/src/openssl/providers/implementations/rands/drbg_hmac.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | |
11 | | #include <stdlib.h> |
12 | | #include <string.h> |
13 | | #include <openssl/crypto.h> |
14 | | #include <openssl/err.h> |
15 | | #include <openssl/rand.h> |
16 | | #include <openssl/proverr.h> |
17 | | #include "internal/cryptlib.h" |
18 | | #include "internal/thread_once.h" |
19 | | #include "prov/providercommon.h" |
20 | | #include "prov/implementations.h" |
21 | | #include "prov/provider_ctx.h" |
22 | | #include "prov/hmac_drbg.h" |
23 | | #include "prov/drbg.h" |
24 | | #include "crypto/evp.h" |
25 | | #include "crypto/evp/evp_local.h" |
26 | | #include "internal/provider.h" |
27 | | |
28 | | static OSSL_FUNC_rand_newctx_fn drbg_hmac_new_wrapper; |
29 | | static OSSL_FUNC_rand_freectx_fn drbg_hmac_free; |
30 | | static OSSL_FUNC_rand_instantiate_fn drbg_hmac_instantiate_wrapper; |
31 | | static OSSL_FUNC_rand_uninstantiate_fn drbg_hmac_uninstantiate_wrapper; |
32 | | static OSSL_FUNC_rand_generate_fn drbg_hmac_generate_wrapper; |
33 | | static OSSL_FUNC_rand_reseed_fn drbg_hmac_reseed_wrapper; |
34 | | static OSSL_FUNC_rand_settable_ctx_params_fn drbg_hmac_settable_ctx_params; |
35 | | static OSSL_FUNC_rand_set_ctx_params_fn drbg_hmac_set_ctx_params; |
36 | | static OSSL_FUNC_rand_gettable_ctx_params_fn drbg_hmac_gettable_ctx_params; |
37 | | static OSSL_FUNC_rand_get_ctx_params_fn drbg_hmac_get_ctx_params; |
38 | | static OSSL_FUNC_rand_verify_zeroization_fn drbg_hmac_verify_zeroization; |
39 | | |
40 | | static int drbg_hmac_set_ctx_params_locked |
41 | | (PROV_DRBG *drbg, const struct drbg_set_ctx_params_st *p); |
42 | | static int drbg_hmac_set_ctx_params_decoder(const OSSL_PARAM params[], |
43 | | struct drbg_set_ctx_params_st *p); |
44 | | |
45 | | /* |
46 | | * Called twice by SP800-90Ar1 10.1.2.2 HMAC_DRBG_Update_Process. |
47 | | * |
48 | | * hmac is an object that holds the input/output Key and Value (K and V). |
49 | | * inbyte is 0x00 on the first call and 0x01 on the second call. |
50 | | * in1, in2, in3 are optional inputs that can be NULL. |
51 | | * in1len, in2len, in3len are the lengths of the input buffers. |
52 | | * |
53 | | * The returned K,V is: |
54 | | * hmac->K = HMAC(hmac->K, hmac->V || inbyte || [in1] || [in2] || [in3]) |
55 | | * hmac->V = HMAC(hmac->K, hmac->V) |
56 | | * |
57 | | * Returns zero if an error occurs otherwise it returns 1. |
58 | | */ |
59 | | static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte, |
60 | | const unsigned char *in1, size_t in1len, |
61 | | const unsigned char *in2, size_t in2len, |
62 | | const unsigned char *in3, size_t in3len) |
63 | 0 | { |
64 | 0 | EVP_MAC_CTX *ctx = hmac->ctx; |
65 | |
|
66 | 0 | if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL) |
67 | | /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */ |
68 | 0 | || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen) |
69 | 0 | || !EVP_MAC_update(ctx, &inbyte, 1) |
70 | 0 | || !(in1 == NULL || in1len == 0 || EVP_MAC_update(ctx, in1, in1len)) |
71 | 0 | || !(in2 == NULL || in2len == 0 || EVP_MAC_update(ctx, in2, in2len)) |
72 | 0 | || !(in3 == NULL || in3len == 0 || EVP_MAC_update(ctx, in3, in3len)) |
73 | 0 | || !EVP_MAC_final(ctx, hmac->K, NULL, sizeof(hmac->K))) |
74 | 0 | return 0; |
75 | | |
76 | | /* V = HMAC(K, V) */ |
77 | 0 | return EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL) |
78 | 0 | && EVP_MAC_update(ctx, hmac->V, hmac->blocklen) |
79 | 0 | && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V)); |
80 | 0 | } |
81 | | |
82 | | /* |
83 | | * SP800-90Ar1 10.1.2.2 HMAC_DRBG_Update_Process |
84 | | * |
85 | | * |
86 | | * Updates the drbg objects Key(K) and Value(V) using the following algorithm: |
87 | | * K,V = do_hmac(hmac, 0, in1, in2, in3) |
88 | | * if (any input is not NULL) |
89 | | * K,V = do_hmac(hmac, 1, in1, in2, in3) |
90 | | * |
91 | | * where in1, in2, in3 are optional input buffers that can be NULL. |
92 | | * in1len, in2len, in3len are the lengths of the input buffers. |
93 | | * |
94 | | * Returns zero if an error occurs otherwise it returns 1. |
95 | | */ |
96 | | static int drbg_hmac_update(PROV_DRBG_HMAC *hmac, |
97 | | const unsigned char *in1, size_t in1len, |
98 | | const unsigned char *in2, size_t in2len, |
99 | | const unsigned char *in3, size_t in3len) |
100 | 0 | { |
101 | | /* (Steps 1-2) K = HMAC(K, V||0x00||provided_data). V = HMAC(K,V) */ |
102 | 0 | if (!do_hmac(hmac, 0x00, in1, in1len, in2, in2len, in3, in3len)) |
103 | 0 | return 0; |
104 | | /* (Step 3) If provided_data == NULL then return (K,V) */ |
105 | 0 | if (in1len == 0 && in2len == 0 && in3len == 0) |
106 | 0 | return 1; |
107 | | /* (Steps 4-5) K = HMAC(K, V||0x01||provided_data). V = HMAC(K,V) */ |
108 | 0 | return do_hmac(hmac, 0x01, in1, in1len, in2, in2len, in3, in3len); |
109 | 0 | } |
110 | | |
111 | | /* |
112 | | * SP800-90Ar1 10.1.2.3 HMAC_DRBG_Instantiate_Process: |
113 | | * |
114 | | * This sets the drbg Key (K) to all zeros, and Value (V) to all 1's. |
115 | | * and then calls (K,V) = drbg_hmac_update() with input parameters: |
116 | | * ent = entropy data (Can be NULL) of length ent_len. |
117 | | * nonce = nonce data (Can be NULL) of length nonce_len. |
118 | | * pstr = personalization data (Can be NULL) of length pstr_len. |
119 | | * |
120 | | * Returns zero if an error occurs otherwise it returns 1. |
121 | | */ |
122 | | int ossl_drbg_hmac_init(PROV_DRBG_HMAC *hmac, |
123 | | const unsigned char *ent, size_t ent_len, |
124 | | const unsigned char *nonce, size_t nonce_len, |
125 | | const unsigned char *pstr, size_t pstr_len) |
126 | 0 | { |
127 | 0 | if (hmac->ctx == NULL) { |
128 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MAC); |
129 | 0 | return 0; |
130 | 0 | } |
131 | | |
132 | | /* (Step 2) Key = 0x00 00...00 */ |
133 | 0 | memset(hmac->K, 0x00, hmac->blocklen); |
134 | | /* (Step 3) V = 0x01 01...01 */ |
135 | 0 | memset(hmac->V, 0x01, hmac->blocklen); |
136 | | /* (Step 4) (K,V) = HMAC_DRBG_Update(entropy||nonce||pers string, K, V) */ |
137 | 0 | return drbg_hmac_update(hmac, ent, ent_len, nonce, nonce_len, pstr, |
138 | 0 | pstr_len); |
139 | 0 | } |
140 | | static int drbg_hmac_instantiate(PROV_DRBG *drbg, |
141 | | const unsigned char *ent, size_t ent_len, |
142 | | const unsigned char *nonce, size_t nonce_len, |
143 | | const unsigned char *pstr, size_t pstr_len) |
144 | 0 | { |
145 | 0 | return ossl_drbg_hmac_init((PROV_DRBG_HMAC *)drbg->data, ent, ent_len, |
146 | 0 | nonce, nonce_len, pstr, pstr_len); |
147 | 0 | } |
148 | | |
149 | | static int drbg_hmac_instantiate_wrapper(void *vdrbg, unsigned int strength, |
150 | | int prediction_resistance, |
151 | | const unsigned char *pstr, |
152 | | size_t pstr_len, |
153 | | const OSSL_PARAM params[]) |
154 | 0 | { |
155 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
156 | 0 | struct drbg_set_ctx_params_st p; |
157 | 0 | int ret = 0; |
158 | |
|
159 | 0 | if (drbg == NULL || !drbg_hmac_set_ctx_params_decoder(params, &p)) |
160 | 0 | return 0; |
161 | | |
162 | 0 | if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock)) |
163 | 0 | return 0; |
164 | | |
165 | 0 | if (!ossl_prov_is_running() |
166 | 0 | || !drbg_hmac_set_ctx_params_locked(drbg, &p)) |
167 | 0 | goto err; |
168 | 0 | ret = ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance, |
169 | 0 | pstr, pstr_len); |
170 | 0 | err: |
171 | 0 | if (drbg->lock != NULL) |
172 | 0 | CRYPTO_THREAD_unlock(drbg->lock); |
173 | 0 | return ret; |
174 | 0 | } |
175 | | |
176 | | |
177 | | /* |
178 | | * SP800-90Ar1 10.1.2.4 HMAC_DRBG_Reseed_Process: |
179 | | * |
180 | | * Reseeds the drbg's Key (K) and Value (V) by calling |
181 | | * (K,V) = drbg_hmac_update() with the following input parameters: |
182 | | * ent = entropy input data (Can be NULL) of length ent_len. |
183 | | * adin = additional input data (Can be NULL) of length adin_len. |
184 | | * |
185 | | * Returns zero if an error occurs otherwise it returns 1. |
186 | | */ |
187 | | static int drbg_hmac_reseed(PROV_DRBG *drbg, |
188 | | const unsigned char *ent, size_t ent_len, |
189 | | const unsigned char *adin, size_t adin_len) |
190 | 0 | { |
191 | 0 | PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data; |
192 | | |
193 | | /* (Step 2) (K,V) = HMAC_DRBG_Update(entropy||additional_input, K, V) */ |
194 | 0 | return drbg_hmac_update(hmac, ent, ent_len, adin, adin_len, NULL, 0); |
195 | 0 | } |
196 | | |
197 | | static int drbg_hmac_reseed_wrapper(void *vdrbg, int prediction_resistance, |
198 | | const unsigned char *ent, size_t ent_len, |
199 | | const unsigned char *adin, size_t adin_len) |
200 | 0 | { |
201 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
202 | |
|
203 | 0 | return ossl_prov_drbg_reseed(drbg, prediction_resistance, ent, ent_len, |
204 | 0 | adin, adin_len); |
205 | 0 | } |
206 | | |
207 | | /* |
208 | | * SP800-90Ar1 10.1.2.5 HMAC_DRBG_Generate_Process: |
209 | | * |
210 | | * Generates pseudo random bytes and updates the internal K,V for the drbg. |
211 | | * out is a buffer to fill with outlen bytes of pseudo random data. |
212 | | * adin is an additional_input string of size adin_len that may be NULL. |
213 | | * |
214 | | * Returns zero if an error occurs otherwise it returns 1. |
215 | | */ |
216 | | int ossl_drbg_hmac_generate(PROV_DRBG_HMAC *hmac, |
217 | | unsigned char *out, size_t outlen, |
218 | | const unsigned char *adin, size_t adin_len) |
219 | 0 | { |
220 | 0 | EVP_MAC_CTX *ctx = hmac->ctx; |
221 | 0 | const unsigned char *temp = hmac->V; |
222 | | |
223 | | /* (Step 2) if adin != NULL then (K,V) = HMAC_DRBG_Update(adin, K, V) */ |
224 | 0 | if (adin != NULL |
225 | 0 | && adin_len > 0 |
226 | 0 | && !drbg_hmac_update(hmac, adin, adin_len, NULL, 0, NULL, 0)) |
227 | 0 | return 0; |
228 | | |
229 | | /* |
230 | | * (Steps 3-5) temp = NULL |
231 | | * while (len(temp) < outlen) { |
232 | | * V = HMAC(K, V) |
233 | | * temp = temp || V |
234 | | * } |
235 | | */ |
236 | 0 | for (;;) { |
237 | 0 | if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL) |
238 | 0 | || !EVP_MAC_update(ctx, temp, hmac->blocklen)) |
239 | 0 | return 0; |
240 | | |
241 | 0 | if (outlen > hmac->blocklen) { |
242 | 0 | if (!EVP_MAC_final(ctx, out, NULL, outlen)) |
243 | 0 | return 0; |
244 | 0 | temp = out; |
245 | 0 | } else { |
246 | 0 | if (!EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V))) |
247 | 0 | return 0; |
248 | 0 | memcpy(out, hmac->V, outlen); |
249 | 0 | break; |
250 | 0 | } |
251 | 0 | out += hmac->blocklen; |
252 | 0 | outlen -= hmac->blocklen; |
253 | 0 | } |
254 | | /* (Step 6) (K,V) = HMAC_DRBG_Update(adin, K, V) */ |
255 | 0 | if (!drbg_hmac_update(hmac, adin, adin_len, NULL, 0, NULL, 0)) |
256 | 0 | return 0; |
257 | | |
258 | 0 | return 1; |
259 | 0 | } |
260 | | |
261 | | static int drbg_hmac_generate(PROV_DRBG *drbg, |
262 | | unsigned char *out, size_t outlen, |
263 | | const unsigned char *adin, size_t adin_len) |
264 | 0 | { |
265 | 0 | return ossl_drbg_hmac_generate((PROV_DRBG_HMAC *)drbg->data, out, outlen, |
266 | 0 | adin, adin_len); |
267 | 0 | } |
268 | | |
269 | | static int drbg_hmac_generate_wrapper(void *vdrbg, |
270 | | unsigned char *out, size_t outlen, unsigned int strength, |
271 | | int prediction_resistance, const unsigned char *adin, size_t adin_len) |
272 | 0 | { |
273 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
274 | |
|
275 | 0 | return ossl_prov_drbg_generate(drbg, out, outlen, strength, |
276 | 0 | prediction_resistance, adin, adin_len); |
277 | 0 | } |
278 | | |
279 | | static int drbg_hmac_uninstantiate(PROV_DRBG *drbg) |
280 | 0 | { |
281 | 0 | PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data; |
282 | |
|
283 | 0 | OPENSSL_cleanse(hmac->K, sizeof(hmac->K)); |
284 | 0 | OPENSSL_cleanse(hmac->V, sizeof(hmac->V)); |
285 | 0 | return ossl_prov_drbg_uninstantiate(drbg); |
286 | 0 | } |
287 | | |
288 | | static int drbg_hmac_uninstantiate_wrapper(void *vdrbg) |
289 | 0 | { |
290 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
291 | 0 | int ret; |
292 | |
|
293 | 0 | if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock)) |
294 | 0 | return 0; |
295 | | |
296 | 0 | ret = drbg_hmac_uninstantiate(drbg); |
297 | |
|
298 | 0 | if (drbg->lock != NULL) |
299 | 0 | CRYPTO_THREAD_unlock(drbg->lock); |
300 | |
|
301 | 0 | return ret; |
302 | 0 | } |
303 | | |
304 | | static int drbg_hmac_verify_zeroization(void *vdrbg) |
305 | 0 | { |
306 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
307 | 0 | PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data; |
308 | 0 | int ret = 0; |
309 | |
|
310 | 0 | if (drbg->lock != NULL && !CRYPTO_THREAD_read_lock(drbg->lock)) |
311 | 0 | return 0; |
312 | | |
313 | 0 | PROV_DRBG_VERIFY_ZEROIZATION(hmac->K); |
314 | 0 | PROV_DRBG_VERIFY_ZEROIZATION(hmac->V); |
315 | |
|
316 | 0 | ret = 1; |
317 | 0 | err: |
318 | 0 | if (drbg->lock != NULL) |
319 | 0 | CRYPTO_THREAD_unlock(drbg->lock); |
320 | 0 | return ret; |
321 | 0 | } |
322 | | |
323 | | static int drbg_hmac_new(PROV_DRBG *drbg) |
324 | 0 | { |
325 | 0 | PROV_DRBG_HMAC *hmac; |
326 | |
|
327 | 0 | hmac = OPENSSL_secure_zalloc(sizeof(*hmac)); |
328 | 0 | if (hmac == NULL) |
329 | 0 | return 0; |
330 | | |
331 | 0 | OSSL_FIPS_IND_INIT(drbg) |
332 | | |
333 | 0 | drbg->data = hmac; |
334 | | /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ |
335 | 0 | drbg->max_entropylen = DRBG_MAX_LENGTH; |
336 | 0 | drbg->max_noncelen = DRBG_MAX_LENGTH; |
337 | 0 | drbg->max_perslen = DRBG_MAX_LENGTH; |
338 | 0 | drbg->max_adinlen = DRBG_MAX_LENGTH; |
339 | | |
340 | | /* Maximum number of bits per request = 2^19 = 2^16 bytes */ |
341 | 0 | drbg->max_request = 1 << 16; |
342 | 0 | return 1; |
343 | 0 | } |
344 | | |
345 | | static void *drbg_hmac_new_wrapper(void *provctx, void *parent, |
346 | | const OSSL_DISPATCH *parent_dispatch) |
347 | 0 | { |
348 | 0 | return ossl_rand_drbg_new(provctx, parent, parent_dispatch, |
349 | 0 | &drbg_hmac_new, &drbg_hmac_free, |
350 | 0 | &drbg_hmac_instantiate, &drbg_hmac_uninstantiate, |
351 | 0 | &drbg_hmac_reseed, &drbg_hmac_generate); |
352 | 0 | } |
353 | | |
354 | | static void drbg_hmac_free(void *vdrbg) |
355 | 0 | { |
356 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
357 | 0 | PROV_DRBG_HMAC *hmac; |
358 | |
|
359 | 0 | if (drbg != NULL && (hmac = (PROV_DRBG_HMAC *)drbg->data) != NULL) { |
360 | 0 | EVP_MAC_CTX_free(hmac->ctx); |
361 | 0 | ossl_prov_digest_reset(&hmac->digest); |
362 | 0 | OPENSSL_secure_clear_free(hmac, sizeof(*hmac)); |
363 | 0 | } |
364 | 0 | ossl_rand_drbg_free(drbg); |
365 | 0 | } |
366 | | |
367 | | #define drbg_hmac_get_ctx_params_st drbg_get_ctx_params_st |
368 | | |
369 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
370 | | #ifndef drbg_hmac_get_ctx_params_list |
371 | | static const OSSL_PARAM drbg_hmac_get_ctx_params_list[] = { |
372 | | OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_MAC, NULL, 0), |
373 | | OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_DIGEST, NULL, 0), |
374 | | OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), |
375 | | OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL), |
376 | | OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), |
377 | | OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_ENTROPYLEN, NULL), |
378 | | OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ENTROPYLEN, NULL), |
379 | | OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MIN_NONCELEN, NULL), |
380 | | OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_NONCELEN, NULL), |
381 | | OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_PERSLEN, NULL), |
382 | | OSSL_PARAM_size_t(OSSL_DRBG_PARAM_MAX_ADINLEN, NULL), |
383 | | OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_COUNTER, NULL), |
384 | | OSSL_PARAM_time_t(OSSL_DRBG_PARAM_RESEED_TIME, NULL), |
385 | | OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), |
386 | | OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL), |
387 | | # if defined(FIPS_MODULE) |
388 | | OSSL_PARAM_int(OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR, NULL), |
389 | | # endif |
390 | | OSSL_PARAM_END |
391 | | }; |
392 | | #endif |
393 | | |
394 | | #ifndef drbg_hmac_get_ctx_params_st |
395 | | struct drbg_hmac_get_ctx_params_st { |
396 | | OSSL_PARAM *digest; |
397 | | # if defined(FIPS_MODULE) |
398 | | OSSL_PARAM *ind; |
399 | | # endif |
400 | | OSSL_PARAM *mac; |
401 | | OSSL_PARAM *maxadlen; |
402 | | OSSL_PARAM *maxentlen; |
403 | | OSSL_PARAM *maxnonlen; |
404 | | OSSL_PARAM *maxperlen; |
405 | | OSSL_PARAM *maxreq; |
406 | | OSSL_PARAM *minentlen; |
407 | | OSSL_PARAM *minnonlen; |
408 | | OSSL_PARAM *reseed_cnt; |
409 | | OSSL_PARAM *reseed_int; |
410 | | OSSL_PARAM *reseed_req; |
411 | | OSSL_PARAM *reseed_time; |
412 | | OSSL_PARAM *state; |
413 | | OSSL_PARAM *str; |
414 | | }; |
415 | | #endif |
416 | | |
417 | | #ifndef drbg_hmac_get_ctx_params_decoder |
418 | | static int drbg_hmac_get_ctx_params_decoder |
419 | | (const OSSL_PARAM *p, struct drbg_hmac_get_ctx_params_st *r) |
420 | 0 | { |
421 | 0 | const char *s; |
422 | |
|
423 | 0 | memset(r, 0, sizeof(*r)); |
424 | 0 | if (p != NULL) |
425 | 0 | for (; (s = p->key) != NULL; p++) |
426 | 0 | switch(s[0]) { |
427 | 0 | default: |
428 | 0 | break; |
429 | 0 | case 'd': |
430 | 0 | if (ossl_likely(strcmp("igest", s + 1) == 0)) { |
431 | | /* DRBG_PARAM_DIGEST */ |
432 | 0 | if (ossl_unlikely(r->digest != NULL)) { |
433 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
434 | 0 | "param %s is repeated", s); |
435 | 0 | return 0; |
436 | 0 | } |
437 | 0 | r->digest = (OSSL_PARAM *)p; |
438 | 0 | } |
439 | 0 | break; |
440 | 0 | case 'f': |
441 | | # if defined(FIPS_MODULE) |
442 | | if (ossl_likely(strcmp("ips-indicator", s + 1) == 0)) { |
443 | | /* KDF_PARAM_FIPS_APPROVED_INDICATOR */ |
444 | | if (ossl_unlikely(r->ind != NULL)) { |
445 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
446 | | "param %s is repeated", s); |
447 | | return 0; |
448 | | } |
449 | | r->ind = (OSSL_PARAM *)p; |
450 | | } |
451 | | # endif |
452 | 0 | break; |
453 | 0 | case 'm': |
454 | 0 | switch(s[1]) { |
455 | 0 | default: |
456 | 0 | break; |
457 | 0 | case 'a': |
458 | 0 | switch(s[2]) { |
459 | 0 | default: |
460 | 0 | break; |
461 | 0 | case 'c': |
462 | 0 | switch(s[3]) { |
463 | 0 | default: |
464 | 0 | break; |
465 | 0 | case '\0': |
466 | 0 | if (ossl_unlikely(r->mac != NULL)) { |
467 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
468 | 0 | "param %s is repeated", s); |
469 | 0 | return 0; |
470 | 0 | } |
471 | 0 | r->mac = (OSSL_PARAM *)p; |
472 | 0 | } |
473 | 0 | break; |
474 | 0 | case 'x': |
475 | 0 | switch(s[3]) { |
476 | 0 | default: |
477 | 0 | break; |
478 | 0 | case '_': |
479 | 0 | switch(s[4]) { |
480 | 0 | default: |
481 | 0 | break; |
482 | 0 | case 'a': |
483 | 0 | if (ossl_likely(strcmp("dinlen", s + 5) == 0)) { |
484 | | /* DRBG_PARAM_MAX_ADINLEN */ |
485 | 0 | if (ossl_unlikely(r->maxadlen != NULL)) { |
486 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
487 | 0 | "param %s is repeated", s); |
488 | 0 | return 0; |
489 | 0 | } |
490 | 0 | r->maxadlen = (OSSL_PARAM *)p; |
491 | 0 | } |
492 | 0 | break; |
493 | 0 | case 'e': |
494 | 0 | if (ossl_likely(strcmp("ntropylen", s + 5) == 0)) { |
495 | | /* DRBG_PARAM_MAX_ENTROPYLEN */ |
496 | 0 | if (ossl_unlikely(r->maxentlen != NULL)) { |
497 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
498 | 0 | "param %s is repeated", s); |
499 | 0 | return 0; |
500 | 0 | } |
501 | 0 | r->maxentlen = (OSSL_PARAM *)p; |
502 | 0 | } |
503 | 0 | break; |
504 | 0 | case 'n': |
505 | 0 | if (ossl_likely(strcmp("oncelen", s + 5) == 0)) { |
506 | | /* DRBG_PARAM_MAX_NONCELEN */ |
507 | 0 | if (ossl_unlikely(r->maxnonlen != NULL)) { |
508 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
509 | 0 | "param %s is repeated", s); |
510 | 0 | return 0; |
511 | 0 | } |
512 | 0 | r->maxnonlen = (OSSL_PARAM *)p; |
513 | 0 | } |
514 | 0 | break; |
515 | 0 | case 'p': |
516 | 0 | if (ossl_likely(strcmp("erslen", s + 5) == 0)) { |
517 | | /* DRBG_PARAM_MAX_PERSLEN */ |
518 | 0 | if (ossl_unlikely(r->maxperlen != NULL)) { |
519 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
520 | 0 | "param %s is repeated", s); |
521 | 0 | return 0; |
522 | 0 | } |
523 | 0 | r->maxperlen = (OSSL_PARAM *)p; |
524 | 0 | } |
525 | 0 | break; |
526 | 0 | case 'r': |
527 | 0 | if (ossl_likely(strcmp("equest", s + 5) == 0)) { |
528 | | /* RAND_PARAM_MAX_REQUEST */ |
529 | 0 | if (ossl_unlikely(r->maxreq != NULL)) { |
530 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
531 | 0 | "param %s is repeated", s); |
532 | 0 | return 0; |
533 | 0 | } |
534 | 0 | r->maxreq = (OSSL_PARAM *)p; |
535 | 0 | } |
536 | 0 | } |
537 | 0 | } |
538 | 0 | } |
539 | 0 | break; |
540 | 0 | case 'i': |
541 | 0 | switch(s[2]) { |
542 | 0 | default: |
543 | 0 | break; |
544 | 0 | case 'n': |
545 | 0 | switch(s[3]) { |
546 | 0 | default: |
547 | 0 | break; |
548 | 0 | case '_': |
549 | 0 | switch(s[4]) { |
550 | 0 | default: |
551 | 0 | break; |
552 | 0 | case 'e': |
553 | 0 | if (ossl_likely(strcmp("ntropylen", s + 5) == 0)) { |
554 | | /* DRBG_PARAM_MIN_ENTROPYLEN */ |
555 | 0 | if (ossl_unlikely(r->minentlen != NULL)) { |
556 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
557 | 0 | "param %s is repeated", s); |
558 | 0 | return 0; |
559 | 0 | } |
560 | 0 | r->minentlen = (OSSL_PARAM *)p; |
561 | 0 | } |
562 | 0 | break; |
563 | 0 | case 'n': |
564 | 0 | if (ossl_likely(strcmp("oncelen", s + 5) == 0)) { |
565 | | /* DRBG_PARAM_MIN_NONCELEN */ |
566 | 0 | if (ossl_unlikely(r->minnonlen != NULL)) { |
567 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
568 | 0 | "param %s is repeated", s); |
569 | 0 | return 0; |
570 | 0 | } |
571 | 0 | r->minnonlen = (OSSL_PARAM *)p; |
572 | 0 | } |
573 | 0 | } |
574 | 0 | } |
575 | 0 | } |
576 | 0 | } |
577 | 0 | break; |
578 | 0 | case 'r': |
579 | 0 | switch(s[1]) { |
580 | 0 | default: |
581 | 0 | break; |
582 | 0 | case 'e': |
583 | 0 | switch(s[2]) { |
584 | 0 | default: |
585 | 0 | break; |
586 | 0 | case 's': |
587 | 0 | switch(s[3]) { |
588 | 0 | default: |
589 | 0 | break; |
590 | 0 | case 'e': |
591 | 0 | switch(s[4]) { |
592 | 0 | default: |
593 | 0 | break; |
594 | 0 | case 'e': |
595 | 0 | switch(s[5]) { |
596 | 0 | default: |
597 | 0 | break; |
598 | 0 | case 'd': |
599 | 0 | switch(s[6]) { |
600 | 0 | default: |
601 | 0 | break; |
602 | 0 | case '_': |
603 | 0 | switch(s[7]) { |
604 | 0 | default: |
605 | 0 | break; |
606 | 0 | case 'c': |
607 | 0 | if (ossl_likely(strcmp("ounter", s + 8) == 0)) { |
608 | | /* DRBG_PARAM_RESEED_COUNTER */ |
609 | 0 | if (ossl_unlikely(r->reseed_cnt != NULL)) { |
610 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
611 | 0 | "param %s is repeated", s); |
612 | 0 | return 0; |
613 | 0 | } |
614 | 0 | r->reseed_cnt = (OSSL_PARAM *)p; |
615 | 0 | } |
616 | 0 | break; |
617 | 0 | case 'r': |
618 | 0 | if (ossl_likely(strcmp("equests", s + 8) == 0)) { |
619 | | /* DRBG_PARAM_RESEED_REQUESTS */ |
620 | 0 | if (ossl_unlikely(r->reseed_req != NULL)) { |
621 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
622 | 0 | "param %s is repeated", s); |
623 | 0 | return 0; |
624 | 0 | } |
625 | 0 | r->reseed_req = (OSSL_PARAM *)p; |
626 | 0 | } |
627 | 0 | break; |
628 | 0 | case 't': |
629 | 0 | switch(s[8]) { |
630 | 0 | default: |
631 | 0 | break; |
632 | 0 | case 'i': |
633 | 0 | switch(s[9]) { |
634 | 0 | default: |
635 | 0 | break; |
636 | 0 | case 'm': |
637 | 0 | switch(s[10]) { |
638 | 0 | default: |
639 | 0 | break; |
640 | 0 | case 'e': |
641 | 0 | switch(s[11]) { |
642 | 0 | default: |
643 | 0 | break; |
644 | 0 | case '_': |
645 | 0 | if (ossl_likely(strcmp("interval", s + 12) == 0)) { |
646 | | /* DRBG_PARAM_RESEED_TIME_INTERVAL */ |
647 | 0 | if (ossl_unlikely(r->reseed_int != NULL)) { |
648 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
649 | 0 | "param %s is repeated", s); |
650 | 0 | return 0; |
651 | 0 | } |
652 | 0 | r->reseed_int = (OSSL_PARAM *)p; |
653 | 0 | } |
654 | 0 | break; |
655 | 0 | case '\0': |
656 | 0 | if (ossl_unlikely(r->reseed_time != NULL)) { |
657 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
658 | 0 | "param %s is repeated", s); |
659 | 0 | return 0; |
660 | 0 | } |
661 | 0 | r->reseed_time = (OSSL_PARAM *)p; |
662 | 0 | } |
663 | 0 | } |
664 | 0 | } |
665 | 0 | } |
666 | 0 | } |
667 | 0 | } |
668 | 0 | } |
669 | 0 | } |
670 | 0 | } |
671 | 0 | } |
672 | 0 | } |
673 | 0 | break; |
674 | 0 | case 's': |
675 | 0 | switch(s[1]) { |
676 | 0 | default: |
677 | 0 | break; |
678 | 0 | case 't': |
679 | 0 | switch(s[2]) { |
680 | 0 | default: |
681 | 0 | break; |
682 | 0 | case 'a': |
683 | 0 | if (ossl_likely(strcmp("te", s + 3) == 0)) { |
684 | | /* RAND_PARAM_STATE */ |
685 | 0 | if (ossl_unlikely(r->state != NULL)) { |
686 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
687 | 0 | "param %s is repeated", s); |
688 | 0 | return 0; |
689 | 0 | } |
690 | 0 | r->state = (OSSL_PARAM *)p; |
691 | 0 | } |
692 | 0 | break; |
693 | 0 | case 'r': |
694 | 0 | if (ossl_likely(strcmp("ength", s + 3) == 0)) { |
695 | | /* RAND_PARAM_STRENGTH */ |
696 | 0 | if (ossl_unlikely(r->str != NULL)) { |
697 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
698 | 0 | "param %s is repeated", s); |
699 | 0 | return 0; |
700 | 0 | } |
701 | 0 | r->str = (OSSL_PARAM *)p; |
702 | 0 | } |
703 | 0 | } |
704 | 0 | } |
705 | 0 | } |
706 | 0 | return 1; |
707 | 0 | } |
708 | | #endif |
709 | | /* End of machine generated */ |
710 | | |
711 | | static int drbg_hmac_get_ctx_params(void *vdrbg, OSSL_PARAM params[]) |
712 | 0 | { |
713 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vdrbg; |
714 | 0 | PROV_DRBG_HMAC *hmac; |
715 | 0 | const char *name; |
716 | 0 | const EVP_MD *md; |
717 | 0 | struct drbg_get_ctx_params_st p; |
718 | 0 | int ret = 0, complete = 0; |
719 | |
|
720 | 0 | if (drbg == NULL || !drbg_hmac_get_ctx_params_decoder(params, &p)) |
721 | 0 | return 0; |
722 | | |
723 | 0 | if (!ossl_drbg_get_ctx_params_no_lock(drbg, &p, params, &complete)) |
724 | 0 | return 0; |
725 | | |
726 | 0 | if (complete) |
727 | 0 | return 1; |
728 | | |
729 | 0 | hmac = (PROV_DRBG_HMAC *)drbg->data; |
730 | |
|
731 | 0 | if (drbg->lock != NULL && !CRYPTO_THREAD_read_lock(drbg->lock)) |
732 | 0 | return 0; |
733 | | |
734 | 0 | if (p.mac != NULL) { |
735 | 0 | if (hmac->ctx == NULL) |
736 | 0 | goto err; |
737 | 0 | name = EVP_MAC_get0_name(EVP_MAC_CTX_get0_mac(hmac->ctx)); |
738 | 0 | if (!OSSL_PARAM_set_utf8_string(p.mac, name)) |
739 | 0 | goto err; |
740 | 0 | } |
741 | | |
742 | 0 | if (p.digest != NULL) { |
743 | 0 | md = ossl_prov_digest_md(&hmac->digest); |
744 | 0 | if (md == NULL |
745 | 0 | || !OSSL_PARAM_set_utf8_string(p.digest, EVP_MD_get0_name(md))) |
746 | 0 | goto err; |
747 | 0 | } |
748 | | |
749 | 0 | ret = ossl_drbg_get_ctx_params(drbg, &p); |
750 | 0 | err: |
751 | 0 | if (drbg->lock != NULL) |
752 | 0 | CRYPTO_THREAD_unlock(drbg->lock); |
753 | |
|
754 | 0 | return ret; |
755 | 0 | } |
756 | | |
757 | | static const OSSL_PARAM *drbg_hmac_gettable_ctx_params(ossl_unused void *vctx, |
758 | | ossl_unused void *p_ctx) |
759 | 0 | { |
760 | 0 | return drbg_hmac_get_ctx_params_list; |
761 | 0 | } |
762 | | |
763 | | static int drbg_fetch_algs_from_prov(const struct drbg_set_ctx_params_st *p, |
764 | | OSSL_LIB_CTX *libctx, |
765 | | EVP_MAC_CTX **macctx, |
766 | | EVP_MD **digest) |
767 | 0 | { |
768 | 0 | OSSL_PROVIDER *prov = NULL; |
769 | 0 | EVP_MD *md = NULL; |
770 | 0 | EVP_MAC *mac = NULL; |
771 | 0 | int ret = 0; |
772 | |
|
773 | 0 | if (macctx == NULL || digest == NULL) |
774 | 0 | return 0; |
775 | | |
776 | 0 | if (p->prov == NULL || p->prov->data_type != OSSL_PARAM_UTF8_STRING) |
777 | 0 | return 0; |
778 | 0 | if ((prov = ossl_provider_find(libctx, (const char *)p->prov->data, 1)) == NULL) |
779 | 0 | return 0; |
780 | | |
781 | 0 | if (p->digest != NULL) { |
782 | 0 | if (p->digest->data_type != OSSL_PARAM_UTF8_STRING) |
783 | 0 | goto done; |
784 | | |
785 | 0 | md = evp_digest_fetch_from_prov(prov, (const char *)p->digest->data, NULL); |
786 | 0 | if (md) { |
787 | 0 | EVP_MD_free(*digest); |
788 | 0 | *digest = md; |
789 | 0 | } else { |
790 | 0 | goto done; |
791 | 0 | } |
792 | 0 | } |
793 | | |
794 | 0 | if (p->mac == NULL) { |
795 | 0 | ret = 1; |
796 | 0 | goto done; |
797 | 0 | } |
798 | | |
799 | 0 | if (p->mac->data_type != OSSL_PARAM_UTF8_STRING) |
800 | 0 | goto done; |
801 | | |
802 | 0 | EVP_MAC_CTX_free(*macctx); |
803 | 0 | *macctx = NULL; |
804 | |
|
805 | 0 | mac = evp_mac_fetch_from_prov(prov, (const char *)p->mac->data, NULL); |
806 | 0 | if (mac) { |
807 | 0 | *macctx = EVP_MAC_CTX_new(mac); |
808 | | /* The context holds on to the MAC */ |
809 | 0 | EVP_MAC_free(mac); |
810 | 0 | ret = 1; |
811 | 0 | } |
812 | |
|
813 | 0 | done: |
814 | 0 | ossl_provider_free(prov); |
815 | 0 | return ret; |
816 | 0 | } |
817 | | |
818 | | static int drbg_hmac_set_ctx_params_locked |
819 | | (PROV_DRBG *ctx, const struct drbg_set_ctx_params_st *p) |
820 | 0 | { |
821 | 0 | PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)ctx->data; |
822 | 0 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); |
823 | 0 | EVP_MD *prov_md = NULL; |
824 | 0 | const EVP_MD *md; |
825 | 0 | int md_size; |
826 | |
|
827 | 0 | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p->ind_d)) |
828 | 0 | return 0; |
829 | | |
830 | | /* try to fetch mac and digest from provider */ |
831 | 0 | (void)ERR_set_mark(); |
832 | 0 | if (!drbg_fetch_algs_from_prov(p, libctx, &hmac->ctx, &prov_md)) { |
833 | 0 | (void)ERR_pop_to_mark(); |
834 | | /* fall back to full implementation search */ |
835 | 0 | if (!ossl_prov_digest_load(&hmac->digest, p->digest, p->propq, |
836 | 0 | p->engine, libctx)) |
837 | 0 | return 0; |
838 | | |
839 | 0 | if (!ossl_prov_macctx_load(&hmac->ctx, p->mac, NULL, p->digest, |
840 | 0 | p->propq, p->engine, |
841 | 0 | NULL, NULL, NULL, libctx)) |
842 | 0 | return 0; |
843 | 0 | } else { |
844 | 0 | (void)ERR_clear_last_mark(); |
845 | 0 | if (prov_md) |
846 | 0 | ossl_prov_digest_set_md(&hmac->digest, prov_md); |
847 | 0 | } |
848 | | |
849 | 0 | md = ossl_prov_digest_md(&hmac->digest); |
850 | 0 | if (md != NULL && !ossl_drbg_verify_digest(ctx, libctx, md)) |
851 | 0 | return 0; /* Error already raised for us */ |
852 | | |
853 | 0 | if (md != NULL && hmac->ctx != NULL) { |
854 | | /* These are taken from SP 800-90 10.1 Table 2 */ |
855 | 0 | md_size = EVP_MD_get_size(md); |
856 | 0 | if (md_size <= 0) |
857 | 0 | return 0; |
858 | 0 | hmac->blocklen = (size_t)md_size; |
859 | | /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ |
860 | 0 | ctx->strength = 64 * (int)(hmac->blocklen >> 3); |
861 | 0 | if (ctx->strength > 256) |
862 | 0 | ctx->strength = 256; |
863 | 0 | ctx->seedlen = hmac->blocklen; |
864 | 0 | ctx->min_entropylen = ctx->strength / 8; |
865 | 0 | ctx->min_noncelen = ctx->min_entropylen / 2; |
866 | 0 | } |
867 | | |
868 | 0 | return ossl_drbg_set_ctx_params(ctx, p); |
869 | 0 | } |
870 | | |
871 | | #define drbg_hmac_set_ctx_params_st drbg_set_ctx_params_st |
872 | | |
873 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
874 | | #ifndef drbg_hmac_set_ctx_params_list |
875 | | static const OSSL_PARAM drbg_hmac_set_ctx_params_list[] = { |
876 | | OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, NULL, 0), |
877 | | OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_DIGEST, NULL, 0), |
878 | | OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_MAC, NULL, 0), |
879 | | OSSL_PARAM_utf8_string(OSSL_PROV_PARAM_CORE_PROV_NAME, NULL, 0), |
880 | | OSSL_PARAM_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, NULL), |
881 | | OSSL_PARAM_uint64(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, NULL), |
882 | | # if defined(FIPS_MODULE) |
883 | | OSSL_PARAM_int(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK, NULL), |
884 | | # endif |
885 | | OSSL_PARAM_END |
886 | | }; |
887 | | #endif |
888 | | |
889 | | #ifndef drbg_hmac_set_ctx_params_st |
890 | | struct drbg_hmac_set_ctx_params_st { |
891 | | OSSL_PARAM *digest; |
892 | | OSSL_PARAM *engine; |
893 | | # if defined(FIPS_MODULE) |
894 | | OSSL_PARAM *ind_d; |
895 | | # endif |
896 | | OSSL_PARAM *mac; |
897 | | OSSL_PARAM *propq; |
898 | | OSSL_PARAM *prov; |
899 | | OSSL_PARAM *reseed_req; |
900 | | OSSL_PARAM *reseed_time; |
901 | | }; |
902 | | #endif |
903 | | |
904 | | #ifndef drbg_hmac_set_ctx_params_decoder |
905 | | static int drbg_hmac_set_ctx_params_decoder |
906 | | (const OSSL_PARAM *p, struct drbg_hmac_set_ctx_params_st *r) |
907 | 0 | { |
908 | 0 | const char *s; |
909 | |
|
910 | 0 | memset(r, 0, sizeof(*r)); |
911 | 0 | if (p != NULL) |
912 | 0 | for (; (s = p->key) != NULL; p++) |
913 | 0 | switch(s[0]) { |
914 | 0 | default: |
915 | 0 | break; |
916 | 0 | case 'd': |
917 | 0 | switch(s[1]) { |
918 | 0 | default: |
919 | 0 | break; |
920 | 0 | case 'i': |
921 | 0 | switch(s[2]) { |
922 | 0 | default: |
923 | 0 | break; |
924 | 0 | case 'g': |
925 | 0 | switch(s[3]) { |
926 | 0 | default: |
927 | 0 | break; |
928 | 0 | case 'e': |
929 | 0 | switch(s[4]) { |
930 | 0 | default: |
931 | 0 | break; |
932 | 0 | case 's': |
933 | 0 | switch(s[5]) { |
934 | 0 | default: |
935 | 0 | break; |
936 | 0 | case 't': |
937 | 0 | switch(s[6]) { |
938 | 0 | default: |
939 | 0 | break; |
940 | 0 | case '-': |
941 | | # if defined(FIPS_MODULE) |
942 | | if (ossl_likely(strcmp("check", s + 7) == 0)) { |
943 | | /* KDF_PARAM_FIPS_DIGEST_CHECK */ |
944 | | if (ossl_unlikely(r->ind_d != NULL)) { |
945 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
946 | | "param %s is repeated", s); |
947 | | return 0; |
948 | | } |
949 | | r->ind_d = (OSSL_PARAM *)p; |
950 | | } |
951 | | # endif |
952 | 0 | break; |
953 | 0 | case '\0': |
954 | 0 | if (ossl_unlikely(r->digest != NULL)) { |
955 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
956 | 0 | "param %s is repeated", s); |
957 | 0 | return 0; |
958 | 0 | } |
959 | 0 | r->digest = (OSSL_PARAM *)p; |
960 | 0 | } |
961 | 0 | } |
962 | 0 | } |
963 | 0 | } |
964 | 0 | } |
965 | 0 | } |
966 | 0 | break; |
967 | 0 | case 'e': |
968 | 0 | if (ossl_likely(strcmp("ngine", s + 1) == 0)) { |
969 | | /* ALG_PARAM_ENGINE */ |
970 | 0 | if (ossl_unlikely(r->engine != NULL)) { |
971 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
972 | 0 | "param %s is repeated", s); |
973 | 0 | return 0; |
974 | 0 | } |
975 | 0 | r->engine = (OSSL_PARAM *)p; |
976 | 0 | } |
977 | 0 | break; |
978 | 0 | case 'm': |
979 | 0 | if (ossl_likely(strcmp("ac", s + 1) == 0)) { |
980 | | /* DRBG_PARAM_MAC */ |
981 | 0 | if (ossl_unlikely(r->mac != NULL)) { |
982 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
983 | 0 | "param %s is repeated", s); |
984 | 0 | return 0; |
985 | 0 | } |
986 | 0 | r->mac = (OSSL_PARAM *)p; |
987 | 0 | } |
988 | 0 | break; |
989 | 0 | case 'p': |
990 | 0 | switch(s[1]) { |
991 | 0 | default: |
992 | 0 | break; |
993 | 0 | case 'r': |
994 | 0 | switch(s[2]) { |
995 | 0 | default: |
996 | 0 | break; |
997 | 0 | case 'o': |
998 | 0 | switch(s[3]) { |
999 | 0 | default: |
1000 | 0 | break; |
1001 | 0 | case 'p': |
1002 | 0 | if (ossl_likely(strcmp("erties", s + 4) == 0)) { |
1003 | | /* DRBG_PARAM_PROPERTIES */ |
1004 | 0 | if (ossl_unlikely(r->propq != NULL)) { |
1005 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1006 | 0 | "param %s is repeated", s); |
1007 | 0 | return 0; |
1008 | 0 | } |
1009 | 0 | r->propq = (OSSL_PARAM *)p; |
1010 | 0 | } |
1011 | 0 | break; |
1012 | 0 | case 'v': |
1013 | 0 | if (ossl_likely(strcmp("ider-name", s + 4) == 0)) { |
1014 | | /* PROV_PARAM_CORE_PROV_NAME */ |
1015 | 0 | if (ossl_unlikely(r->prov != NULL)) { |
1016 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1017 | 0 | "param %s is repeated", s); |
1018 | 0 | return 0; |
1019 | 0 | } |
1020 | 0 | r->prov = (OSSL_PARAM *)p; |
1021 | 0 | } |
1022 | 0 | } |
1023 | 0 | } |
1024 | 0 | } |
1025 | 0 | break; |
1026 | 0 | case 'r': |
1027 | 0 | switch(s[1]) { |
1028 | 0 | default: |
1029 | 0 | break; |
1030 | 0 | case 'e': |
1031 | 0 | switch(s[2]) { |
1032 | 0 | default: |
1033 | 0 | break; |
1034 | 0 | case 's': |
1035 | 0 | switch(s[3]) { |
1036 | 0 | default: |
1037 | 0 | break; |
1038 | 0 | case 'e': |
1039 | 0 | switch(s[4]) { |
1040 | 0 | default: |
1041 | 0 | break; |
1042 | 0 | case 'e': |
1043 | 0 | switch(s[5]) { |
1044 | 0 | default: |
1045 | 0 | break; |
1046 | 0 | case 'd': |
1047 | 0 | switch(s[6]) { |
1048 | 0 | default: |
1049 | 0 | break; |
1050 | 0 | case '_': |
1051 | 0 | switch(s[7]) { |
1052 | 0 | default: |
1053 | 0 | break; |
1054 | 0 | case 'r': |
1055 | 0 | if (ossl_likely(strcmp("equests", s + 8) == 0)) { |
1056 | | /* DRBG_PARAM_RESEED_REQUESTS */ |
1057 | 0 | if (ossl_unlikely(r->reseed_req != NULL)) { |
1058 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1059 | 0 | "param %s is repeated", s); |
1060 | 0 | return 0; |
1061 | 0 | } |
1062 | 0 | r->reseed_req = (OSSL_PARAM *)p; |
1063 | 0 | } |
1064 | 0 | break; |
1065 | 0 | case 't': |
1066 | 0 | if (ossl_likely(strcmp("ime_interval", s + 8) == 0)) { |
1067 | | /* DRBG_PARAM_RESEED_TIME_INTERVAL */ |
1068 | 0 | if (ossl_unlikely(r->reseed_time != NULL)) { |
1069 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1070 | 0 | "param %s is repeated", s); |
1071 | 0 | return 0; |
1072 | 0 | } |
1073 | 0 | r->reseed_time = (OSSL_PARAM *)p; |
1074 | 0 | } |
1075 | 0 | } |
1076 | 0 | } |
1077 | 0 | } |
1078 | 0 | } |
1079 | 0 | } |
1080 | 0 | } |
1081 | 0 | } |
1082 | 0 | } |
1083 | 0 | return 1; |
1084 | 0 | } |
1085 | | #endif |
1086 | | /* End of machine generated */ |
1087 | | |
1088 | | static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
1089 | 0 | { |
1090 | 0 | PROV_DRBG *drbg = (PROV_DRBG *)vctx; |
1091 | 0 | struct drbg_set_ctx_params_st p; |
1092 | 0 | int ret; |
1093 | |
|
1094 | 0 | if (drbg == NULL || !drbg_hmac_set_ctx_params_decoder(params, &p)) |
1095 | 0 | return 0; |
1096 | | |
1097 | 0 | if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock)) |
1098 | 0 | return 0; |
1099 | | |
1100 | 0 | ret = drbg_hmac_set_ctx_params_locked(drbg, &p); |
1101 | |
|
1102 | 0 | if (drbg->lock != NULL) |
1103 | 0 | CRYPTO_THREAD_unlock(drbg->lock); |
1104 | |
|
1105 | 0 | return ret; |
1106 | 0 | } |
1107 | | |
1108 | | static const OSSL_PARAM *drbg_hmac_settable_ctx_params(ossl_unused void *vctx, |
1109 | | ossl_unused void *p_ctx) |
1110 | 0 | { |
1111 | 0 | return drbg_hmac_set_ctx_params_list; |
1112 | 0 | } |
1113 | | |
1114 | | const OSSL_DISPATCH ossl_drbg_ossl_hmac_functions[] = { |
1115 | | { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))drbg_hmac_new_wrapper }, |
1116 | | { OSSL_FUNC_RAND_FREECTX, (void(*)(void))drbg_hmac_free }, |
1117 | | { OSSL_FUNC_RAND_INSTANTIATE, |
1118 | | (void(*)(void))drbg_hmac_instantiate_wrapper }, |
1119 | | { OSSL_FUNC_RAND_UNINSTANTIATE, |
1120 | | (void(*)(void))drbg_hmac_uninstantiate_wrapper }, |
1121 | | { OSSL_FUNC_RAND_GENERATE, (void(*)(void))drbg_hmac_generate_wrapper }, |
1122 | | { OSSL_FUNC_RAND_RESEED, (void(*)(void))drbg_hmac_reseed_wrapper }, |
1123 | | { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))ossl_drbg_enable_locking }, |
1124 | | { OSSL_FUNC_RAND_LOCK, (void(*)(void))ossl_drbg_lock }, |
1125 | | { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))ossl_drbg_unlock }, |
1126 | | { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS, |
1127 | | (void(*)(void))drbg_hmac_settable_ctx_params }, |
1128 | | { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void(*)(void))drbg_hmac_set_ctx_params }, |
1129 | | { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, |
1130 | | (void(*)(void))drbg_hmac_gettable_ctx_params }, |
1131 | | { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))drbg_hmac_get_ctx_params }, |
1132 | | { OSSL_FUNC_RAND_VERIFY_ZEROIZATION, |
1133 | | (void(*)(void))drbg_hmac_verify_zeroization }, |
1134 | | { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))ossl_drbg_get_seed }, |
1135 | | { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))ossl_drbg_clear_seed }, |
1136 | | OSSL_DISPATCH_END |
1137 | | }; |