openssl/crypto/include/internal/rand_int.h

/*
 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * Licensed under the OpenSSL licenses, (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

#ifndef HEADER_RAND_INT_H
# define HEADER_RAND_INT_H

# include <openssl/rand.h>

/* forward declaration */
typedef struct rand_pool_st RAND_POOL;

void rand_cleanup_int(void);
void rand_drbg_cleanup_int(void);
void rand_fork(void);

/* Hardware-based seeding functions. */
size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);

/* DRBG entropy callbacks. */
size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
                             unsigned char **pout,
                             int entropy, size_t min_len, size_t max_len,
                             int prediction_resistance);
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
                               unsigned char *out, size_t outlen);
size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);


/*
 * RAND_POOL functions
 */
RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
void rand_pool_free(RAND_POOL *pool);

const unsigned char *rand_pool_buffer(RAND_POOL *pool);
unsigned char *rand_pool_detach(RAND_POOL *pool);

size_t rand_pool_entropy(RAND_POOL *pool);
size_t rand_pool_length(RAND_POOL *pool);

size_t rand_pool_entropy_available(RAND_POOL *pool);
size_t rand_pool_entropy_needed(RAND_POOL *pool);
size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
size_t rand_pool_bytes_remaining(RAND_POOL *pool);

size_t rand_pool_add(RAND_POOL *pool,
                     const unsigned char *buffer, size_t len, size_t entropy);
unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);


/*
 * Add random bytes to the pool to acquire requested amount of entropy
 *
 * This function is platform specific and tries to acquire the requested
 * amount of entropy by polling platform specific entropy sources.
 *
 * If the function succeeds in acquiring at least |entropy_requested| bits
 * of entropy, the total entropy count is returned. If it fails, it returns
 * an entropy count of 0.
 */
size_t rand_pool_acquire_entropy(RAND_POOL *pool);

#endif
Copyright consolidation 05/10 Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-17 19:38:09 +00:00			`/*`
			`* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.`
			`*`
			`* Licensed under the OpenSSL license (the "License"). You may not use`
			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
			`*/`

Deprecate RAND_cleanup() and make it a no-op RAND_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-04-06 10:19:55 +00:00			`/*`
			`* Licensed under the OpenSSL licenses, (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`* https://www.openssl.org/source/license.html`
			`* or in the file LICENSE in the source distribution.`
			`*/`

Publish the RAND_DRBG API Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462) 2018-03-05 22:45:44 +00:00			`#ifndef HEADER_RAND_INT_H`
			`# define HEADER_RAND_INT_H`

			`# include <openssl/rand.h>`

			`/* forward declaration */`
			`typedef struct rand_pool_st RAND_POOL;`
Deprecate RAND_cleanup() and make it a no-op RAND_cleanup() should not be called expicitly - we should leave auto-deinit to clean this up instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-04-06 10:19:55 +00:00
Rename int_() functions to _int() There is a preference for suffixes to indicate that a function is internal rather than prefixes. Note: the suffix is only required to disambiguate internal functions and public symbols with the same name (but different case) Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-04-12 11:20:16 +00:00			`void rand_cleanup_int(void);`
Fix reseeding issues of the public RAND_DRBG Reseeding is handled very differently by the classic RAND_METHOD API and the new RAND_DRBG api. These differences led to some problems when the new RAND_DRBG was made the default OpenSSL RNG. In particular, RAND_add() did not work as expected anymore. These issues are discussed on the thread '[openssl-dev] Plea for a new public OpenSSL RNG API' and in Pull Request #4328. This commit fixes the mentioned issues, introducing the following changes: - Replace the fixed size RAND_BYTES_BUFFER by a new RAND_POOL API which facilitates collecting entropy by the get_entropy() callback. - Don't use RAND_poll()/RAND_add() for collecting entropy from the get_entropy() callback anymore. Instead, replace RAND_poll() by RAND_POOL_acquire_entropy(). - Add a new function rand_drbg_restart() which tries to get the DRBG in an instantiated state by all means, regardless of the current state (uninstantiated, error, ...) the DRBG is in. If the caller provides entropy or additional input, it will be used for reseeding. - Restore the original documented behaviour of RAND_add() and RAND_poll() (namely to reseed the DRBG immediately) by a new implementation based on rand_drbg_restart(). - Add automatic error recovery from temporary failures of the entropy source to RAND_DRBG_generate() using the rand_drbg_restart() function. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4328) 2017-08-31 21:16:22 +00:00			`void rand_drbg_cleanup_int(void);`
Make RAND_DRBG fork-safe Use atfork to count child forks, and reseed DRBG when the counts don't match. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4101) 2017-08-06 22:12:28 +00:00			`void rand_fork(void);`
Publish the RAND_DRBG API Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462) 2018-03-05 22:45:44 +00:00
			`/* Hardware-based seeding functions. */`
			`size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);`
			`size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);`

			`/* DRBG entropy callbacks. */`
			`size_t rand_drbg_get_entropy(RAND_DRBG *drbg,`
			`unsigned char **pout,`
Propagate the request for prediction resistance to the get entropy call Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5402 2018-02-18 18:26:55 +00:00			`int entropy, size_t min_len, size_t max_len,`
			`int prediction_resistance);`
Publish the RAND_DRBG API Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462) 2018-03-05 22:45:44 +00:00			`void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,`
			`unsigned char *out, size_t outlen);`
			`size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);`


			`/*`
			`* RAND_POOL functions`
			`*/`
			`RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);`
			`void rand_pool_free(RAND_POOL *pool);`

			`const unsigned char rand_pool_buffer(RAND_POOL pool);`
			`unsigned char rand_pool_detach(RAND_POOL pool);`

			`size_t rand_pool_entropy(RAND_POOL *pool);`
			`size_t rand_pool_length(RAND_POOL *pool);`

			`size_t rand_pool_entropy_available(RAND_POOL *pool);`
			`size_t rand_pool_entropy_needed(RAND_POOL *pool);`
			`size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);`
			`size_t rand_pool_bytes_remaining(RAND_POOL *pool);`

			`size_t rand_pool_add(RAND_POOL *pool,`
			`const unsigned char *buffer, size_t len, size_t entropy);`
			`unsigned char rand_pool_add_begin(RAND_POOL pool, size_t len);`
			`size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);`


			`/*`
			`* Add random bytes to the pool to acquire requested amount of entropy`
			`*`
			`* This function is platform specific and tries to acquire the requested`
			`* amount of entropy by polling platform specific entropy sources.`
			`*`
			`* If the function succeeds in acquiring at least \|entropy_requested\| bits`
			`* of entropy, the total entropy count is returned. If it fails, it returns`
			`* an entropy count of 0.`
			`*/`
			`size_t rand_pool_acquire_entropy(RAND_POOL *pool);`

			`#endif`