1 /* 2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <openssl/evp.h> 13 #include <openssl/rand.h> 14 #include <openssl/core.h> 15 #include <openssl/core_names.h> 16 #include <openssl/crypto.h> 17 #include "internal/cryptlib.h" 18 #include "internal/numbers.h" 19 #include "internal/provider.h" 20 #include "internal/core.h" 21 #include "crypto/evp.h" 22 #include "evp_local.h" 23 24 struct evp_rand_st { 25 OSSL_PROVIDER *prov; 26 int name_id; 27 char *type_name; 28 const char *description; 29 CRYPTO_REF_COUNT refcnt; 30 CRYPTO_RWLOCK *refcnt_lock; 31 32 const OSSL_DISPATCH *dispatch; 33 OSSL_FUNC_rand_newctx_fn *newctx; 34 OSSL_FUNC_rand_freectx_fn *freectx; 35 OSSL_FUNC_rand_instantiate_fn *instantiate; 36 OSSL_FUNC_rand_uninstantiate_fn *uninstantiate; 37 OSSL_FUNC_rand_generate_fn *generate; 38 OSSL_FUNC_rand_reseed_fn *reseed; 39 OSSL_FUNC_rand_nonce_fn *nonce; 40 OSSL_FUNC_rand_enable_locking_fn *enable_locking; 41 OSSL_FUNC_rand_lock_fn *lock; 42 OSSL_FUNC_rand_unlock_fn *unlock; 43 OSSL_FUNC_rand_gettable_params_fn *gettable_params; 44 OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params; 45 OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params; 46 OSSL_FUNC_rand_get_params_fn *get_params; 47 OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params; 48 OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params; 49 OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization; 50 } /* EVP_RAND */ ; 51 52 static int evp_rand_up_ref(void *vrand) 53 { 54 EVP_RAND *rand = (EVP_RAND *)vrand; 55 int ref = 0; 56 57 if (rand != NULL) 58 return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock); 59 return 1; 60 } 61 62 static void evp_rand_free(void *vrand) 63 { 64 EVP_RAND *rand = (EVP_RAND *)vrand; 65 int ref = 0; 66 67 if (rand == NULL) 68 return; 69 CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock); 70 if (ref > 0) 71 return; 72 OPENSSL_free(rand->type_name); 73 ossl_provider_free(rand->prov); 74 CRYPTO_THREAD_lock_free(rand->refcnt_lock); 75 OPENSSL_free(rand); 76 } 77 78 static void *evp_rand_new(void) 79 { 80 EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand)); 81 82 if (rand == NULL 83 || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { 84 OPENSSL_free(rand); 85 return NULL; 86 } 87 rand->refcnt = 1; 88 return rand; 89 } 90 91 /* Enable locking of the underlying DRBG/RAND if available */ 92 int EVP_RAND_enable_locking(EVP_RAND_CTX *rand) 93 { 94 if (rand->meth->enable_locking != NULL) 95 return rand->meth->enable_locking(rand->algctx); 96 ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED); 97 return 0; 98 } 99 100 /* Lock the underlying DRBG/RAND if available */ 101 static int evp_rand_lock(EVP_RAND_CTX *rand) 102 { 103 if (rand->meth->lock != NULL) 104 return rand->meth->lock(rand->algctx); 105 return 1; 106 } 107 108 /* Unlock the underlying DRBG/RAND if available */ 109 static void evp_rand_unlock(EVP_RAND_CTX *rand) 110 { 111 if (rand->meth->unlock != NULL) 112 rand->meth->unlock(rand->algctx); 113 } 114 115 static void *evp_rand_from_algorithm(int name_id, 116 const OSSL_ALGORITHM *algodef, 117 OSSL_PROVIDER *prov) 118 { 119 const OSSL_DISPATCH *fns = algodef->implementation; 120 EVP_RAND *rand = NULL; 121 int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0; 122 #ifdef FIPS_MODULE 123 int fnzeroizecnt = 0; 124 #endif 125 126 if ((rand = evp_rand_new()) == NULL) { 127 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 128 return NULL; 129 } 130 rand->name_id = name_id; 131 if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { 132 evp_rand_free(rand); 133 return NULL; 134 } 135 rand->description = algodef->algorithm_description; 136 rand->dispatch = fns; 137 for (; fns->function_id != 0; fns++) { 138 switch (fns->function_id) { 139 case OSSL_FUNC_RAND_NEWCTX: 140 if (rand->newctx != NULL) 141 break; 142 rand->newctx = OSSL_FUNC_rand_newctx(fns); 143 fnctxcnt++; 144 break; 145 case OSSL_FUNC_RAND_FREECTX: 146 if (rand->freectx != NULL) 147 break; 148 rand->freectx = OSSL_FUNC_rand_freectx(fns); 149 fnctxcnt++; 150 break; 151 case OSSL_FUNC_RAND_INSTANTIATE: 152 if (rand->instantiate != NULL) 153 break; 154 rand->instantiate = OSSL_FUNC_rand_instantiate(fns); 155 fnrandcnt++; 156 break; 157 case OSSL_FUNC_RAND_UNINSTANTIATE: 158 if (rand->uninstantiate != NULL) 159 break; 160 rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns); 161 fnrandcnt++; 162 break; 163 case OSSL_FUNC_RAND_GENERATE: 164 if (rand->generate != NULL) 165 break; 166 rand->generate = OSSL_FUNC_rand_generate(fns); 167 fnrandcnt++; 168 break; 169 case OSSL_FUNC_RAND_RESEED: 170 if (rand->reseed != NULL) 171 break; 172 rand->reseed = OSSL_FUNC_rand_reseed(fns); 173 break; 174 case OSSL_FUNC_RAND_NONCE: 175 if (rand->nonce != NULL) 176 break; 177 rand->nonce = OSSL_FUNC_rand_nonce(fns); 178 break; 179 case OSSL_FUNC_RAND_ENABLE_LOCKING: 180 if (rand->enable_locking != NULL) 181 break; 182 rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns); 183 fnenablelockcnt++; 184 break; 185 case OSSL_FUNC_RAND_LOCK: 186 if (rand->lock != NULL) 187 break; 188 rand->lock = OSSL_FUNC_rand_lock(fns); 189 fnlockcnt++; 190 break; 191 case OSSL_FUNC_RAND_UNLOCK: 192 if (rand->unlock != NULL) 193 break; 194 rand->unlock = OSSL_FUNC_rand_unlock(fns); 195 fnlockcnt++; 196 break; 197 case OSSL_FUNC_RAND_GETTABLE_PARAMS: 198 if (rand->gettable_params != NULL) 199 break; 200 rand->gettable_params = 201 OSSL_FUNC_rand_gettable_params(fns); 202 break; 203 case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS: 204 if (rand->gettable_ctx_params != NULL) 205 break; 206 rand->gettable_ctx_params = 207 OSSL_FUNC_rand_gettable_ctx_params(fns); 208 break; 209 case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS: 210 if (rand->settable_ctx_params != NULL) 211 break; 212 rand->settable_ctx_params = 213 OSSL_FUNC_rand_settable_ctx_params(fns); 214 break; 215 case OSSL_FUNC_RAND_GET_PARAMS: 216 if (rand->get_params != NULL) 217 break; 218 rand->get_params = OSSL_FUNC_rand_get_params(fns); 219 break; 220 case OSSL_FUNC_RAND_GET_CTX_PARAMS: 221 if (rand->get_ctx_params != NULL) 222 break; 223 rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns); 224 fnctxcnt++; 225 break; 226 case OSSL_FUNC_RAND_SET_CTX_PARAMS: 227 if (rand->set_ctx_params != NULL) 228 break; 229 rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns); 230 break; 231 case OSSL_FUNC_RAND_VERIFY_ZEROIZATION: 232 if (rand->verify_zeroization != NULL) 233 break; 234 rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns); 235 #ifdef FIPS_MODULE 236 fnzeroizecnt++; 237 #endif 238 break; 239 } 240 } 241 /* 242 * In order to be a consistent set of functions we must have at least 243 * a complete set of "rand" functions and a complete set of context 244 * management functions. In FIPS mode, we also require the zeroization 245 * verification function. 246 * 247 * In addition, if locking can be enabled, we need a complete set of 248 * locking functions. 249 */ 250 if (fnrandcnt != 3 251 || fnctxcnt != 3 252 || (fnenablelockcnt != 0 && fnenablelockcnt != 1) 253 || (fnlockcnt != 0 && fnlockcnt != 2) 254 #ifdef FIPS_MODULE 255 || fnzeroizecnt != 1 256 #endif 257 ) { 258 evp_rand_free(rand); 259 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); 260 return NULL; 261 } 262 263 if (prov != NULL && !ossl_provider_up_ref(prov)) { 264 evp_rand_free(rand); 265 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); 266 return NULL; 267 } 268 rand->prov = prov; 269 270 return rand; 271 } 272 273 EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, 274 const char *properties) 275 { 276 return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties, 277 evp_rand_from_algorithm, evp_rand_up_ref, 278 evp_rand_free); 279 } 280 281 int EVP_RAND_up_ref(EVP_RAND *rand) 282 { 283 return evp_rand_up_ref(rand); 284 } 285 286 void EVP_RAND_free(EVP_RAND *rand) 287 { 288 evp_rand_free(rand); 289 } 290 291 int evp_rand_get_number(const EVP_RAND *rand) 292 { 293 return rand->name_id; 294 } 295 296 const char *EVP_RAND_get0_name(const EVP_RAND *rand) 297 { 298 return rand->type_name; 299 } 300 301 const char *EVP_RAND_get0_description(const EVP_RAND *rand) 302 { 303 return rand->description; 304 } 305 306 int EVP_RAND_is_a(const EVP_RAND *rand, const char *name) 307 { 308 return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name); 309 } 310 311 const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand) 312 { 313 return rand->prov; 314 } 315 316 int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]) 317 { 318 if (rand->get_params != NULL) 319 return rand->get_params(params); 320 return 1; 321 } 322 323 static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx) 324 { 325 int ref = 0; 326 327 return CRYPTO_UP_REF(&ctx->refcnt, &ref, ctx->refcnt_lock); 328 } 329 330 EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) 331 { 332 EVP_RAND_CTX *ctx; 333 void *parent_ctx = NULL; 334 const OSSL_DISPATCH *parent_dispatch = NULL; 335 336 if (rand == NULL) { 337 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); 338 return NULL; 339 } 340 341 ctx = OPENSSL_zalloc(sizeof(*ctx)); 342 if (ctx == NULL || (ctx->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { 343 OPENSSL_free(ctx); 344 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 345 return NULL; 346 } 347 if (parent != NULL) { 348 if (!evp_rand_ctx_up_ref(parent)) { 349 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); 350 CRYPTO_THREAD_lock_free(ctx->refcnt_lock); 351 OPENSSL_free(ctx); 352 return NULL; 353 } 354 parent_ctx = parent->algctx; 355 parent_dispatch = parent->meth->dispatch; 356 } 357 if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx, 358 parent_dispatch)) == NULL 359 || !EVP_RAND_up_ref(rand)) { 360 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 361 rand->freectx(ctx->algctx); 362 CRYPTO_THREAD_lock_free(ctx->refcnt_lock); 363 OPENSSL_free(ctx); 364 EVP_RAND_CTX_free(parent); 365 return NULL; 366 } 367 ctx->meth = rand; 368 ctx->parent = parent; 369 ctx->refcnt = 1; 370 return ctx; 371 } 372 373 void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx) 374 { 375 int ref = 0; 376 EVP_RAND_CTX *parent; 377 378 if (ctx == NULL) 379 return; 380 381 CRYPTO_DOWN_REF(&ctx->refcnt, &ref, ctx->refcnt_lock); 382 if (ref > 0) 383 return; 384 parent = ctx->parent; 385 ctx->meth->freectx(ctx->algctx); 386 ctx->algctx = NULL; 387 EVP_RAND_free(ctx->meth); 388 CRYPTO_THREAD_lock_free(ctx->refcnt_lock); 389 OPENSSL_free(ctx); 390 EVP_RAND_CTX_free(parent); 391 } 392 393 EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx) 394 { 395 return ctx->meth; 396 } 397 398 static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx, 399 OSSL_PARAM params[]) 400 { 401 return ctx->meth->get_ctx_params(ctx->algctx, params); 402 } 403 404 int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) 405 { 406 int res; 407 408 if (!evp_rand_lock(ctx)) 409 return 0; 410 res = evp_rand_get_ctx_params_locked(ctx, params); 411 evp_rand_unlock(ctx); 412 return res; 413 } 414 415 static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx, 416 const OSSL_PARAM params[]) 417 { 418 if (ctx->meth->set_ctx_params != NULL) 419 return ctx->meth->set_ctx_params(ctx->algctx, params); 420 return 1; 421 } 422 423 int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]) 424 { 425 int res; 426 427 if (!evp_rand_lock(ctx)) 428 return 0; 429 res = evp_rand_set_ctx_params_locked(ctx, params); 430 evp_rand_unlock(ctx); 431 return res; 432 } 433 434 const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand) 435 { 436 if (rand->gettable_params == NULL) 437 return NULL; 438 return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand))); 439 } 440 441 const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand) 442 { 443 void *provctx; 444 445 if (rand->gettable_ctx_params == NULL) 446 return NULL; 447 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); 448 return rand->gettable_ctx_params(NULL, provctx); 449 } 450 451 const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand) 452 { 453 void *provctx; 454 455 if (rand->settable_ctx_params == NULL) 456 return NULL; 457 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); 458 return rand->settable_ctx_params(NULL, provctx); 459 } 460 461 const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx) 462 { 463 void *provctx; 464 465 if (ctx->meth->gettable_ctx_params == NULL) 466 return NULL; 467 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); 468 return ctx->meth->gettable_ctx_params(ctx->algctx, provctx); 469 } 470 471 const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx) 472 { 473 void *provctx; 474 475 if (ctx->meth->settable_ctx_params == NULL) 476 return NULL; 477 provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); 478 return ctx->meth->settable_ctx_params(ctx->algctx, provctx); 479 } 480 481 void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, 482 void (*fn)(EVP_RAND *rand, void *arg), 483 void *arg) 484 { 485 evp_generic_do_all(libctx, OSSL_OP_RAND, 486 (void (*)(void *, void *))fn, arg, 487 evp_rand_from_algorithm, evp_rand_up_ref, 488 evp_rand_free); 489 } 490 491 int EVP_RAND_names_do_all(const EVP_RAND *rand, 492 void (*fn)(const char *name, void *data), 493 void *data) 494 { 495 if (rand->prov != NULL) 496 return evp_names_do_all(rand->prov, rand->name_id, fn, data); 497 498 return 1; 499 } 500 501 static int evp_rand_instantiate_locked 502 (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, 503 const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[]) 504 { 505 return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance, 506 pstr, pstr_len, params); 507 } 508 509 int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, 510 int prediction_resistance, 511 const unsigned char *pstr, size_t pstr_len, 512 const OSSL_PARAM params[]) 513 { 514 int res; 515 516 if (!evp_rand_lock(ctx)) 517 return 0; 518 res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance, 519 pstr, pstr_len, params); 520 evp_rand_unlock(ctx); 521 return res; 522 } 523 524 static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx) 525 { 526 return ctx->meth->uninstantiate(ctx->algctx); 527 } 528 529 int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx) 530 { 531 int res; 532 533 if (!evp_rand_lock(ctx)) 534 return 0; 535 res = evp_rand_uninstantiate_locked(ctx); 536 evp_rand_unlock(ctx); 537 return res; 538 } 539 540 static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out, 541 size_t outlen, unsigned int strength, 542 int prediction_resistance, 543 const unsigned char *addin, 544 size_t addin_len) 545 { 546 size_t chunk, max_request = 0; 547 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 548 549 params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST, 550 &max_request); 551 if (!evp_rand_get_ctx_params_locked(ctx, params) 552 || max_request == 0) { 553 ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); 554 return 0; 555 } 556 for (; outlen > 0; outlen -= chunk, out += chunk) { 557 chunk = outlen > max_request ? max_request : outlen; 558 if (!ctx->meth->generate(ctx->algctx, out, chunk, strength, 559 prediction_resistance, addin, addin_len)) { 560 ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR); 561 return 0; 562 } 563 /* 564 * Prediction resistance is only relevant the first time around, 565 * subsequently, the DRBG has already been properly reseeded. 566 */ 567 prediction_resistance = 0; 568 } 569 return 1; 570 } 571 572 int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, 573 unsigned int strength, int prediction_resistance, 574 const unsigned char *addin, size_t addin_len) 575 { 576 int res; 577 578 if (!evp_rand_lock(ctx)) 579 return 0; 580 res = evp_rand_generate_locked(ctx, out, outlen, strength, 581 prediction_resistance, addin, addin_len); 582 evp_rand_unlock(ctx); 583 return res; 584 } 585 586 static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance, 587 const unsigned char *ent, size_t ent_len, 588 const unsigned char *addin, size_t addin_len) 589 { 590 if (ctx->meth->reseed != NULL) 591 return ctx->meth->reseed(ctx->algctx, prediction_resistance, 592 ent, ent_len, addin, addin_len); 593 return 1; 594 } 595 596 int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, 597 const unsigned char *ent, size_t ent_len, 598 const unsigned char *addin, size_t addin_len) 599 { 600 int res; 601 602 if (!evp_rand_lock(ctx)) 603 return 0; 604 res = evp_rand_reseed_locked(ctx, prediction_resistance, 605 ent, ent_len, addin, addin_len); 606 evp_rand_unlock(ctx); 607 return res; 608 } 609 610 static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx) 611 { 612 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 613 unsigned int strength = 0; 614 615 params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); 616 if (!evp_rand_get_ctx_params_locked(ctx, params)) 617 return 0; 618 return strength; 619 } 620 621 unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx) 622 { 623 unsigned int res; 624 625 if (!evp_rand_lock(ctx)) 626 return 0; 627 res = evp_rand_strength_locked(ctx); 628 evp_rand_unlock(ctx); 629 return res; 630 } 631 632 static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out, 633 size_t outlen) 634 { 635 unsigned int str = evp_rand_strength_locked(ctx); 636 637 if (ctx->meth->nonce == NULL) 638 return 0; 639 if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen)) 640 return 1; 641 return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0); 642 } 643 644 int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) 645 { 646 int res; 647 648 if (!evp_rand_lock(ctx)) 649 return 0; 650 res = evp_rand_nonce_locked(ctx, out, outlen); 651 evp_rand_unlock(ctx); 652 return res; 653 } 654 655 int EVP_RAND_get_state(EVP_RAND_CTX *ctx) 656 { 657 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; 658 int state; 659 660 params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state); 661 if (!EVP_RAND_CTX_get_params(ctx, params)) 662 state = EVP_RAND_STATE_ERROR; 663 return state; 664 } 665 666 static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx) 667 { 668 if (ctx->meth->verify_zeroization != NULL) 669 return ctx->meth->verify_zeroization(ctx->algctx); 670 return 0; 671 } 672 673 int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx) 674 { 675 int res; 676 677 if (!evp_rand_lock(ctx)) 678 return 0; 679 res = evp_rand_verify_zeroization_locked(ctx); 680 evp_rand_unlock(ctx); 681 return res; 682 } 683