Add a new provider API to generate random numbers.

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24498)
2025-02-23 14:42:15 +08:00 · 2024-05-21 14:56:32 +10:00 · 2024-05-21 14:56:32 +10:00 · 37172e2ab8
commit 37172e2ab8
parent f096fe4b98
5 changed files with 39 additions and 3 deletions
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@ -175,6 +175,7 @@ struct ossl_provider_st {
    OSSL_FUNC_provider_get_params_fn *get_params;
    OSSL_FUNC_provider_get_capabilities_fn *get_capabilities;
    OSSL_FUNC_provider_self_test_fn *self_test;
+    OSSL_FUNC_provider_random_fn *random;
    OSSL_FUNC_provider_query_operation_fn *query_operation;
    OSSL_FUNC_provider_unquery_operation_fn *unquery_operation;

@ -1067,6 +1068,9 @@ static int provider_init(OSSL_PROVIDER *prov)
                prov->self_test =
                    OSSL_FUNC_provider_self_test(provider_dispatch);
                break;
+            case OSSL_FUNC_PROVIDER_RANDOM:
+                prov->random = OSSL_FUNC_provider_random(provider_dispatch);
+                break;
            case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
                prov->get_capabilities =
                    OSSL_FUNC_provider_get_capabilities(provider_dispatch);
@ -1860,6 +1864,13 @@ int ossl_provider_self_test(const OSSL_PROVIDER *prov)
 * If tracing is enabled, a message is printed indicating the requested
 * capabilities.
 */
+int ossl_provider_random(const OSSL_PROVIDER *prov, int which, void *buf, size_t n,
+                         unsigned int strength)
+{
+    return prov->random == NULL ? 0 : prov->random(prov->provctx, which, buf, n,
+                                                   strength);
+}
+
 int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
                                   const char *capability,
                                   OSSL_CALLBACK *cb,
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@ -84,6 +84,8 @@ int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
                                   OSSL_CALLBACK *cb,
                                   void *arg);
 int ossl_provider_self_test(const OSSL_PROVIDER *prov);
+int ossl_provider_random(const OSSL_PROVIDER *prov, int which, void *buf, size_t n,
+                         unsigned int strength);
 const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
                                                    int operation_id,
                                                    int *no_cache);
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@ -248,13 +248,13 @@ OSSL_CORE_MAKE_FUNC(int, provider_free,

 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
-OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
+OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx))
 # define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS    1025
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
                    provider_gettable_params,(void *provctx))
 # define OSSL_FUNC_PROVIDER_GET_PARAMS         1026
-OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx,
-                                             OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(int, provider_get_params, (void *provctx,
+                                               OSSL_PARAM params[]))
 # define OSSL_FUNC_PROVIDER_QUERY_OPERATION    1027
 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
                    (void *provctx, int operation_id, int *no_store))
@ -269,6 +269,10 @@ OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx,
                    const char *capability, OSSL_CALLBACK *cb, void *arg))
 # define OSSL_FUNC_PROVIDER_SELF_TEST          1031
 OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx))
+# define OSSL_FUNC_PROVIDER_RANDOM             1032
+OSSL_CORE_MAKE_FUNC(int, provider_random, (void *provctx, int which,
+                                           void *buf, size_t n,
+                                           unsigned int strength))

 /* Operations */

--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@ -118,6 +118,9 @@ OSSL_DEPRECATEDIN_1_1_0 int RAND_event(UINT, WPARAM, LPARAM);
 #  endif
 # endif

+#define OSSL_PROV_RANDOM_PUBLIC     0
+#define OSSL_PROV_RANDOM_PRIVATE    1
+
 #ifdef  __cplusplus
 }
 #endif
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@ -41,6 +41,7 @@ static OSSL_FUNC_provider_gettable_params_fn fips_gettable_params;
 static OSSL_FUNC_provider_get_params_fn fips_get_params;
 static OSSL_FUNC_provider_query_operation_fn fips_query;
 static OSSL_FUNC_provider_query_operation_fn fips_query_internal;
+static OSSL_FUNC_provider_random_fn fips_random;

 #define ALGC(NAMES, FUNC, CHECK)                \
    { { NAMES, FIPS_DEFAULT_PROPERTIES, FUNC }, CHECK }
@ -121,6 +122,20 @@ void ossl_fips_prov_ossl_ctx_free(void *fgbl)
    OPENSSL_free(fgbl);
 }

+static int fips_random(ossl_unused void *vprov, int which, void *buf, size_t n,
+                       unsigned int strength)
+{
+    OSSL_LIB_CTX *libctx;
+    PROV_CTX *prov = (PROV_CTX *)vprov;
+
+    if (prov == NULL)
+        return 0;
+    libctx = ossl_prov_ctx_get0_libctx(prov);
+    if (which == OSSL_PROV_RANDOM_PRIVATE)
+        return RAND_priv_bytes_ex(libctx, buf, n, strength);
+    return RAND_bytes_ex(libctx, buf, n, strength);
+}
+
 /*
 * Parameters to retrieve from the core provider
 * NOTE: inside core_get_params() these will be loaded from config items
@ -604,6 +619,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = {
    { OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
      (void (*)(void))ossl_prov_get_capabilities },
    { OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test },
+    { OSSL_FUNC_PROVIDER_RANDOM, (void (*)(void))fips_random },
    OSSL_DISPATCH_END
 };