Lines Matching defs:drbg
44 static int rand_drbg_restart(PROV_DRBG *drbg);
48 PROV_DRBG *drbg = vctx;
50 if (drbg == NULL || drbg->lock == NULL)
52 return CRYPTO_THREAD_write_lock(drbg->lock);
57 PROV_DRBG *drbg = vctx;
59 if (drbg != NULL && drbg->lock != NULL)
60 CRYPTO_THREAD_unlock(drbg->lock);
63 static int ossl_drbg_lock_parent(PROV_DRBG *drbg)
65 void *parent = drbg->parent;
68 && drbg->parent_lock != NULL
69 && !drbg->parent_lock(parent)) {
76 static void ossl_drbg_unlock_parent(PROV_DRBG *drbg)
78 void *parent = drbg->parent;
80 if (parent != NULL && drbg->parent_unlock != NULL)
81 drbg->parent_unlock(parent);
84 static int get_parent_strength(PROV_DRBG *drbg, unsigned int *str)
87 void *parent = drbg->parent;
90 if (drbg->parent_get_ctx_params == NULL) {
96 if (!ossl_drbg_lock_parent(drbg)) {
100 res = drbg->parent_get_ctx_params(parent, params);
101 ossl_drbg_unlock_parent(drbg);
109 static unsigned int get_parent_reseed_count(PROV_DRBG *drbg)
112 void *parent = drbg->parent;
116 if (!ossl_drbg_lock_parent(drbg)) {
120 if (!drbg->parent_get_ctx_params(parent, params))
122 ossl_drbg_unlock_parent(drbg);
126 r = tsan_load(&drbg->reseed_counter) - 2;
149 PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
176 if (!ossl_prov_drbg_generate(drbg, buffer, bytes_needed,
177 drbg->strength, prediction_resistance,
178 (unsigned char *)&drbg, sizeof(drbg))) {
194 static size_t get_entropy(PROV_DRBG *drbg, unsigned char **pout, int entropy,
201 if (drbg->parent == NULL)
203 return ossl_crngt_get_entropy(drbg, pout, entropy, min_len, max_len,
206 return ossl_prov_get_entropy(drbg->provctx, pout, entropy, min_len,
210 if (drbg->parent_get_seed == NULL) {
214 if (!get_parent_strength(drbg, &p_str))
216 if (drbg->strength > p_str) {
228 * if locking is not required (while drbg->parent->lock == NULL).
230 if (!ossl_drbg_lock_parent(drbg))
241 bytes = drbg->parent_get_seed(drbg->parent, pout, drbg->strength,
243 (unsigned char *)&drbg, sizeof(drbg));
244 ossl_drbg_unlock_parent(drbg);
248 static void cleanup_entropy(PROV_DRBG *drbg, unsigned char *out, size_t outlen)
250 if (drbg->parent == NULL) {
252 ossl_crngt_cleanup_entropy(drbg, out, outlen);
254 ossl_prov_cleanup_entropy(drbg->provctx, out, outlen);
256 } else if (drbg->parent_clear_seed != NULL) {
257 if (!ossl_drbg_lock_parent(drbg))
259 drbg->parent_clear_seed(drbg->parent, out, outlen);
260 ossl_drbg_unlock_parent(drbg);
312 static size_t prov_drbg_get_nonce(PROV_DRBG *drbg, unsigned char **pout,
317 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx);
322 void *drbg;
329 if (drbg->parent != NULL && drbg->parent_nonce != NULL) {
330 n = drbg->parent_nonce(drbg->parent, NULL, 0, drbg->min_noncelen,
331 drbg->max_noncelen);
333 ret = drbg->parent_nonce(drbg->parent, buf, 0,
334 drbg->min_noncelen, drbg->max_noncelen);
345 data.drbg = drbg;
348 return ossl_prov_get_nonce(drbg->provctx, pout, min_len, max_len,
354 * Instantiate |drbg|, after it has been initialized. Use |pers| and
357 * Requires that drbg->lock is already locked for write, if non-null.
361 int ossl_prov_drbg_instantiate(PROV_DRBG *drbg, unsigned int strength,
369 if (strength > drbg->strength) {
373 min_entropy = drbg->strength;
374 min_entropylen = drbg->min_entropylen;
375 max_entropylen = drbg->max_entropylen;
381 if (perslen > drbg->max_perslen) {
386 if (drbg->state != EVP_RAND_STATE_UNINITIALISED) {
387 if (drbg->state == EVP_RAND_STATE_ERROR)
394 drbg->state = EVP_RAND_STATE_ERROR;
396 if (drbg->min_noncelen > 0) {
397 if (drbg->parent_nonce != NULL) {
398 noncelen = drbg->parent_nonce(drbg->parent, NULL, drbg->strength,
399 drbg->min_noncelen,
400 drbg->max_noncelen);
410 if (noncelen != drbg->parent_nonce(drbg->parent, nonce,
411 drbg->strength,
412 drbg->min_noncelen,
413 drbg->max_noncelen)) {
418 } else if (drbg->parent != NULL) {
427 min_entropy += drbg->strength / 2;
428 min_entropylen += drbg->min_noncelen;
429 max_entropylen += drbg->max_noncelen;
433 noncelen = prov_drbg_get_nonce(drbg, &nonce, drbg->min_noncelen,
434 drbg->max_noncelen);
435 if (noncelen < drbg->min_noncelen
436 || noncelen > drbg->max_noncelen) {
444 drbg->reseed_next_counter = tsan_load(&drbg->reseed_counter);
445 if (drbg->reseed_next_counter) {
446 drbg->reseed_next_counter++;
447 if (!drbg->reseed_next_counter)
448 drbg->reseed_next_counter = 1;
451 entropylen = get_entropy(drbg, &entropy, min_entropy,
460 if (!drbg->instantiate(drbg, entropy, entropylen, nonce, noncelen,
462 cleanup_entropy(drbg, entropy, entropylen);
466 cleanup_entropy(drbg, entropy, entropylen);
468 drbg->state = EVP_RAND_STATE_READY;
469 drbg->generate_counter = 1;
470 drbg->reseed_time = time(NULL);
471 tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter);
475 ossl_prov_cleanup_nonce(drbg->provctx, nonce, noncelen);
476 if (drbg->state == EVP_RAND_STATE_READY)
482 * Uninstantiate |drbg|. Must be instantiated before it can be used.
484 * Requires that drbg->lock is already locked for write, if non-null.
488 int ossl_prov_drbg_uninstantiate(PROV_DRBG *drbg)
490 drbg->state = EVP_RAND_STATE_UNINITIALISED;
495 * Reseed |drbg|, mixing in the specified data
497 * Requires that drbg->lock is already locked for write, if non-null.
501 int ossl_prov_drbg_reseed(PROV_DRBG *drbg, int prediction_resistance,
511 if (drbg->state != EVP_RAND_STATE_READY) {
513 rand_drbg_restart(drbg);
515 if (drbg->state == EVP_RAND_STATE_ERROR) {
519 if (drbg->state == EVP_RAND_STATE_UNINITIALISED) {
526 if (ent_len < drbg->min_entropylen) {
528 drbg->state = EVP_RAND_STATE_ERROR;
531 if (ent_len > drbg->max_entropylen) {
533 drbg->state = EVP_RAND_STATE_ERROR;
540 } else if (adinlen > drbg->max_adinlen) {
545 drbg->state = EVP_RAND_STATE_ERROR;
547 drbg->reseed_next_counter = tsan_load(&drbg->reseed_counter);
548 if (drbg->reseed_next_counter) {
549 drbg->reseed_next_counter++;
550 if (!drbg->reseed_next_counter)
551 drbg->reseed_next_counter = 1;
563 if (!drbg->reseed(drbg, NULL, 0, ent, ent_len)) {
568 if (!drbg->reseed(drbg, ent, ent_len, adin, adinlen)) {
579 entropylen = get_entropy(drbg, &entropy, drbg->strength,
580 drbg->min_entropylen, drbg->max_entropylen,
582 if (entropylen < drbg->min_entropylen
583 || entropylen > drbg->max_entropylen) {
588 if (!drbg->reseed(drbg, entropy, entropylen, adin, adinlen))
591 drbg->state = EVP_RAND_STATE_READY;
592 drbg->generate_counter = 1;
593 drbg->reseed_time = time(NULL);
594 tsan_store(&drbg->reseed_counter, drbg->reseed_next_counter);
595 if (drbg->parent != NULL)
596 drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
599 cleanup_entropy(drbg, entropy, entropylen);
600 if (drbg->state == EVP_RAND_STATE_READY)
610 * Requires that drbg->lock is already locked for write, if non-null.
615 int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
625 if (drbg->state != EVP_RAND_STATE_READY) {
627 rand_drbg_restart(drbg);
629 if (drbg->state == EVP_RAND_STATE_ERROR) {
633 if (drbg->state == EVP_RAND_STATE_UNINITIALISED) {
638 if (strength > drbg->strength) {
643 if (outlen > drbg->max_request) {
647 if (adinlen > drbg->max_adinlen) {
654 if (drbg->fork_id != fork_id) {
655 drbg->fork_id = fork_id;
659 if (drbg->reseed_interval > 0) {
660 if (drbg->generate_counter >= drbg->reseed_interval)
663 if (drbg->reseed_time_interval > 0) {
665 if (now < drbg->reseed_time
666 || now - drbg->reseed_time >= drbg->reseed_time_interval)
669 if (drbg->parent != NULL
670 && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
674 if (!ossl_prov_drbg_reseed(drbg, prediction_resistance, NULL, 0,
683 if (!drbg->generate(drbg, out, outlen, adin, adinlen)) {
684 drbg->state = EVP_RAND_STATE_ERROR;
689 drbg->generate_counter++;
695 * Restart |drbg|, using the specified entropy or additional input
697 * Tries its best to get the drbg instantiated by all means,
711 static int rand_drbg_restart(PROV_DRBG *drbg)
714 if (drbg->state == EVP_RAND_STATE_ERROR)
715 drbg->uninstantiate(drbg);
718 if (drbg->state == EVP_RAND_STATE_UNINITIALISED)
719 /* reinstantiate drbg */
720 ossl_prov_drbg_instantiate(drbg, drbg->strength, 0, NULL, 0);
722 return drbg->state == EVP_RAND_STATE_READY;
740 PROV_DRBG *drbg = vctx;
742 if (drbg != NULL && drbg->lock == NULL) {
743 if (drbg->parent_enable_locking != NULL)
744 if (!drbg->parent_enable_locking(drbg->parent)) {
748 drbg->lock = CRYPTO_THREAD_lock_new();
749 if (drbg->lock == NULL) {
768 int (*instantiate)(PROV_DRBG *drbg,
773 int (*reseed)(PROV_DRBG *drbg, const unsigned char *ent, size_t ent_len,
778 PROV_DRBG *drbg;
785 drbg = OPENSSL_zalloc(sizeof(*drbg));
786 if (drbg == NULL) {
791 drbg->provctx = provctx;
792 drbg->instantiate = instantiate;
793 drbg->uninstantiate = uninstantiate;
794 drbg->reseed = reseed;
795 drbg->generate = generate;
796 drbg->fork_id = openssl_get_fork_id();
799 drbg->parent = parent;
801 drbg->parent_enable_locking = OSSL_FUNC_rand_enable_locking(pfunc);
803 drbg->parent_lock = OSSL_FUNC_rand_lock(pfunc);
805 drbg->parent_unlock = OSSL_FUNC_rand_unlock(pfunc);
807 drbg->parent_get_ctx_params = OSSL_FUNC_rand_get_ctx_params(pfunc);
809 drbg->parent_nonce = OSSL_FUNC_rand_nonce(pfunc);
811 drbg->parent_get_seed = OSSL_FUNC_rand_get_seed(pfunc);
813 drbg->parent_clear_seed = OSSL_FUNC_rand_clear_seed(pfunc);
816 drbg->max_entropylen = DRBG_MAX_LENGTH;
817 drbg->max_noncelen = DRBG_MAX_LENGTH;
818 drbg->max_perslen = DRBG_MAX_LENGTH;
819 drbg->max_adinlen = DRBG_MAX_LENGTH;
820 drbg->generate_counter = 1;
821 drbg->reseed_counter = 1;
822 drbg->reseed_interval = RESEED_INTERVAL;
823 drbg->reseed_time_interval = TIME_INTERVAL;
825 if (!dnew(drbg))
829 if (!get_parent_strength(drbg, &p_str))
831 if (drbg->strength > p_str) {
841 if (!ossl_drbg_enable_locking(drbg))
844 return drbg;
847 ossl_rand_drbg_free(drbg);
851 void ossl_rand_drbg_free(PROV_DRBG *drbg)
853 if (drbg == NULL)
856 CRYPTO_THREAD_lock_free(drbg->lock);
857 OPENSSL_free(drbg);
860 int ossl_drbg_get_ctx_params(PROV_DRBG *drbg, OSSL_PARAM params[])
865 if (p != NULL && !OSSL_PARAM_set_int(p, drbg->state))
869 if (p != NULL && !OSSL_PARAM_set_int(p, drbg->strength))
873 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_request))
877 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->min_entropylen))
881 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_entropylen))
885 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->min_noncelen))
889 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_noncelen))
893 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_perslen))
897 if (p != NULL && !OSSL_PARAM_set_size_t(p, drbg->max_adinlen))
901 if (p != NULL && !OSSL_PARAM_set_uint(p, drbg->reseed_interval))
905 if (p != NULL && !OSSL_PARAM_set_time_t(p, drbg->reseed_time))
909 if (p != NULL && !OSSL_PARAM_set_time_t(p, drbg->reseed_time_interval))
914 && !OSSL_PARAM_set_uint(p, tsan_load(&drbg->reseed_counter)))
919 int ossl_drbg_set_ctx_params(PROV_DRBG *drbg, const OSSL_PARAM params[])
927 if (p != NULL && !OSSL_PARAM_get_uint(p, &drbg->reseed_interval))
931 if (p != NULL && !OSSL_PARAM_get_time_t(p, &drbg->reseed_time_interval))