1 /* 2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "crypto/rand.h" 11 #include "crypto/rand_pool.h" 12 #include <openssl/core_dispatch.h> 13 #include <openssl/err.h> 14 15 size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, 16 unsigned char **pout, int entropy, 17 size_t min_len, size_t max_len) 18 { 19 size_t ret = 0; 20 size_t entropy_available; 21 RAND_POOL *pool; 22 23 pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); 24 if (pool == NULL) { 25 ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); 26 return 0; 27 } 28 29 /* Get entropy by polling system entropy sources. */ 30 entropy_available = ossl_pool_acquire_entropy(pool); 31 32 if (entropy_available > 0) { 33 ret = ossl_rand_pool_length(pool); 34 *pout = ossl_rand_pool_detach(pool); 35 } 36 37 ossl_rand_pool_free(pool); 38 return ret; 39 } 40 41 void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, 42 unsigned char *buf, size_t len) 43 { 44 OPENSSL_secure_clear_free(buf, len); 45 } 46 47 size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, 48 unsigned char **pout, size_t min_len, size_t max_len, 49 const void *salt, size_t salt_len) 50 { 51 size_t ret = 0; 52 RAND_POOL *pool; 53 54 pool = ossl_rand_pool_new(0, 0, min_len, max_len); 55 if (pool == NULL) { 56 ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); 57 return 0; 58 } 59 60 if (!ossl_pool_add_nonce_data(pool)) 61 goto err; 62 63 if (salt != NULL && !ossl_rand_pool_add(pool, salt, salt_len, 0)) 64 goto err; 65 ret = ossl_rand_pool_length(pool); 66 *pout = ossl_rand_pool_detach(pool); 67 err: 68 ossl_rand_pool_free(pool); 69 return ret; 70 } 71 72 void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, 73 unsigned char *buf, size_t len) 74 { 75 OPENSSL_clear_free(buf, len); 76 } 77