diff options
author | Pauli <paul.dale@oracle.com> | 2020-12-10 12:05:11 +1000 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2021-02-23 23:24:41 +1000 |
commit | 786b13fa7786db8f198c46090816d9a3e4ae72fb (patch) | |
tree | 9e52087a0bf2a5518dcc83ce98351561fbd2d354 /crypto | |
parent | de2ea978b5be4607c677aaefceebff39b1520e0a (diff) |
RAND_METHOD deprecation: code changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rand/build.info | 6 | ||||
-rw-r--r-- | crypto/rand/rand_lib.c | 110 |
2 files changed, 98 insertions, 18 deletions
diff --git a/crypto/rand/build.info b/crypto/rand/build.info index b9dc16a6c7..500667c332 100644 --- a/crypto/rand/build.info +++ b/crypto/rand/build.info @@ -1,12 +1,14 @@ LIBS=../../libcrypto -$COMMON=rand_lib.c rand_meth.c +$COMMON=rand_lib.c $CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c IF[{- !$disabled{'egd'} -}] $CRYPTO=$CRYPTO rand_egd.c ENDIF - +IF[{- !$disabled{'deprecated-3.0'} -}] + $COMMON=$COMMON rand_meth.c +ENDIF SOURCE[../../libcrypto]=$COMMON $CRYPTO SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 69afa9d2ea..2a4055f617 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -35,8 +35,10 @@ static ENGINE *funct_ref; static CRYPTO_RWLOCK *rand_engine_lock; # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 static CRYPTO_RWLOCK *rand_meth_lock; static const RAND_METHOD *default_RAND_meth; +# endif static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; static int rand_inited = 0; @@ -49,9 +51,11 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) return 0; # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 rand_meth_lock = CRYPTO_THREAD_lock_new(); if (rand_meth_lock == NULL) goto err; +# endif if (!rand_pool_init()) goto err; @@ -60,8 +64,10 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) return 1; err: +# ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; +# endif # ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; @@ -71,6 +77,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init) void rand_cleanup_int(void) { +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = default_RAND_meth; if (!rand_inited) @@ -79,13 +86,16 @@ void rand_cleanup_int(void) if (meth != NULL && meth->cleanup != NULL) meth->cleanup(); RAND_set_rand_method(NULL); +# endif rand_pool_cleanup(); # ifndef OPENSSL_NO_ENGINE CRYPTO_THREAD_lock_free(rand_engine_lock); rand_engine_lock = NULL; # endif +# ifndef OPENSSL_NO_DEPRECATED_3_0 CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; +# endif rand_inited = 0; } @@ -109,13 +119,13 @@ void RAND_keep_random_devices_open(int keep) */ int RAND_poll(void) { +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); int ret = meth == RAND_OpenSSL(); if (meth == NULL) return 0; -#ifndef OPENSSL_NO_DEPRECATED_3_0 if (!ret) { /* fill random pool and seed the current legacy RNG */ RAND_POOL *pool = rand_pool_new(RAND_DRBG_STRENGTH, 1, @@ -138,20 +148,26 @@ int RAND_poll(void) err: rand_pool_free(pool); } -#endif return ret; +# else + static const char salt[] = "polling"; + + RAND_seed(salt, sizeof(salt)); + return 1; +# endif } +# ifndef OPENSSL_NO_DEPRECATED_3_0 int RAND_set_rand_method(const RAND_METHOD *meth) { if (!RUN_ONCE(&rand_init, do_rand_init)) return 0; CRYPTO_THREAD_write_lock(rand_meth_lock); -# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE ENGINE_finish(funct_ref); funct_ref = NULL; -# endif +# endif default_RAND_meth = meth; CRYPTO_THREAD_unlock(rand_meth_lock); return 1; @@ -166,7 +182,7 @@ const RAND_METHOD *RAND_get_rand_method(void) CRYPTO_THREAD_write_lock(rand_meth_lock); if (default_RAND_meth == NULL) { -# ifndef OPENSSL_NO_ENGINE +# ifndef OPENSSL_NO_ENGINE ENGINE *e; /* If we have an engine that can do RAND, use it. */ @@ -178,16 +194,16 @@ const RAND_METHOD *RAND_get_rand_method(void) ENGINE_finish(e); default_RAND_meth = &rand_meth; } -# else +# else default_RAND_meth = &rand_meth; -# endif +# endif } tmp_meth = default_RAND_meth; CRYPTO_THREAD_unlock(rand_meth_lock); return tmp_meth; } -# if !defined(OPENSSL_NO_ENGINE) +# if !defined(OPENSSL_NO_ENGINE) int RAND_set_rand_engine(ENGINE *engine) { const RAND_METHOD *tmp_meth = NULL; @@ -211,22 +227,40 @@ int RAND_set_rand_engine(ENGINE *engine) CRYPTO_THREAD_unlock(rand_engine_lock); return 1; } -# endif +# endif +# endif /* OPENSSL_NO_DEPRECATED_3_0 */ void RAND_seed(const void *buf, int num) { + EVP_RAND_CTX *drbg; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth != NULL && meth->seed != NULL) + if (meth != NULL && meth->seed != NULL) { meth->seed(buf, num); + return; + } +# endif + + drbg = RAND_get0_primary(NULL); + if (drbg != NULL && num > 0) + EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); } void RAND_add(const void *buf, int num, double randomness) { + EVP_RAND_CTX *drbg; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth != NULL && meth->add != NULL) + if (meth != NULL && meth->add != NULL) { meth->add(buf, num, randomness); + return; + } +# endif + drbg = RAND_get0_primary(NULL); + if (drbg != NULL && num > 0) + EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); } # if !defined(OPENSSL_NO_DEPRECATED_1_1_0) @@ -244,21 +278,25 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) int RAND_status(void) { EVP_RAND_CTX *rand; +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) return meth->status != NULL ? meth->status() : 0; +# endif if ((rand = RAND_get0_primary(NULL)) == NULL) return 0; return EVP_RAND_state(rand) == EVP_RAND_STATE_READY; } -#else /* !FIPS_MODULE */ +# else /* !FIPS_MODULE */ +# ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *RAND_get_rand_method(void) { return NULL; } +# endif #endif /* !FIPS_MODULE */ /* @@ -269,6 +307,7 @@ const RAND_METHOD *RAND_get_rand_method(void) int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) { EVP_RAND_CTX *rand; +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { @@ -277,6 +316,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } +#endif rand = RAND_get0_private(ctx); if (rand != NULL) @@ -293,6 +333,7 @@ int RAND_priv_bytes(unsigned char *buf, int num) int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) { EVP_RAND_CTX *rand; +#ifndef OPENSSL_NO_DEPRECATED_3_0 const RAND_METHOD *meth = RAND_get_rand_method(); if (meth != NULL && meth != RAND_OpenSSL()) { @@ -301,6 +342,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num) ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); return -1; } +#endif rand = RAND_get0_public(ctx); if (rand != NULL) @@ -670,11 +712,14 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) #ifndef FIPS_MODULE static int random_set_string(char **p, const char *s) { - char *d = OPENSSL_strdup(s); + char *d = NULL; - if (d == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; + if (s != NULL) { + d = OPENSSL_strdup(s); + if (d == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); + return 0; + } } OPENSSL_free(*p); *p = d; @@ -742,4 +787,37 @@ void ossl_random_add_conf_module(void) OSSL_TRACE(CONF, "Adding config module 'random'\n"); CONF_module_add("random", random_conf_init, random_conf_deinit); } + +int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, + const char *cipher, const char *digest) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + + if (dgbl == NULL) + return 0; + if (dgbl->primary != NULL) { + ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); + return 0; + } + return random_set_string(&dgbl->rng_name, drbg) + && random_set_string(&dgbl->rng_propq, propq) + && random_set_string(&dgbl->rng_cipher, cipher) + && random_set_string(&dgbl->rng_digest, digest); +} + +int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, + const char *propq) +{ + RAND_GLOBAL *dgbl = rand_get_global(ctx); + + if (dgbl == NULL) + return 0; + if (dgbl->primary != NULL) { + ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); + return 0; + } + return random_set_string(&dgbl->seed_name, seed) + && random_set_string(&dgbl->seed_propq, propq); +} + #endif |