b65903a31..2915330b86 100644
--- a/providers/common/provider_err.c
+++ b/providers/common/provider_err.c
@@ -152,6 +152,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "operation not supported for this keytype"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL),
     "output buffer too small"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS),
+    "parent cannot generate random numbers"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_LOCKING_NOT_ENABLED),
     "parent locking not enabled"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PARENT_STRENGTH_TOO_WEAK),
@@ -182,8 +184,6 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
     "unable to get entropy"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_NONCE),
     "unable to get nonce"},
-    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER),
-    "unable to get parent reseed prop counter"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_GET_PARENT_STRENGTH),
     "unable to get parent strength"},
     {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_UNABLE_TO_INITIALISE_CIPHERS),
diff --git a/providers/common/provider_seeding.c b/providers/common/provider_seeding.c
new file mode 100644
index 0000000000..98704a2cdf
--- /dev/null
+++ b/providers/common/provider_seeding.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_dispatch.h>
+#include "prov/seeding.h"
+
+static OSSL_FUNC_get_entropy_fn *c_get_entropy = NULL;
+static OSSL_FUNC_cleanup_entropy_fn *c_cleanup_entropy = NULL;
+static OSSL_FUNC_get_nonce_fn *c_get_nonce = NULL;
+static OSSL_FUNC_cleanup_nonce_fn *c_cleanup_nonce = NULL;
+
+int ossl_prov_seeding_from_dispatch(const OSSL_DISPATCH *fns)
+{
+    for (; fns->function_id != 0; fns++) {
+        switch (fns->function_id) {
+        case OSSL_FUNC_GET_ENTROPY:
+            if (c_get_entropy == NULL)
+                c_get_entropy = OSSL_FUNC_get_entropy(fns);
+            break;
+        case OSSL_FUNC_CLEANUP_ENTROPY:
+            if (c_cleanup_entropy == NULL)
+                c_cleanup_entropy = OSSL_FUNC_cleanup_entropy(fns);
+            break;
+        case OSSL_FUNC_GET_NONCE:
+            if (c_get_nonce == NULL)
+                c_get_nonce = OSSL_FUNC_get_nonce(fns);
+            break;
+        case OSSL_FUNC_CLEANUP_NONCE:
+            if (c_cleanup_nonce == NULL)
+                c_cleanup_nonce = OSSL_FUNC_cleanup_nonce(fns);
+            break;
+        }
+    }
+    return 1;
+}
+
+size_t ossl_prov_get_entropy(PROV_CTX *prov_ctx, unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len)
+{
+    if (c_get_entropy == NULL)
+        return 0;
+    return c_get_entropy(ossl_prov_ctx_get0_handle(prov_ctx),
+                         pout, entropy, min_len, max_len);
+}
+
+void ossl_prov_cleanup_entropy(PROV_CTX *prov_ctx, unsigned char *buf,
+                               size_t len)
+{
+    if (c_cleanup_entropy != NULL)
+        c_cleanup_entropy(ossl_prov_ctx_get0_handle(prov_ctx), buf, len);
+}
+
+size_t ossl_prov_get_nonce(PROV_CTX *prov_ctx, unsigned char **pout,
+                           size_t min_len, size_t max_len,
+                           const void *salt,size_t salt_len)
+{
+    if (c_get_nonce == NULL)
+        return 0;
+    return c_get_nonce(ossl_prov_ctx_get0_handle(prov_ctx), pout,
+                       min_len, max_len, salt, salt_len);
+}
+
+void ossl_prov_cleanup_nonce(PROV_CTX *prov_ctx, unsigned char *buf, size_t len)
+{
+    if (c_cleanup_nonce != NULL)
+        c_cleanup_nonce(ossl_prov_ctx_get0_handle(prov_ctx), buf, len);
+}