1
/*
2
 * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9

10
#include <stdlib.h>
11
#include <string.h>
12
#include <openssl/crypto.h>
13
#include <openssl/err.h>
14
#include <openssl/rand.h>
15
#include <openssl/proverr.h>
16
#include "internal/thread_once.h"
17
#include "prov/providercommon.h"
18
#include "prov/implementations.h"
19
#include "prov/provider_ctx.h"
20
#include "prov/hmac_drbg.h"
21
#include "drbg_local.h"
22
#include "crypto/evp.h"
23
#include "crypto/evp/evp_local.h"
24
#include "internal/provider.h"
25

26
static OSSL_FUNC_rand_newctx_fn drbg_hmac_new_wrapper;
27
static OSSL_FUNC_rand_freectx_fn drbg_hmac_free;
28
static OSSL_FUNC_rand_instantiate_fn drbg_hmac_instantiate_wrapper;
29
static OSSL_FUNC_rand_uninstantiate_fn drbg_hmac_uninstantiate_wrapper;
30
static OSSL_FUNC_rand_generate_fn drbg_hmac_generate_wrapper;
31
static OSSL_FUNC_rand_reseed_fn drbg_hmac_reseed_wrapper;
32
static OSSL_FUNC_rand_settable_ctx_params_fn drbg_hmac_settable_ctx_params;
33
static OSSL_FUNC_rand_set_ctx_params_fn drbg_hmac_set_ctx_params;
34
static OSSL_FUNC_rand_gettable_ctx_params_fn drbg_hmac_gettable_ctx_params;
35
static OSSL_FUNC_rand_get_ctx_params_fn drbg_hmac_get_ctx_params;
36
static OSSL_FUNC_rand_verify_zeroization_fn drbg_hmac_verify_zeroization;
37

38
static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]);
39

40
/*
41
 * Called twice by SP800-90Ar1 10.1.2.2 HMAC_DRBG_Update_Process.
42
 *
43
 * hmac is an object that holds the input/output Key and Value (K and V).
44
 * inbyte is 0x00 on the first call and 0x01 on the second call.
45
 * in1, in2, in3 are optional inputs that can be NULL.
46
 * in1len, in2len, in3len are the lengths of the input buffers.
47
 *
48
 * The returned K,V is:
49
 *   hmac->K = HMAC(hmac->K, hmac->V || inbyte || [in1] || [in2] || [in3])
50
 *   hmac->V = HMAC(hmac->K, hmac->V)
51
 *
52
 * Returns zero if an error occurs otherwise it returns 1.
53
 */
54
static int do_hmac(PROV_DRBG_HMAC *hmac, unsigned char inbyte,
55
    const unsigned char *in1, size_t in1len,
56
    const unsigned char *in2, size_t in2len,
57
    const unsigned char *in3, size_t in3len)
58
{
59
    EVP_MAC_CTX *ctx = hmac->ctx;
60

61
    if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL)
62
        /* K = HMAC(K, V || inbyte || [in1] || [in2] || [in3]) */
63
        || !EVP_MAC_update(ctx, hmac->V, hmac->blocklen)
64
        || !EVP_MAC_update(ctx, &inbyte, 1)
65
        || !(in1 == NULL || in1len == 0 || EVP_MAC_update(ctx, in1, in1len))
66
        || !(in2 == NULL || in2len == 0 || EVP_MAC_update(ctx, in2, in2len))
67
        || !(in3 == NULL || in3len == 0 || EVP_MAC_update(ctx, in3, in3len))
68
        || !EVP_MAC_final(ctx, hmac->K, NULL, sizeof(hmac->K)))
69
        return 0;
70

71
    /* V = HMAC(K, V) */
72
    return EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL)
73
        && EVP_MAC_update(ctx, hmac->V, hmac->blocklen)
74
        && EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V));
75
}
76

77
/*
78
 * SP800-90Ar1 10.1.2.2 HMAC_DRBG_Update_Process
79
 *
80
 *
81
 * Updates the drbg objects Key(K) and Value(V) using the following algorithm:
82
 *   K,V = do_hmac(hmac, 0, in1, in2, in3)
83
 *   if (any input is not NULL)
84
 *     K,V = do_hmac(hmac, 1, in1, in2, in3)
85
 *
86
 * where in1, in2, in3 are optional input buffers that can be NULL.
87
 *       in1len, in2len, in3len are the lengths of the input buffers.
88
 *
89
 * Returns zero if an error occurs otherwise it returns 1.
90
 */
91
static int drbg_hmac_update(PROV_DRBG_HMAC *hmac,
92
    const unsigned char *in1, size_t in1len,
93
    const unsigned char *in2, size_t in2len,
94
    const unsigned char *in3, size_t in3len)
95
{
96
    /* (Steps 1-2) K = HMAC(K, V||0x00||provided_data). V = HMAC(K,V) */
97
    if (!do_hmac(hmac, 0x00, in1, in1len, in2, in2len, in3, in3len))
98
        return 0;
99
    /* (Step 3) If provided_data == NULL then return (K,V) */
100
    if (in1len == 0 && in2len == 0 && in3len == 0)
101
        return 1;
102
    /* (Steps 4-5) K = HMAC(K, V||0x01||provided_data). V = HMAC(K,V) */
103
    return do_hmac(hmac, 0x01, in1, in1len, in2, in2len, in3, in3len);
104
}
105

106
/*
107
 * SP800-90Ar1 10.1.2.3 HMAC_DRBG_Instantiate_Process:
108
 *
109
 * This sets the drbg Key (K) to all zeros, and Value (V) to all 1's.
110
 * and then calls (K,V) = drbg_hmac_update() with input parameters:
111
 *   ent = entropy data (Can be NULL) of length ent_len.
112
 *   nonce = nonce data (Can be NULL) of length nonce_len.
113
 *   pstr = personalization data (Can be NULL) of length pstr_len.
114
 *
115
 * Returns zero if an error occurs otherwise it returns 1.
116
 */
117
int ossl_drbg_hmac_init(PROV_DRBG_HMAC *hmac,
118
    const unsigned char *ent, size_t ent_len,
119
    const unsigned char *nonce, size_t nonce_len,
120
    const unsigned char *pstr, size_t pstr_len)
121
{
122
    if (hmac->ctx == NULL) {
123
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MAC);
124
        return 0;
125
    }
126

127
    /* (Step 2) Key = 0x00 00...00 */
128
    memset(hmac->K, 0x00, hmac->blocklen);
129
    /* (Step 3) V = 0x01 01...01 */
130
    memset(hmac->V, 0x01, hmac->blocklen);
131
    /* (Step 4) (K,V) = HMAC_DRBG_Update(entropy||nonce||pers string, K, V) */
132
    return drbg_hmac_update(hmac, ent, ent_len, nonce, nonce_len, pstr,
133
        pstr_len);
134
}
135
static int drbg_hmac_instantiate(PROV_DRBG *drbg,
136
    const unsigned char *ent, size_t ent_len,
137
    const unsigned char *nonce, size_t nonce_len,
138
    const unsigned char *pstr, size_t pstr_len)
139
{
140
    return ossl_drbg_hmac_init((PROV_DRBG_HMAC *)drbg->data, ent, ent_len,
141
        nonce, nonce_len, pstr, pstr_len);
142
}
143

144
static int drbg_hmac_instantiate_wrapper(void *vdrbg, unsigned int strength,
145
    int prediction_resistance,
146
    const unsigned char *pstr,
147
    size_t pstr_len,
148
    const OSSL_PARAM params[])
149
{
150
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
151
    int ret = 0;
152

153
    if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock))
154
        return 0;
155

156
    if (!ossl_prov_is_running()
157
        || !drbg_hmac_set_ctx_params_locked(drbg, params))
158
        goto err;
159
    ret = ossl_prov_drbg_instantiate(drbg, strength, prediction_resistance,
160
        pstr, pstr_len);
161
err:
162
    if (drbg->lock != NULL)
163
        CRYPTO_THREAD_unlock(drbg->lock);
164
    return ret;
165
}
166

167
/*
168
 * SP800-90Ar1 10.1.2.4 HMAC_DRBG_Reseed_Process:
169
 *
170
 * Reseeds the drbg's Key (K) and Value (V) by calling
171
 * (K,V) = drbg_hmac_update() with the following input parameters:
172
 *   ent = entropy input data (Can be NULL) of length ent_len.
173
 *   adin = additional input data (Can be NULL) of length adin_len.
174
 *
175
 * Returns zero if an error occurs otherwise it returns 1.
176
 */
177
static int drbg_hmac_reseed(PROV_DRBG *drbg,
178
    const unsigned char *ent, size_t ent_len,
179
    const unsigned char *adin, size_t adin_len)
180
{
181
    PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
182

183
    /* (Step 2) (K,V) = HMAC_DRBG_Update(entropy||additional_input, K, V) */
184
    return drbg_hmac_update(hmac, ent, ent_len, adin, adin_len, NULL, 0);
185
}
186

187
static int drbg_hmac_reseed_wrapper(void *vdrbg, int prediction_resistance,
188
    const unsigned char *ent, size_t ent_len,
189
    const unsigned char *adin, size_t adin_len)
190
{
191
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
192

193
    return ossl_prov_drbg_reseed(drbg, prediction_resistance, ent, ent_len,
194
        adin, adin_len);
195
}
196

197
/*
198
 * SP800-90Ar1 10.1.2.5 HMAC_DRBG_Generate_Process:
199
 *
200
 * Generates pseudo random bytes and updates the internal K,V for the drbg.
201
 * out is a buffer to fill with outlen bytes of pseudo random data.
202
 * adin is an additional_input string of size adin_len that may be NULL.
203
 *
204
 * Returns zero if an error occurs otherwise it returns 1.
205
 */
206
int ossl_drbg_hmac_generate(PROV_DRBG_HMAC *hmac,
207
    unsigned char *out, size_t outlen,
208
    const unsigned char *adin, size_t adin_len)
209
{
210
    EVP_MAC_CTX *ctx = hmac->ctx;
211
    const unsigned char *temp = hmac->V;
212

213
    /* (Step 2) if adin != NULL then (K,V) = HMAC_DRBG_Update(adin, K, V) */
214
    if (adin != NULL
215
        && adin_len > 0
216
        && !drbg_hmac_update(hmac, adin, adin_len, NULL, 0, NULL, 0))
217
        return 0;
218

219
    /*
220
     * (Steps 3-5) temp = NULL
221
     *             while (len(temp) < outlen) {
222
     *                 V = HMAC(K, V)
223
     *                 temp = temp || V
224
     *             }
225
     */
226
    for (;;) {
227
        if (!EVP_MAC_init(ctx, hmac->K, hmac->blocklen, NULL)
228
            || !EVP_MAC_update(ctx, temp, hmac->blocklen))
229
            return 0;
230

231
        if (outlen > hmac->blocklen) {
232
            if (!EVP_MAC_final(ctx, out, NULL, outlen))
233
                return 0;
234
            temp = out;
235
        } else {
236
            if (!EVP_MAC_final(ctx, hmac->V, NULL, sizeof(hmac->V)))
237
                return 0;
238
            memcpy(out, hmac->V, outlen);
239
            break;
240
        }
241
        out += hmac->blocklen;
242
        outlen -= hmac->blocklen;
243
    }
244
    /* (Step 6) (K,V) = HMAC_DRBG_Update(adin, K, V) */
245
    if (!drbg_hmac_update(hmac, adin, adin_len, NULL, 0, NULL, 0))
246
        return 0;
247

248
    return 1;
249
}
250

251
static int drbg_hmac_generate(PROV_DRBG *drbg,
252
    unsigned char *out, size_t outlen,
253
    const unsigned char *adin, size_t adin_len)
254
{
255
    return ossl_drbg_hmac_generate((PROV_DRBG_HMAC *)drbg->data, out, outlen,
256
        adin, adin_len);
257
}
258

259
static int drbg_hmac_generate_wrapper(void *vdrbg,
260
    unsigned char *out, size_t outlen, unsigned int strength,
261
    int prediction_resistance, const unsigned char *adin, size_t adin_len)
262
{
263
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
264

265
    return ossl_prov_drbg_generate(drbg, out, outlen, strength,
266
        prediction_resistance, adin, adin_len);
267
}
268

269
static int drbg_hmac_uninstantiate(PROV_DRBG *drbg)
270
{
271
    PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
272

273
    OPENSSL_cleanse(hmac->K, sizeof(hmac->K));
274
    OPENSSL_cleanse(hmac->V, sizeof(hmac->V));
275
    return ossl_prov_drbg_uninstantiate(drbg);
276
}
277

278
static int drbg_hmac_uninstantiate_wrapper(void *vdrbg)
279
{
280
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
281
    int ret;
282

283
    if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock))
284
        return 0;
285

286
    ret = drbg_hmac_uninstantiate(drbg);
287

288
    if (drbg->lock != NULL)
289
        CRYPTO_THREAD_unlock(drbg->lock);
290

291
    return ret;
292
}
293

294
static int drbg_hmac_verify_zeroization(void *vdrbg)
295
{
296
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
297
    PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
298
    int ret = 0;
299

300
    if (drbg->lock != NULL && !CRYPTO_THREAD_read_lock(drbg->lock))
301
        return 0;
302

303
    PROV_DRBG_VERIFY_ZEROIZATION(hmac->K);
304
    PROV_DRBG_VERIFY_ZEROIZATION(hmac->V);
305

306
    ret = 1;
307
err:
308
    if (drbg->lock != NULL)
309
        CRYPTO_THREAD_unlock(drbg->lock);
310
    return ret;
311
}
312

313
static int drbg_hmac_new(PROV_DRBG *drbg)
314
{
315
    PROV_DRBG_HMAC *hmac;
316

317
    hmac = OPENSSL_secure_zalloc(sizeof(*hmac));
318
    if (hmac == NULL)
319
        return 0;
320

321
    OSSL_FIPS_IND_INIT(drbg)
322

323
    drbg->data = hmac;
324
    /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
325
    drbg->max_entropylen = DRBG_MAX_LENGTH;
326
    drbg->max_noncelen = DRBG_MAX_LENGTH;
327
    drbg->max_perslen = DRBG_MAX_LENGTH;
328
    drbg->max_adinlen = DRBG_MAX_LENGTH;
329

330
    /* Maximum number of bits per request = 2^19  = 2^16 bytes */
331
    drbg->max_request = 1 << 16;
332
    return 1;
333
}
334

335
static void *drbg_hmac_new_wrapper(void *provctx, void *parent,
336
    const OSSL_DISPATCH *parent_dispatch)
337
{
338
    return ossl_rand_drbg_new(provctx, parent, parent_dispatch,
339
        &drbg_hmac_new, &drbg_hmac_free,
340
        &drbg_hmac_instantiate, &drbg_hmac_uninstantiate,
341
        &drbg_hmac_reseed, &drbg_hmac_generate);
342
}
343

344
static void drbg_hmac_free(void *vdrbg)
345
{
346
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
347
    PROV_DRBG_HMAC *hmac;
348

349
    if (drbg != NULL && (hmac = (PROV_DRBG_HMAC *)drbg->data) != NULL) {
350
        EVP_MAC_CTX_free(hmac->ctx);
351
        ossl_prov_digest_reset(&hmac->digest);
352
        OPENSSL_secure_clear_free(hmac, sizeof(*hmac));
353
    }
354
    ossl_rand_drbg_free(drbg);
355
}
356

357
static int drbg_hmac_get_ctx_params(void *vdrbg, OSSL_PARAM params[])
358
{
359
    PROV_DRBG *drbg = (PROV_DRBG *)vdrbg;
360
    PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)drbg->data;
361
    const char *name;
362
    const EVP_MD *md;
363
    OSSL_PARAM *p;
364
    int ret = 0, complete = 0;
365

366
    if (!ossl_drbg_get_ctx_params_no_lock(drbg, params, &complete))
367
        return 0;
368

369
    if (complete)
370
        return 1;
371

372
    if (drbg->lock != NULL && !CRYPTO_THREAD_read_lock(drbg->lock))
373
        return 0;
374

375
    p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_MAC);
376
    if (p != NULL) {
377
        if (hmac->ctx == NULL)
378
            goto err;
379
        name = EVP_MAC_get0_name(EVP_MAC_CTX_get0_mac(hmac->ctx));
380
        if (!OSSL_PARAM_set_utf8_string(p, name))
381
            goto err;
382
    }
383

384
    p = OSSL_PARAM_locate(params, OSSL_DRBG_PARAM_DIGEST);
385
    if (p != NULL) {
386
        md = ossl_prov_digest_md(&hmac->digest);
387
        if (md == NULL || !OSSL_PARAM_set_utf8_string(p, EVP_MD_get0_name(md)))
388
            goto err;
389
    }
390

391
    ret = ossl_drbg_get_ctx_params(drbg, params);
392
err:
393
    if (drbg->lock != NULL)
394
        CRYPTO_THREAD_unlock(drbg->lock);
395

396
    return ret;
397
}
398

399
static const OSSL_PARAM *drbg_hmac_gettable_ctx_params(ossl_unused void *vctx,
400
    ossl_unused void *p_ctx)
401
{
402
    static const OSSL_PARAM known_gettable_ctx_params[] = {
403
        OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_MAC, NULL, 0),
404
        OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_DIGEST, NULL, 0),
405
        OSSL_PARAM_DRBG_GETTABLE_CTX_COMMON,
406
        OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
407
            OSSL_PARAM_END
408
    };
409
    return known_gettable_ctx_params;
410
}
411

412
static int drbg_fetch_algs_from_prov(const OSSL_PARAM params[],
413
    OSSL_LIB_CTX *libctx,
414
    EVP_MAC_CTX **macctx,
415
    EVP_MD **digest)
416
{
417
    OSSL_PROVIDER *prov = NULL;
418
    const OSSL_PARAM *p;
419
    const char *digest_name = NULL;
420
    const char *hmac_name = NULL;
421
    EVP_MD *md = NULL;
422
    EVP_MAC *mac = NULL;
423
    OSSL_PARAM mac_params[2], *mp = mac_params;
424
    int ret = 0;
425

426
    if (macctx == NULL || digest == NULL)
427
        return 0;
428

429
    if ((p = OSSL_PARAM_locate_const(params,
430
             OSSL_PROV_PARAM_CORE_PROV_NAME))
431
        == NULL)
432
        return 0;
433
    if (p->data_type != OSSL_PARAM_UTF8_STRING)
434
        return 0;
435
    if ((prov = ossl_provider_find(libctx, (const char *)p->data, 1)) == NULL)
436
        return 0;
437

438
    p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
439
    if (p) {
440
        if (OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) {
441
            ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
442
            goto done;
443
        }
444
        md = evp_digest_fetch_from_prov(prov, digest_name, NULL);
445
        if (md) {
446
            EVP_MD_free(*digest);
447
            *digest = md;
448
        } else {
449
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST);
450
            goto done;
451
        }
452
    } else {
453
        /* we need a digest */
454
        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST);
455
        goto done;
456
    }
457
    p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_MAC);
458
    if (p == NULL) {
459
        hmac_name = "HMAC";
460
    } else {
461
        if (OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) {
462
            ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
463
            goto done;
464
        }
465
    }
466

467
    EVP_MAC_CTX_free(*macctx);
468
    *macctx = NULL;
469

470
    mac = evp_mac_fetch_from_prov(prov, hmac_name, NULL);
471
    if (mac) {
472
        *macctx = EVP_MAC_CTX_new(mac);
473
        /* The context holds on to the MAC */
474
        EVP_MAC_free(mac);
475
        *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, (char *)digest_name, 0);
476
        *mp = OSSL_PARAM_construct_end();
477
        if (!EVP_MAC_CTX_set_params(*macctx, mac_params)) {
478
            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC);
479
            EVP_MAC_CTX_free(*macctx);
480
            *macctx = NULL;
481
            goto done;
482
        }
483
        ret = 1;
484
    }
485

486
done:
487
    ossl_provider_free(prov);
488
    return ret;
489
}
490

491
static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[])
492
{
493
    PROV_DRBG *ctx = (PROV_DRBG *)vctx;
494
    PROV_DRBG_HMAC *hmac = (PROV_DRBG_HMAC *)ctx->data;
495
    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
496
    EVP_MD *prov_md = NULL;
497
    const EVP_MD *md;
498
    int md_size;
499

500
    if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
501
            OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK))
502
        return 0;
503

504
    /* try to fetch mac and digest from provider */
505
    (void)ERR_set_mark();
506
    if (!drbg_fetch_algs_from_prov(params, libctx, &hmac->ctx, &prov_md)) {
507
        (void)ERR_pop_to_mark();
508
        /* fall back to full implementation search */
509
        if (!ossl_prov_digest_load_from_params(&hmac->digest, params, libctx))
510
            return 0;
511

512
        if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params,
513
                NULL, NULL, NULL, libctx))
514
            return 0;
515
    } else {
516
        (void)ERR_clear_last_mark();
517
        if (prov_md)
518
            ossl_prov_digest_set_md(&hmac->digest, prov_md);
519
    }
520

521
    md = ossl_prov_digest_md(&hmac->digest);
522
    if (md != NULL && !ossl_drbg_verify_digest(ctx, libctx, md))
523
        return 0; /* Error already raised for us */
524

525
    if (md != NULL && hmac->ctx != NULL) {
526
        /* These are taken from SP 800-90 10.1 Table 2 */
527
        md_size = EVP_MD_get_size(md);
528
        if (md_size <= 0)
529
            return 0;
530
        hmac->blocklen = (size_t)md_size;
531
        /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
532
        ctx->strength = 64 * (int)(hmac->blocklen >> 3);
533
        if (ctx->strength > 256)
534
            ctx->strength = 256;
535
        ctx->seedlen = hmac->blocklen;
536
        ctx->min_entropylen = ctx->strength / 8;
537
        ctx->min_noncelen = ctx->min_entropylen / 2;
538
    }
539

540
    return ossl_drbg_set_ctx_params(ctx, params);
541
}
542

543
static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])
544
{
545
    PROV_DRBG *drbg = (PROV_DRBG *)vctx;
546
    int ret;
547

548
    if (drbg->lock != NULL && !CRYPTO_THREAD_write_lock(drbg->lock))
549
        return 0;
550

551
    ret = drbg_hmac_set_ctx_params_locked(vctx, params);
552

553
    if (drbg->lock != NULL)
554
        CRYPTO_THREAD_unlock(drbg->lock);
555

556
    return ret;
557
}
558

559
static const OSSL_PARAM *drbg_hmac_settable_ctx_params(ossl_unused void *vctx,
560
    ossl_unused void *p_ctx)
561
{
562
    static const OSSL_PARAM known_settable_ctx_params[] = {
563
        OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, NULL, 0),
564
        OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_DIGEST, NULL, 0),
565
        OSSL_PARAM_utf8_string(OSSL_DRBG_PARAM_MAC, NULL, 0),
566
        OSSL_PARAM_DRBG_SETTABLE_CTX_COMMON,
567
        OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_DRBG_PARAM_FIPS_DIGEST_CHECK)
568
            OSSL_PARAM_END
569
    };
570
    return known_settable_ctx_params;
571
}
572

573
const OSSL_DISPATCH ossl_drbg_ossl_hmac_functions[] = {
574
    { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))drbg_hmac_new_wrapper },
575
    { OSSL_FUNC_RAND_FREECTX, (void (*)(void))drbg_hmac_free },
576
    { OSSL_FUNC_RAND_INSTANTIATE,
577
        (void (*)(void))drbg_hmac_instantiate_wrapper },
578
    { OSSL_FUNC_RAND_UNINSTANTIATE,
579
        (void (*)(void))drbg_hmac_uninstantiate_wrapper },
580
    { OSSL_FUNC_RAND_GENERATE, (void (*)(void))drbg_hmac_generate_wrapper },
581
    { OSSL_FUNC_RAND_RESEED, (void (*)(void))drbg_hmac_reseed_wrapper },
582
    { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))ossl_drbg_enable_locking },
583
    { OSSL_FUNC_RAND_LOCK, (void (*)(void))ossl_drbg_lock },
584
    { OSSL_FUNC_RAND_UNLOCK, (void (*)(void))ossl_drbg_unlock },
585
    { OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS,
586
        (void (*)(void))drbg_hmac_settable_ctx_params },
587
    { OSSL_FUNC_RAND_SET_CTX_PARAMS, (void (*)(void))drbg_hmac_set_ctx_params },
588
    { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
589
        (void (*)(void))drbg_hmac_gettable_ctx_params },
590
    { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void (*)(void))drbg_hmac_get_ctx_params },
591
    { OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
592
        (void (*)(void))drbg_hmac_verify_zeroization },
593
    { OSSL_FUNC_RAND_GET_SEED, (void (*)(void))ossl_drbg_get_seed },
594
    { OSSL_FUNC_RAND_CLEAR_SEED, (void (*)(void))ossl_drbg_clear_seed },
595
    OSSL_DISPATCH_END
596
};
597

598