diff options
author | Matthias St. Pierre <matthias.st.pierre@ncp-e.com> | 2023-10-16 23:48:03 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-10-20 09:48:34 +0100 |
commit | 5516d20226c496c2b22fa741698b4d48dad0428f (patch) | |
tree | d257c2536b7eb711cdc47fbd9d0495507bdde172 /doc/internal | |
parent | 098f27f9ef8be2a418f76896ee3c824e8709fcf7 (diff) |
rand: add callbacks to cleanup the user entropy resp. nonce
The `get_user_{entropy,nonce}` callbacks were add recently to the
dispatch table in commit 4cde7585ce8e. Instead of adding corresponding
`cleanup_user_{entropy,nonce}` callbacks, the `cleanup_{entropy,nonce}`
callbacks were reused. This can cause a problem in the case where the
seed source is replaced by a provider: the buffer gets allocated by
the provider but cleared by the core.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22423)
Diffstat (limited to 'doc/internal')
-rw-r--r-- | doc/internal/man3/ossl_rand_get_entropy.pod | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/doc/internal/man3/ossl_rand_get_entropy.pod b/doc/internal/man3/ossl_rand_get_entropy.pod index 5c7a076336..be39369f2b 100644 --- a/doc/internal/man3/ossl_rand_get_entropy.pod +++ b/doc/internal/man3/ossl_rand_get_entropy.pod @@ -2,8 +2,10 @@ =head1 NAME -ossl_rand_get_entropy, ossl_rand_get_user_entropy, ossl_rand_cleanup_entropy, -ossl_rand_get_nonce, ossl_rand_get_user_nonce, ossl_rand_cleanup_nonce +ossl_rand_get_entropy, ossl_rand_get_user_entropy, +ossl_rand_cleanup_entropy, ossl_rand_cleanup_user_entropy, +ossl_rand_get_nonce, ossl_rand_get_user_nonce, +ossl_rand_cleanup_nonce, ossl_rand_cleanup_user_nonce - get seed material from the operating system =head1 SYNOPSIS @@ -18,6 +20,8 @@ ossl_rand_get_nonce, ossl_rand_get_user_nonce, ossl_rand_cleanup_nonce size_t min_len, size_t max_len); void ossl_rand_cleanup_entropy(OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len); + void ossl_rand_cleanup_user_entropy(OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len); size_t ossl_rand_get_nonce(OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, const void *salt, size_t salt_len); @@ -26,6 +30,8 @@ ossl_rand_get_nonce, ossl_rand_get_user_nonce, ossl_rand_cleanup_nonce const void *salt, size_t salt_len); void ossl_rand_cleanup_nonce(OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len); + void ossl_rand_cleanup_user_nonce(OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len); =head1 DESCRIPTION @@ -41,8 +47,12 @@ DRBG seed source. By default this is the operating system but it can be changed by calling L<RAND_set_seed_source_type(3)>. ossl_rand_cleanup_entropy() cleanses and frees any storage allocated by -ossl_rand_get_entropy() or ossl_rand_get_user_entropy(). The entropy -buffer is pointed to by I<buf> and is of length I<len> bytes. +ossl_rand_get_entropy(). The entropy buffer is pointed to by I<buf> +and is of length I<len> bytes. + +ossl_rand_cleanup_user_entropy() cleanses and frees any storage allocated by +ossl_rand_get_user_entropy(). The entropy buffer is pointed to by I<buf> +and is of length I<len> bytes. ossl_rand_get_nonce() retrieves a nonce using the passed I<salt> parameter of length I<salt_len> and operating system specific information. @@ -76,8 +86,9 @@ of bytes in I<*pout> or 0 on error. =head1 HISTORY -The functions ossl_rand_get_user_entropy() and ossl_rand_get_user_nonce() -were added in OpenSSL 3.0.12, 3.1.4 and 3.2.0. +The functions ossl_rand_get_user_entropy(), ossl_rand_get_user_nonce(), +ossl_rand_cleanup_user_entropy(), and ossl_rand_cleanup_user_nonce() +were added in OpenSSL 3.1.4 and 3.2.0. The remaining functions described here were all added in OpenSSL 3.0. |