diff options
author | Pauli <paul.dale@oracle.com> | 2020-07-22 12:55:31 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-08-07 14:16:47 +1000 |
commit | 7d615e2178fbffa53f05a67f68e5741374340308 (patch) | |
tree | 8e5cdbb8c39e24727e64af790831980b2a5d9e6a /crypto/rand/rand_local.h | |
parent | 4df0d37ff6cc399b93f9ef2524d087c2d67d41b5 (diff) |
rand_drbg: remove RAND_DRBG.
The RAND_DRBG API did not fit well into the new provider concept as
implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the
RAND_DRBG API is a mixture of 'front end' and 'back end' API calls
and some of its API calls are rather low-level. This holds in particular
for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG
type changing mechanism (RAND_DRBG_set()).
Adding a compatibility layer to continue supporting the RAND_DRBG API as
a legacy API for a regular deprecation period turned out to come at the
price of complicating the new provider API unnecessarily. Since the
RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC
to drop it entirely.
Other related changes:
Use RNG instead of DRBG in EVP_RAND documentation. The documentation was
using DRBG in places where it should have been RNG or CSRNG.
Move the RAND_DRBG(7) documentation to EVP_RAND(7).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12509)
Diffstat (limited to 'crypto/rand/rand_local.h')
-rw-r--r-- | crypto/rand/rand_local.h | 34 |
1 files changed, 1 insertions, 33 deletions
diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h index 73751d25e4..d1c9bd7fec 100644 --- a/crypto/rand/rand_local.h +++ b/crypto/rand/rand_local.h @@ -15,48 +15,16 @@ # include <openssl/sha.h> # include <openssl/hmac.h> # include <openssl/ec.h> -# include <openssl/rand_drbg.h> +# include <openssl/rand.h> # include "internal/tsan_assist.h" # include "crypto/rand.h" -# include "internal/numbers.h" - -/* Maximum reseed intervals */ -# define MAX_RESEED_INTERVAL (1 << 24) -# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */ - /* Default reseed intervals */ # define PRIMARY_RESEED_INTERVAL (1 << 8) # define SECONDARY_RESEED_INTERVAL (1 << 16) # define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ # define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ -/* - * The state of all types of DRBGs. - */ -struct rand_drbg_st { - CRYPTO_RWLOCK *lock; - /* The library context this DRBG is associated with, if any */ - OPENSSL_CTX *libctx; - RAND_DRBG *parent; - int type; /* the nid of the underlying algorithm */ - unsigned short flags; /* various external flags */ - - /* Application data, mainly used in the KATs. */ - CRYPTO_EX_DATA ex_data; - - /* Implementation */ - EVP_RAND_CTX *rand; - - /* Callback functions. See comments in rand_lib.c */ - RAND_DRBG_get_entropy_fn get_entropy; - RAND_DRBG_cleanup_entropy_fn cleanup_entropy; - RAND_DRBG_get_nonce_fn get_nonce; - RAND_DRBG_cleanup_nonce_fn cleanup_nonce; - - void *callback_data; -}; - /* The global RAND method, and the global buffer and DRBG instance. */ extern RAND_METHOD rand_meth; |