RAND_METHOD deprecation: code changes

Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
author: Pauli <paul.dale@oracle.com> 2020-12-10 12:05:11 +1000
committer: Pauli <ppzgs1@gmail.com> 2021-02-23 23:24:41 +1000
commit: 786b13fa7786db8f198c46090816d9a3e4ae72fb (patch)
tree: 9e52087a0bf2a5518dcc83ce98351561fbd2d354 /crypto/rand
parent: de2ea978b5be4607c677aaefceebff39b1520e0a (diff)
2 files changed, 98 insertions, 18 deletions
diff --git a/crypto/rand/build.info b/crypto/rand/build.info
index b9dc16a6c7..500667c332 100644
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -1,12 +1,14 @@
 LIBS=../../libcrypto
 
-$COMMON=rand_lib.c rand_meth.c
+$COMMON=rand_lib.c
 $CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
 
 IF[{- !$disabled{'egd'} -}]
   $CRYPTO=$CRYPTO rand_egd.c
 ENDIF
-
+IF[{- !$disabled{'deprecated-3.0'} -}]
+  $COMMON=$COMMON  rand_meth.c
+ENDIF
 
 SOURCE[../../libcrypto]=$COMMON $CRYPTO
 SOURCE[../../providers/libfips.a]=$COMMON
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 69afa9d2ea..2a4055f617 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -35,8 +35,10 @@
 static ENGINE *funct_ref;
 static CRYPTO_RWLOCK *rand_engine_lock;
 # endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 static CRYPTO_RWLOCK *rand_meth_lock;
 static const RAND_METHOD *default_RAND_meth;
+# endif
 static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
 
 static int rand_inited = 0;
@@ -49,9 +51,11 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
         return 0;
 # endif
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     rand_meth_lock = CRYPTO_THREAD_lock_new();
     if (rand_meth_lock == NULL)
         goto err;
+# endif
 
     if (!rand_pool_init())
         goto err;
@@ -60,8 +64,10 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
     return 1;
 
  err:
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     CRYPTO_THREAD_lock_free(rand_meth_lock);
     rand_meth_lock = NULL;
+# endif
 # ifndef OPENSSL_NO_ENGINE
     CRYPTO_THREAD_lock_free(rand_engine_lock);
     rand_engine_lock = NULL;
@@ -71,6 +77,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
 
 void rand_cleanup_int(void)
 {
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = default_RAND_meth;
 
     if (!rand_inited)
@@ -79,13 +86,16 @@ void rand_cleanup_int(void)
     if (meth != NULL && meth->cleanup != NULL)
         meth->cleanup();
     RAND_set_rand_method(NULL);
+# endif
     rand_pool_cleanup();
 # ifndef OPENSSL_NO_ENGINE
     CRYPTO_THREAD_lock_free(rand_engine_lock);
     rand_engine_lock = NULL;
 # endif
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     CRYPTO_THREAD_lock_free(rand_meth_lock);
     rand_meth_lock = NULL;
+# endif
     rand_inited = 0;
 }
 
@@ -109,13 +119,13 @@ void RAND_keep_random_devices_open(int keep)
  */
 int RAND_poll(void)
 {
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = RAND_get_rand_method();
     int ret = meth == RAND_OpenSSL();
 
     if (meth == NULL)
         return 0;
 
-#ifndef OPENSSL_NO_DEPRECATED_3_0
     if (!ret) {
         /* fill random pool and seed the current legacy RNG */
         RAND_POOL *pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
@@ -138,20 +148,26 @@ int RAND_poll(void)
      err:
         rand_pool_free(pool);
     }
-#endif
     return ret;
+# else
+    static const char salt[] = "polling";
+
+    RAND_seed(salt, sizeof(salt));
+    return 1;
+# endif
 }
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 int RAND_set_rand_method(const RAND_METHOD *meth)
 {
     if (!RUN_ONCE(&rand_init, do_rand_init))
         return 0;
 
     CRYPTO_THREAD_write_lock(rand_meth_lock);
-# ifndef OPENSSL_NO_ENGINE
+#  ifndef OPENSSL_NO_ENGINE
     ENGINE_finish(funct_ref);
     funct_ref = NULL;
-# endif
+#  endif
     default_RAND_meth = meth;
     CRYPTO_THREAD_unlock(rand_meth_lock);
     return 1;
@@ -166,7 +182,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
 
     CRYPTO_THREAD_write_lock(rand_meth_lock);
     if (default_RAND_meth == NULL) {
-# ifndef OPENSSL_NO_ENGINE
+#  ifndef OPENSSL_NO_ENGINE
         ENGINE *e;
 
         /* If we have an engine that can do RAND, use it. */
@@ -178,16 +194,16 @@ const RAND_METHOD *RAND_get_rand_method(void)
             ENGINE_finish(e);
             default_RAND_meth = &rand_meth;
         }
-# else
+#  else
         default_RAND_meth = &rand_meth;
-# endif
+#  endif
     }
     tmp_meth = default_RAND_meth;
     CRYPTO_THREAD_unlock(rand_meth_lock);
     return tmp_meth;
 }
 
-# if !defined(OPENSSL_NO_ENGINE)
+#  if !defined(OPENSSL_NO_ENGINE)
 int RAND_set_rand_engine(ENGINE *engine)
 {
     const RAND_METHOD *tmp_meth = NULL;
@@ -211,22 +227,40 @@ int RAND_set_rand_engine(ENGINE *engine)
     CRYPTO_THREAD_unlock(rand_engine_lock);
     return 1;
 }
-# endif
+#  endif
+# endif /* OPENSSL_NO_DEPRECATED_3_0 */
 
 void RAND_seed(const void *buf, int num)
 {
+    EVP_RAND_CTX *drbg;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth != NULL && meth->seed != NULL)
+    if (meth != NULL && meth->seed != NULL) {
         meth->seed(buf, num);
+        return;
+    }
+# endif
+
+    drbg = RAND_get0_primary(NULL);
+    if (drbg != NULL && num > 0)
+        EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
 }
 
 void RAND_add(const void *buf, int num, double randomness)
 {
+    EVP_RAND_CTX *drbg;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth != NULL && meth->add != NULL)
+    if (meth != NULL && meth->add != NULL) {
         meth->add(buf, num, randomness);
+        return;
+    }
+# endif
+    drbg = RAND_get0_primary(NULL);
+    if (drbg != NULL && num > 0)
+        EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
 }
 
 # if !defined(OPENSSL_NO_DEPRECATED_1_1_0)
@@ -244,21 +278,25 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
 int RAND_status(void)
 {
     EVP_RAND_CTX *rand;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL())
         return meth->status != NULL ? meth->status() : 0;
+# endif
 
     if ((rand = RAND_get0_primary(NULL)) == NULL)
         return 0;
     return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
 }
-#else  /* !FIPS_MODULE */
+# else  /* !FIPS_MODULE */
 
+# ifndef OPENSSL_NO_DEPRECATED_3_0
 const RAND_METHOD *RAND_get_rand_method(void)
 {
     return NULL;
 }
+# endif
 #endif /* !FIPS_MODULE */
 
 /*
@@ -269,6 +307,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
 int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
 {
     EVP_RAND_CTX *rand;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
@@ -277,6 +316,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
         ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED);
         return -1;
     }
+#endif
 
     rand = RAND_get0_private(ctx);
     if (rand != NULL)
@@ -293,6 +333,7 @@ int RAND_priv_bytes(unsigned char *buf, int num)
 int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
 {
     EVP_RAND_CTX *rand;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
     const RAND_METHOD *meth = RAND_get_rand_method();
 
     if (meth != NULL && meth != RAND_OpenSSL()) {
@@ -301,6 +342,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
         ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED);
         return -1;
     }
+#endif
 
     rand = RAND_get0_public(ctx);
     if (rand != NULL)
@@ -670,11 +712,14 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx)
 #ifndef FIPS_MODULE
 static int random_set_string(char **p, const char *s)
 {
-    char *d = OPENSSL_strdup(s);
+    char *d = NULL;
 
-    if (d == NULL) {
-        ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
-        return 0;
+    if (s != NULL) {
+        d = OPENSSL_strdup(s);
+        if (d == NULL) {
+            ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
     }
     OPENSSL_free(*p);
     *p = d;
@@ -742,4 +787,37 @@ void ossl_random_add_conf_module(void)
     OSSL_TRACE(CONF, "Adding config module 'random'\n");
     CONF_module_add("random", random_conf_init, random_conf_deinit);
 }
+
+int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,
+                       const char *cipher, const char *digest)
+{
+    RAND_GLOBAL *dgbl = rand_get_global(ctx);
+
+    if (dgbl == NULL)
+        return 0;
+    if (dgbl->primary != NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED);
+        return 0;
+    }
+    return random_set_string(&dgbl->rng_name, drbg)
+        && random_set_string(&dgbl->rng_propq, propq)
+        && random_set_string(&dgbl->rng_cipher, cipher)
+        && random_set_string(&dgbl->rng_digest, digest);
+}
+
+int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed,
+                              const char *propq)
+{
+    RAND_GLOBAL *dgbl = rand_get_global(ctx);
+
+    if (dgbl == NULL)
+        return 0;
+    if (dgbl->primary != NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED);
+        return 0;
+    }
+    return random_set_string(&dgbl->seed_name, seed)
+        && random_set_string(&dgbl->seed_propq, propq);
+}
+
 #endif
author	Pauli <paul.dale@oracle.com>	2020-12-10 12:05:11 +1000
committer	Pauli <ppzgs1@gmail.com>	2021-02-23 23:24:41 +1000
commit	786b13fa7786db8f198c46090816d9a3e4ae72fb (patch)
tree	9e52087a0bf2a5518dcc83ce98351561fbd2d354 /crypto/rand
parent	de2ea978b5be4607c677aaefceebff39b1520e0a (diff)