summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2018-03-05 23:45:44 +0100
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2018-03-15 18:58:38 +0100
commit6decf9436f77ff65ed8ed773268663a9273cfbc8 (patch)
treed22016d214eff4f34e7ffa34f754cf0d25552379
parentAdd code to run test, get malloc counts (diff)
downloadopenssl-6decf9436f77ff65ed8ed773268663a9273cfbc8.tar.xz
openssl-6decf9436f77ff65ed8ed773268663a9273cfbc8.zip
Publish the RAND_DRBG API
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)
-rw-r--r--crypto/err/openssl.txt10
-rw-r--r--crypto/evp/e_aes.c2
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c2
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c2
-rw-r--r--crypto/evp/e_aria.c2
-rw-r--r--crypto/evp/e_des.c2
-rw-r--r--crypto/evp/e_des3.c2
-rw-r--r--crypto/evp/evp_enc.c2
-rw-r--r--crypto/evp/p_seal.c2
-rw-r--r--crypto/include/internal/rand_int.h58
-rw-r--r--crypto/rand/drbg_ctr.c4
-rw-r--r--crypto/rand/drbg_lib.c10
-rw-r--r--crypto/rand/rand_err.c10
-rw-r--r--crypto/rand/rand_lcl.h16
-rw-r--r--crypto/rand/rand_lib.c110
-rw-r--r--crypto/rand/rand_unix.c41
-rw-r--r--crypto/rand/rand_vms.c4
-rw-r--r--crypto/rand/rand_win.c25
-rw-r--r--include/openssl/ossl_typ.h1
-rw-r--r--include/openssl/rand_drbg.h (renamed from include/internal/rand.h)50
-rw-r--r--ssl/ssl_lib.c2
-rw-r--r--util/libcrypto.num236
-rwxr-xr-xutil/mkdef.pl1
23 files changed, 302 insertions, 292 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 896c089da6..176a82b156 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -918,11 +918,11 @@ RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
RAND_F_RAND_LOAD_FILE:111:RAND_load_file
-RAND_F_RAND_POOL_ADD:103:RAND_POOL_add
-RAND_F_RAND_POOL_ADD_BEGIN:113:RAND_POOL_add_begin
-RAND_F_RAND_POOL_ADD_END:114:RAND_POOL_add_end
-RAND_F_RAND_POOL_BYTES_NEEDED:115:RAND_POOL_bytes_needed
-RAND_F_RAND_POOL_NEW:116:RAND_POOL_new
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
RSA_F_CHECK_PADDING_MD:140:check_padding_md
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index bed9b2743e..2421385425 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -17,7 +17,7 @@
#include "internal/evp_int.h"
#include "modes_lcl.h"
#include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "evp_locl.h"
typedef struct {
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 053189e685..ac564a20f8 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -17,7 +17,7 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 215e02f131..e752d304b6 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -18,7 +18,7 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "modes_lcl.h"
#include "internal/constant_time_locl.h"
#include "internal/evp_int.h"
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 10525a84d9..9c1036b4bd 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -13,9 +13,9 @@
# include <openssl/evp.h>
# include <openssl/modes.h>
# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
-# include "internal/rand.h"
# include "modes_lcl.h"
# include "evp_locl.h"
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index d8c4afa886..3b4b714e38 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -15,7 +15,7 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
# include "evp_locl.h"
typedef struct {
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 75e6ecf314..b8fe42cb96 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -15,7 +15,7 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
# include "evp_locl.h"
typedef struct {
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3176c61538..9832e562b2 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -13,9 +13,9 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
-#include "internal/rand.h"
#include "evp_locl.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 3b79dab8b8..731879330b 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -14,7 +14,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "evp_locl.h"
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h
index fc1abd97bc..d90d9c5f63 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -15,8 +15,64 @@
* or in the file LICENSE in the source distribution.
*/
-#include <openssl/rand.h>
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
void rand_cleanup_int(void);
void rand_drbg_cleanup_int(void);
void rand_fork(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+ unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+ unsigned char *out, size_t outlen);
+size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+size_t rand_pool_add(RAND_POOL *pool,
+ const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+#endif
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c
index 0496cb0ae1..84425dc4e0 100644
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -12,9 +12,9 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#include "rand_lcl.h"
#include "internal/thread_once.h"
-
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
/*
* Implementation of NIST SP 800-90A CTR DRBG.
*/
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 12070d7571..93092c86a9 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -328,7 +328,7 @@ end:
RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
drbg->state = DRBG_ERROR;
}
- RAND_POOL_free(drbg->pool);
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
}
if (drbg->state == DRBG_READY)
@@ -446,7 +446,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
if (drbg->pool != NULL) {
RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- RAND_POOL_free(drbg->pool);
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
}
@@ -464,11 +464,11 @@ int rand_drbg_restart(RAND_DRBG *drbg,
}
/* will be picked up by the rand_drbg_get_entropy() callback */
- drbg->pool = RAND_POOL_new(entropy, len, len);
+ drbg->pool = rand_pool_new(entropy, len, len);
if (drbg->pool == NULL)
return 0;
- RAND_POOL_add(drbg->pool, buffer, len, entropy);
+ rand_pool_add(drbg->pool, buffer, len, entropy);
} else {
if (drbg->max_adinlen < len) {
RANDerr(RAND_F_RAND_DRBG_RESTART,
@@ -516,7 +516,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
if (drbg->pool != NULL) {
drbg->state = DRBG_ERROR;
RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- RAND_POOL_free(drbg->pool);
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
return 0;
}
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index 22467d83a1..542499f1a7 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -34,13 +34,13 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
"RAND_DRBG_uninstantiate"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
- {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "RAND_POOL_add"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
- "RAND_POOL_add_begin"},
- {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "RAND_POOL_add_end"},
+ "rand_pool_add_begin"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
- "RAND_POOL_bytes_needed"},
- {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "RAND_POOL_new"},
+ "rand_pool_bytes_needed"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
{0, NULL}
};
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index ceba8bba3f..2f1a52bb59 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -15,7 +15,7 @@
# include <openssl/sha.h>
# include <openssl/hmac.h>
# include <openssl/ec.h>
-# include "internal/rand.h"
+# include <openssl/rand_drbg.h>
/* How many times to read the TSC as a randomness source. */
# define TSC_READ_COUNT 4
@@ -128,7 +128,7 @@ struct rand_drbg_st {
* with respect to how randomness is added to the RNG during reseeding
* (see PR #4328).
*/
- RAND_POOL *pool;
+ struct rand_pool_st *pool;
/*
* The following parameters are setup by the per-type "init" function.
@@ -206,18 +206,6 @@ extern RAND_METHOD rand_meth;
/* How often we've forked (only incremented in child). */
extern int rand_fork_count;
-/* Hardware-based seeding functions. */
-size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
-size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
-
-/* DRBG entropy callbacks. */
-size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
- unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
-void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
- unsigned char *out, size_t outlen);
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
-
/* DRBG helpers */
int rand_drbg_restart(RAND_DRBG *drbg,
const unsigned char *buffer, size_t len, size_t entropy);
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index d328935637..76d5767ccd 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -95,10 +95,10 @@ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
for (i = 0; i < TSC_READ_COUNT; i++) {
c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
- RAND_POOL_add(pool, &c, 1, 4);
+ rand_pool_add(pool, &c, 1, 4);
}
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
#endif
@@ -125,9 +125,9 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
size_t bytes_needed;
unsigned char *buffer;
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
if (bytes_needed > 0) {
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
@@ -135,7 +135,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
== bytes_needed)
- return RAND_POOL_add_end(pool,
+ return rand_pool_add_end(pool,
bytes_needed,
8 * bytes_needed);
}
@@ -144,16 +144,16 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
== bytes_needed)
- return RAND_POOL_add_end(pool,
+ return rand_pool_add_end(pool,
bytes_needed,
8 * bytes_needed);
}
- return RAND_POOL_add_end(pool, 0, 0);
+ return rand_pool_add_end(pool, 0, 0);
}
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
#endif
@@ -165,7 +165,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
* is fetched using the parent's RAND_DRBG_generate().
*
* Otherwise, the entropy is polled from the system entropy sources
- * using RAND_POOL_acquire_entropy().
+ * using rand_pool_acquire_entropy().
*
* If a random pool has been added to the DRBG using RAND_add(), then
* its entropy will be used up first.
@@ -187,22 +187,22 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
return 0;
}
- pool = RAND_POOL_new(entropy, min_len, max_len);
+ pool = rand_pool_new(entropy, min_len, max_len);
if (pool == NULL)
return 0;
if (drbg->pool) {
- RAND_POOL_add(pool,
- RAND_POOL_buffer(drbg->pool),
- RAND_POOL_length(drbg->pool),
- RAND_POOL_entropy(drbg->pool));
- RAND_POOL_free(drbg->pool);
+ rand_pool_add(pool,
+ rand_pool_buffer(drbg->pool),
+ rand_pool_length(drbg->pool),
+ rand_pool_entropy(drbg->pool));
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
}
if (drbg->parent) {
- size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8);
- unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ size_t bytes_needed = rand_pool_bytes_needed(pool, 8);
+ unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
@@ -221,20 +221,20 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
bytes = bytes_needed;
rand_drbg_unlock(drbg->parent);
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
} else {
/* Get entropy by polling system entropy sources. */
- entropy_available = RAND_POOL_acquire_entropy(pool);
+ entropy_available = rand_pool_acquire_entropy(pool);
}
if (entropy_available > 0) {
- ret = RAND_POOL_length(pool);
- *pout = RAND_POOL_detach(pool);
+ ret = rand_pool_length(pool);
+ *pout = rand_pool_detach(pool);
}
- RAND_POOL_free(pool);
+ rand_pool_free(pool);
return ret;
}
@@ -329,32 +329,32 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
#endif
uint64_t tbits;
- pool = RAND_POOL_new(0, 0, max_len);
+ pool = rand_pool_new(0, 0, max_len);
if (pool == NULL)
return 0;
#ifdef OPENSSL_SYS_UNIX
pid = getpid();
- RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+ rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
#elif defined(OPENSSL_SYS_WIN32)
pid = GetCurrentProcessId();
- RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+ rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
#endif
thread_id = CRYPTO_THREAD_get_current_id();
if (thread_id != 0)
- RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
+ rand_pool_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
tbits = get_timer_bits();
if (tbits != 0)
- RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
+ rand_pool_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
/* TODO: Use RDSEED? */
- len = RAND_POOL_length(pool);
+ len = rand_pool_length(pool);
if (len != 0)
- *pout = RAND_POOL_detach(pool);
- RAND_POOL_free(pool);
+ *pout = rand_pool_detach(pool);
+ rand_pool_free(pool);
return len;
}
@@ -431,26 +431,26 @@ int RAND_poll(void)
} else {
/* fill random pool and seed the current legacy RNG */
- pool = RAND_POOL_new(RAND_DRBG_STRENGTH,
+ pool = rand_pool_new(RAND_DRBG_STRENGTH,
RAND_DRBG_STRENGTH / 8,
DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
if (pool == NULL)
return 0;
- if (RAND_POOL_acquire_entropy(pool) == 0)
+ if (rand_pool_acquire_entropy(pool) == 0)
goto err;
if (meth->add == NULL
- || meth->add(RAND_POOL_buffer(pool),
- RAND_POOL_length(pool),
- (RAND_POOL_entropy(pool) / 8.0)) == 0)
+ || meth->add(rand_pool_buffer(pool),
+ rand_pool_length(pool),
+ (rand_pool_entropy(pool) / 8.0)) == 0)
goto err;
ret = 1;
}
err:
- RAND_POOL_free(pool);
+ rand_pool_free(pool);
return ret;
}
@@ -479,7 +479,7 @@ struct rand_pool_st {
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
@@ -509,7 +509,7 @@ err:
/*
* Free |pool|, securely erasing its buffer.
*/
-void RAND_POOL_free(RAND_POOL *pool)
+void rand_pool_free(RAND_POOL *pool)
{
if (pool == NULL)
return;
@@ -521,7 +521,7 @@ void RAND_POOL_free(RAND_POOL *pool)
/*
* Return the |pool|'s buffer to the caller (readonly).
*/
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
{
return pool->buffer;
}
@@ -529,7 +529,7 @@ const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
/*
* Return the |pool|'s entropy to the caller.
*/
-size_t RAND_POOL_entropy(RAND_POOL *pool)
+size_t rand_pool_entropy(RAND_POOL *pool)
{
return pool->entropy;
}
@@ -537,7 +537,7 @@ size_t RAND_POOL_entropy(RAND_POOL *pool)
/*
* Return the |pool|'s buffer length to the caller.
*/
-size_t RAND_POOL_length(RAND_POOL *pool)
+size_t rand_pool_length(RAND_POOL *pool)
{
return pool->len;
}
@@ -547,7 +547,7 @@ size_t RAND_POOL_length(RAND_POOL *pool)
* It's the responsibility of the caller to free the buffer
* using OPENSSL_secure_clear_free().
*/
-unsigned char *RAND_POOL_detach(RAND_POOL *pool)
+unsigned char *rand_pool_detach(RAND_POOL *pool)
{
unsigned char *ret = pool->buffer;
pool->buffer = NULL;
@@ -571,7 +571,7 @@ unsigned char *RAND_POOL_detach(RAND_POOL *pool)
* |entropy| if the entropy count and buffer size is large enough
* 0 otherwise
*/
-size_t RAND_POOL_entropy_available(RAND_POOL *pool)
+size_t rand_pool_entropy_available(RAND_POOL *pool)
{
if (pool->entropy < pool->requested_entropy)
return 0;
@@ -587,7 +587,7 @@ size_t RAND_POOL_entropy_available(RAND_POOL *pool)
* the random pool.
*/
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
{
if (pool->entropy < pool->requested_entropy)
return pool->requested_entropy - pool->entropy;
@@ -601,10 +601,10 @@ size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
* In case of an error, 0 is returned.
*/
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
{
size_t bytes_needed;
- size_t entropy_needed = RAND_POOL_entropy_needed(pool);
+ size_t entropy_needed = rand_pool_entropy_needed(pool);
if (entropy_per_byte < 1 || entropy_per_byte > 8) {
RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
@@ -628,7 +628,7 @@ size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
}
/* Returns the remaining number of bytes available */
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
{
return pool->max_len - pool->len;
}
@@ -641,9 +641,9 @@ size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
* randomness.
*
* Return available amount of entropy after this operation.
- * (see RAND_POOL_entropy_available(pool))
+ * (see rand_pool_entropy_available(pool))
*/
-size_t RAND_POOL_add(RAND_POOL *pool,
+size_t rand_pool_add(RAND_POOL *pool,
const unsigned char *buffer, size_t len, size_t entropy)
{
if (len > pool->max_len - pool->len) {
@@ -657,7 +657,7 @@ size_t RAND_POOL_add(RAND_POOL *pool,
pool->entropy += entropy;
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
/*
@@ -669,10 +669,10 @@ size_t RAND_POOL_add(RAND_POOL *pool,
* If |len| == 0 this is considered a no-op and a NULL pointer
* is returned without producing an error message.
*
- * After updating the buffer, RAND_POOL_add_end() needs to be called
+ * After updating the buffer, rand_pool_add_end() needs to be called
* to finish the udpate operation (see next comment).
*/
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
{
if (len == 0)
return NULL;
@@ -689,12 +689,12 @@ unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
* Finish to add random bytes to the random pool in-place.
*
* Finishes an in-place update of the random pool started by
- * RAND_POOL_add_begin() (see previous comment).
+ * rand_pool_add_begin() (see previous comment).
* It is expected that |len| bytes of random input have been added
* to the buffer which contain at least |entropy| bits of randomness.
* It is allowed to add less bytes than originally reserved.
*/
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
{
if (len > pool->max_len - pool->len) {
RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
@@ -706,7 +706,7 @@ size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
pool->entropy += entropy;
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
int RAND_set_rand_method(const RAND_METHOD *meth)
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 74c828239b..b86f94ab72 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -12,6 +12,7 @@
#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
+#include "internal/rand_int.h"
#include <stdio.h>
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
@@ -50,7 +51,7 @@
*
* As a precaution, we assume only 2 bits of entropy per byte.
*/
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
short int code;
gid_t curr_gid;
@@ -73,13 +74,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
* different processes.
*/
curr_gid = getgid();
- RAND_POOL_add(pool, &curr_gid, sizeof(curr_gid), 0);
+ rand_pool_add(pool, &curr_gid, sizeof(curr_gid), 0);
curr_pid = getpid();
- RAND_POOL_add(pool, &curr_pid, sizeof(curr_pid), 0);
+ rand_pool_add(pool, &curr_pid, sizeof(curr_pid), 0);
curr_uid = getuid();
- RAND_POOL_add(pool, &curr_uid, sizeof(curr_uid), 0);
+ rand_pool_add(pool, &curr_uid, sizeof(curr_uid), 0);
- bytes_needed = RAND_POOL_bytes_needed(pool, 2 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/);
for (i = 0; i < bytes_needed; i++) {
/*
@@ -102,9 +103,9 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
/* Get wall clock time, take 8 bits. */
clock_gettime(CLOCK_REALTIME, &ts);
v = (unsigned char)(ts.tv_nsec & 0xFF);
- RAND_POOL_add(pool, arg, &v, sizeof(v) , 2);
+ rand_pool_add(pool, arg, &v, sizeof(v) , 2);
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
# else
@@ -155,25 +156,25 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
* of input from the different entropy sources (trust, quality,
* possibility of blocking).
*/
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
# ifdef OPENSSL_RAND_SEED_NONE
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
# else
size_t bytes_needed;
size_t entropy_available = 0;
unsigned char *buffer;
# ifdef OPENSSL_RAND_SEED_GETRANDOM
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
if (getrandom(buffer, bytes_needed, 0) == (int)bytes_needed)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
@@ -186,7 +187,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
# endif
# ifdef OPENSSL_RAND_SEED_DEVRANDOM
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM, NULL };
FILE *fp;
@@ -196,19 +197,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
if ((fp = fopen(paths[i], "rb")) == NULL)
continue;
setbuf(fp, NULL);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
if (fread(buffer, 1, bytes_needed, fp) == bytes_needed)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
fclose(fp);
if (entropy_available > 0)
return entropy_available;
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
}
}
# endif
@@ -226,13 +227,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
# endif
# ifdef OPENSSL_RAND_SEED_EGD
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM_EGD, NULL };
int i;
for (i = 0; paths[i] != NULL; i++) {
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
int num = RAND_query_egd_bytes(paths[i],
@@ -240,7 +241,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
if (num == (int)bytes_needed)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
@@ -248,7 +249,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
}
# endif
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
# endif
}
# endif
diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
index 4ec4b35bd4..eb68c8a456 100644
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -54,7 +54,7 @@ static struct items_data_st {
{0, 0}
};
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
/* determine the number of items in the JPI array */
struct items_data_st item_entry;
@@ -117,7 +117,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
* was that it contains 4 bits of entropy per byte. This makes a total
* amount of total_length*16 bits (256bits).
*/
- return RAND_POOL_add(pool,
+ return rand_pool_add(pool,
(PTR_T)data_buffer, total_length * 4,
total_length * 16);
}
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 9eff319bc8..7f34188107 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,7 @@
#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
+#include "internal/rand_int.h"
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
# ifndef OPENSSL_RAND_SEED_OS
@@ -38,7 +39,7 @@
# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
# endif
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
# ifndef USE_BCRYPTGENRANDOM
HCRYPTPROV hProvider;
@@ -61,21 +62,21 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
# endif
# ifdef USE_BCRYPTGENRANDOM
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
if (BCryptGenRandom(NULL, buffer, bytes_needed,
BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
# else
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
/* poll the CryptoAPI PRNG */
@@ -87,13 +88,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
CryptReleaseContext(hProvider, 0);
}
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
/* poll the Pentium PRG with CryptoAPI */
@@ -105,13 +106,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
CryptReleaseContext(hProvider, 0);
}
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
# endif
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
# if OPENSSL_API_COMPAT < 0x10100000L
diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h
index 165878ea1d..7993ca28f3 100644
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -115,7 +115,6 @@ typedef struct ec_key_method_st EC_KEY_METHOD;
typedef struct rand_meth_st RAND_METHOD;
typedef struct rand_drbg_st RAND_DRBG;
-typedef struct rand_pool_st RAND_POOL;
typedef struct ssl_dane_st SSL_DANE;
typedef struct x509_st X509;
diff --git a/include/internal/rand.h b/include/openssl/rand_drbg.h
index 9f6b1ab961..667a8ab2fd 100644
--- a/include/internal/rand.h
+++ b/include/openssl/rand_drbg.h
@@ -10,8 +10,12 @@
#ifndef HEADER_DRBG_RAND_H
# define HEADER_DRBG_RAND_H
+# include <time.h>
+# include <openssl/ossl_typ.h>
+
+
/* In CTR mode, disable derivation function ctr_df */
-#define RAND_DRBG_FLAG_CTR_NO_DF 0x1
+# define RAND_DRBG_FLAG_CTR_NO_DF 0x1
/*
* Default security strength (in the sense of [NIST SP 800-90Ar1])
@@ -32,6 +36,11 @@
# define RAND_DRBG_STRENGTH 256
# define RAND_DRBG_NID NID_aes_256_ctr
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
/*
* Object lifetime functions.
*/
@@ -70,13 +79,13 @@ RAND_DRBG *RAND_DRBG_get0_private(void);
/*
* EXDATA
*/
-#define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
int RAND_DRBG_set_ex_data(RAND_DRBG *dctx, int idx, void *arg);
void *RAND_DRBG_get_ex_data(const RAND_DRBG *dctx, int idx);
/*
- * Callback functions. See comments in drbg_lib.c
+ * Callback function typedefs
*/
typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *ctx,
unsigned char **pout,
@@ -96,38 +105,9 @@ int RAND_DRBG_set_callbacks(RAND_DRBG *dctx,
RAND_DRBG_get_nonce_fn get_nonce,
RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
-/*
- * RAND_POOL functions
- */
-RAND_POOL *RAND_POOL_new(int entropy_requested, size_t min_len, size_t max_len);
-void RAND_POOL_free(RAND_POOL *pool);
-
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool);
-unsigned char *RAND_POOL_detach(RAND_POOL *pool);
-size_t RAND_POOL_entropy(RAND_POOL *pool);
-size_t RAND_POOL_length(RAND_POOL *pool);
+# ifdef __cplusplus
+}
+# endif
-size_t RAND_POOL_entropy_available(RAND_POOL *pool);
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool);
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool);
-
-size_t RAND_POOL_add(RAND_POOL *pool,
- const unsigned char *buffer, size_t len, size_t entropy);
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len);
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy);
-
-
-/*
- * Add random bytes to the pool to acquire requested amount of entropy
- *
- * This function is platform specific and tries to acquire the requested
- * amount of entropy by polling platform specific entropy sources.
- *
- * If the function succeeds in acquiring at least |entropy_requested| bits
- * of entropy, the total entropy count is returned. If it fails, it returns
- * an entropy count of 0.
- */
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool);
#endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d5c5918d16..298588cd3d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -14,13 +14,13 @@
#include <openssl/objects.h>
#include <openssl/x509v3.h>
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/ocsp.h>
#include <openssl/dh.h>
#include <openssl/engine.h>
#include <openssl/async.h>
#include <openssl/ct.h>
#include "internal/cryptlib.h"
-#include "internal/rand.h"
#include "internal/refcount.h"
const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a965bb54ef..38c902c9c0 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4402,128 +4402,114 @@ EVP_PKEY_set1_engine 4347 1_1_0g EXIST::FUNCTION:ENGINE
DH_new_by_nid 4348 1_1_1 EXIST::FUNCTION:DH
DH_get_nid 4349 1_1_1 EXIST::FUNCTION:DH
CRYPTO_get_alloc_counts 4350 1_1_1 EXIST::FUNCTION:CRYPTO_MDEBUG
-RAND_POOL_new 4351 1_1_1 EXIST::FUNCTION:
-RAND_POOL_free 4352 1_1_1 EXIST::FUNCTION:
-RAND_POOL_buffer 4353 1_1_1 EXIST::FUNCTION:
-RAND_POOL_detach 4354 1_1_1 EXIST::FUNCTION:
-RAND_POOL_entropy 4355 1_1_1 EXIST::FUNCTION:
-RAND_POOL_length 4356 1_1_1 EXIST::FUNCTION:
-RAND_POOL_entropy_available 4357 1_1_1 EXIST::FUNCTION:
-RAND_POOL_entropy_needed 4358 1_1_1 EXIST::FUNCTION:
-RAND_POOL_bytes_needed 4359 1_1_1 EXIST::FUNCTION:
-RAND_POOL_bytes_remaining 4360 1_1_1 EXIST::FUNCTION:
-RAND_POOL_add 4361 1_1_1 EXIST::FUNCTION:
-RAND_POOL_add_begin 4362 1_1_1 EXIST::FUNCTION:
-RAND_POOL_add_end 4363 1_1_1 EXIST::FUNCTION:
-RAND_POOL_acquire_entropy 4364 1_1_1 EXIST::FUNCTION:
-OPENSSL_sk_new_reserve 4365 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_asn1_set_check 4366 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_asn1_set_siginf 4367 1_1_1 EXIST::FUNCTION:
-EVP_sm4_ctr 4368 1_1_1 EXIST::FUNCTION:SM4
-EVP_sm4_cbc 4369 1_1_1 EXIST::FUNCTION:SM4
-EVP_sm4_ofb 4370 1_1_1 EXIST::FUNCTION:SM4
-EVP_sm4_ecb 4371 1_1_1 EXIST::FUNCTION:SM4
-EVP_sm4_cfb128 4372 1_1_1 EXIST::FUNCTION:SM4
-EVP_sm3 4373 1_1_1 EXIST::FUNCTION:SM3
-OCSP_resp_get0_signer 4374 1_1_0h EXIST::FUNCTION:OCSP
-EVP_PKEY_public_check 4375 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_param_check 4376 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_meth_set_public_check 4377 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_meth_set_param_check 4378 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_meth_get_public_check 4379 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_meth_get_param_check 4380 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_asn1_set_public_check 4381 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_asn1_set_param_check 4382 1_1_1 EXIST::FUNCTION:
-DH_check_ex 4383 1_1_1 EXIST::FUNCTION:DH
-DH_check_pub_key_ex 4384 1_1_1 EXIST::FUNCTION:DH
-DH_check_params_ex 4385 1_1_1 EXIST::FUNCTION:DH
-RSA_generate_multi_prime_key 4386 1_1_1 EXIST::FUNCTION:RSA
-RSA_get_multi_prime_extra_count 4387 1_1_1 EXIST::FUNCTION:RSA
-RSA_get0_multi_prime_factors 4388 1_1_1 EXIST::FUNCTION:RSA
-RSA_get0_multi_prime_crt_params 4389 1_1_1 EXIST::FUNCTION:RSA
-RSA_set0_multi_prime_params 4390 1_1_1 EXIST::FUNCTION:RSA
-RSA_get_version 4391 1_1_1 EXIST::FUNCTION:RSA
-RSA_meth_get_multi_prime_keygen 4392 1_1_1 EXIST::FUNCTION:RSA
-RSA_meth_set_multi_prime_keygen 4393 1_1_1 EXIST::FUNCTION:RSA
-RAND_DRBG_get0_master 4394 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_set_reseed_time_interval 4395 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_get0_addProfessionInfo 4396 1_1_1 EXIST::FUNCTION:
-ADMISSION_SYNTAX_free 4397 1_1_1 EXIST::FUNCTION:
-d2i_ADMISSION_SYNTAX 4398 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityId 4399 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityURL 4400 1_1_1 EXIST::FUNCTION:
-d2i_PROFESSION_INFO 4401 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_it 4402 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAMING_AUTHORITY_it 4402 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ADMISSION_SYNTAX_get0_contentsOfAdmissions 4403 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_set0_professionItems 4404 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_new 4405 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityURL 4406 1_1_1 EXIST::FUNCTION:
-ADMISSION_SYNTAX_get0_admissionAuthority 4407 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_new 4408 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_new 4409 1_1_1 EXIST::FUNCTION:
-ADMISSION_SYNTAX_set0_admissionAuthority 4410 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_get0_professionOIDs 4411 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_it 4412 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROFESSION_INFO_it 4412 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_PROFESSION_INFO 4413 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_set0_professionInfos 4414 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_get0_namingAuthority 4415 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_free 4416 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_set0_addProfessionInfo 4417 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_set0_registrationNumber 4418 1_1_1 EXIST::FUNCTION:
-ADMISSION_SYNTAX_set0_contentsOfAdmissions 4419 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityId 4420 1_1_1 EXIST::FUNCTION:
-ADMISSION_SYNTAX_it 4421 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ADMISSION_SYNTAX_it 4421 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_ADMISSION_SYNTAX 4422 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_get0_authorityText 4423 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_set0_namingAuthority 4424 1_1_1 EXIST::FUNCTION:
-i2d_NAMING_AUTHORITY 4425 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_free 4426 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_set0_admissionAuthority 4427 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_free 4428 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_get0_registrationNumber 4429 1_1_1 EXIST::FUNCTION:
-d2i_ADMISSIONS 4430 1_1_1 EXIST::FUNCTION:
-i2d_ADMISSIONS 4431 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_get0_professionItems 4432 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_get0_admissionAuthority 4433 1_1_1 EXIST::FUNCTION:
-PROFESSION_INFO_set0_professionOIDs 4434 1_1_1 EXIST::FUNCTION:
-d2i_NAMING_AUTHORITY 4435 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_it 4436 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ADMISSIONS_it 4436 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ADMISSIONS_get0_namingAuthority 4437 1_1_1 EXIST::FUNCTION:
-NAMING_AUTHORITY_set0_authorityText 4438 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_set0_namingAuthority 4439 1_1_1 EXIST::FUNCTION:
-ADMISSIONS_get0_professionInfos 4440 1_1_1 EXIST::FUNCTION:
-ADMISSION_SYNTAX_new 4441 1_1_1 EXIST::FUNCTION:
-EVP_sha512_256 4442 1_1_1 EXIST::FUNCTION:
-EVP_sha512_224 4443 1_1_1 EXIST::FUNCTION:
-OCSP_basic_sign_ctx 4444 1_1_1 EXIST::FUNCTION:OCSP
-RAND_DRBG_bytes 4445 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_secure_new 4446 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_vctrl 4447 1_1_1 EXIST::FUNCTION:
-X509_get0_authority_key_id 4448 1_1_0h EXIST::FUNCTION:
-BIO_bind 4449 1_1_1 EXIST::FUNCTION:SOCK
-OSSL_STORE_LOADER_set_expect 4450 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_expect 4451 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_key_fingerprint 4452 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_serial 4453 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_name 4454 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_supports_search 4455 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_find 4456 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get_type 4457 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_bytes 4458 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_string 4459 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_issuer_serial 4460 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_name 4461 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_by_alias 4462 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_LOADER_set_find 4463 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_free 4464 1_1_1 EXIST::FUNCTION:
-OSSL_STORE_SEARCH_get0_digest 4465 1_1_1 EXIST::FUNCTION:
-RAND_DRBG_set_reseed_defaults 4466 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_new_raw_private_key 4467 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_new_raw_public_key 4468 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_new_CMAC_key 4469 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_asn1_set_set_priv_key 4470 1_1_1 EXIST::FUNCTION:
-EVP_PKEY_asn1_set_set_pub_key 4471 1_1_1 EXIST::FUNCTION:
+OPENSSL_sk_new_reserve 4351 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_asn1_set_check 4352 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_asn1_set_siginf 4353 1_1_1 EXIST::FUNCTION:
+EVP_sm4_ctr 4354 1_1_1 EXIST::FUNCTION:SM4
+EVP_sm4_cbc 4355 1_1_1 EXIST::FUNCTION:SM4
+EVP_sm4_ofb 4356 1_1_1 EXIST::FUNCTION:SM4
+EVP_sm4_ecb 4357 1_1_1 EXIST::FUNCTION:SM4
+EVP_sm4_cfb128 4358 1_1_1 EXIST::FUNCTION:SM4
+EVP_sm3 4359 1_1_1 EXIST::FUNCTION:SM3
+OCSP_resp_get0_signer 4360 1_1_0h EXIST::FUNCTION:OCSP
+EVP_PKEY_public_check 4361 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_param_check 4362 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_meth_set_public_check 4363 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_meth_set_param_check 4364 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_meth_get_public_check 4365 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_meth_get_param_check 4366 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_asn1_set_public_check 4367 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_asn1_set_param_check 4368 1_1_1 EXIST::FUNCTION:
+DH_check_ex 4369 1_1_1 EXIST::FUNCTION:DH
+DH_check_pub_key_ex 4370 1_1_1 EXIST::FUNCTION:DH
+DH_check_params_ex 4371 1_1_1 EXIST::FUNCTION:DH
+RSA_generate_multi_prime_key 4372 1_1_1 EXIST::FUNCTION:RSA
+RSA_get_multi_prime_extra_count 4373 1_1_1 EXIST::FUNCTION:RSA
+RSA_get0_multi_prime_factors 4374 1_1_1 EXIST::FUNCTION:RSA
+RSA_get0_multi_prime_crt_params 4375 1_1_1 EXIST::FUNCTION:RSA
+RSA_set0_multi_prime_params 4376 1_1_1 EXIST::FUNCTION:RSA
+RSA_get_version 4377 1_1_1 EXIST::FUNCTION:RSA
+RSA_meth_get_multi_prime_keygen 4378 1_1_1 EXIST::FUNCTION:RSA
+RSA_meth_set_multi_prime_keygen 4379 1_1_1 EXIST::FUNCTION:RSA
+RAND_DRBG_get0_master 4380 1_1_1 EXIST::FUNCTION:
+RAND_DRBG_set_reseed_time_interval 4381 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_get0_addProfessionInfo 4382 1_1_1 EXIST::FUNCTION:
+ADMISSION_SYNTAX_free 4383 1_1_1 EXIST::FUNCTION:
+d2i_ADMISSION_SYNTAX 4384 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityId 4385 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityURL 4386 1_1_1 EXIST::FUNCTION:
+d2i_PROFESSION_INFO 4387 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_it 4388 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAMING_AUTHORITY_it 4388 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ADMISSION_SYNTAX_get0_contentsOfAdmissions 4389 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_set0_professionItems 4390 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_new 4391 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityURL 4392 1_1_1 EXIST::FUNCTION:
+ADMISSION_SYNTAX_get0_admissionAuthority 4393 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_new 4394 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_new 4395 1_1_1 EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_admissionAuthority 4396 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionOIDs 4397 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_it 4398 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROFESSION_INFO_it 4398 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROFESSION_INFO 4399 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_set0_professionInfos 4400 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_get0_namingAuthority 4401 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_free 4402 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_set0_addProfessionInfo 4403 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_set0_registrationNumber 4404 1_1_1 EXIST::FUNCTION:
+ADMISSION_SYNTAX_set0_contentsOfAdmissions 4405 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityId 4406 1_1_1 EXIST::FUNCTION:
+ADMISSION_SYNTAX_it 4407 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSION_SYNTAX_it 4407 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_ADMISSION_SYNTAX 4408 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_get0_authorityText 4409 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_set0_namingAuthority 4410 1_1_1 EXIST::FUNCTION:
+i2d_NAMING_AUTHORITY 4411 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_free 4412 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_set0_admissionAuthority 4413 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_free 4414 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_get0_registrationNumber 4415 1_1_1 EXIST::FUNCTION:
+d2i_ADMISSIONS 4416 1_1_1 EXIST::FUNCTION:
+i2d_ADMISSIONS 4417 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_get0_professionItems 4418 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_get0_admissionAuthority 4419 1_1_1 EXIST::FUNCTION:
+PROFESSION_INFO_set0_professionOIDs 4420 1_1_1 EXIST::FUNCTION:
+d2i_NAMING_AUTHORITY 4421 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_it 4422 1_1_1 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ADMISSIONS_it 4422 1_1_1 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ADMISSIONS_get0_namingAuthority 4423 1_1_1 EXIST::FUNCTION:
+NAMING_AUTHORITY_set0_authorityText 4424 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_set0_namingAuthority 4425 1_1_1 EXIST::FUNCTION:
+ADMISSIONS_get0_professionInfos 4426 1_1_1 EXIST::FUNCTION:
+ADMISSION_SYNTAX_new 4427 1_1_1 EXIST::FUNCTION:
+EVP_sha512_256 4428 1_1_1 EXIST::FUNCTION:
+EVP_sha512_224 4429 1_1_1 EXIST::FUNCTION:
+OCSP_basic_sign_ctx 4430 1_1_1 EXIST::FUNCTION:OCSP
+RAND_DRBG_bytes 4431 1_1_1 EXIST::FUNCTION:
+RAND_DRBG_secure_new 4432 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_vctrl 4433 1_1_1 EXIST::FUNCTION:
+X509_get0_authority_key_id 4434 1_1_0h EXIST::FUNCTION:
+BIO_bind 4435 1_1_1 EXIST::FUNCTION:SOCK
+OSSL_STORE_LOADER_set_expect 4436 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_expect 4437 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_key_fingerprint 4438 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_serial 4439 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_name 4440 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_supports_search 4441 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_find 4442 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get_type 4443 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_bytes 4444 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_string 4445 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_issuer_serial 4446 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_name 4447 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_by_alias 4448 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_LOADER_set_find 4449 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_free 4450 1_1_1 EXIST::FUNCTION:
+OSSL_STORE_SEARCH_get0_digest 4451 1_1_1 EXIST::FUNCTION:
+RAND_DRBG_set_reseed_defaults 4452 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_new_raw_private_key 4453 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_new_raw_public_key 4454 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_new_CMAC_key 4455 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_priv_key 4456 1_1_1 EXIST::FUNCTION:
+EVP_PKEY_asn1_set_set_pub_key 4457 1_1_1 EXIST::FUNCTION:
diff --git a/util/mkdef.pl b/util/mkdef.pl
index fac911a471..7b5e28c334 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -241,7 +241,6 @@ my $crypto ="include/internal/dso.h";
$crypto.=" include/internal/o_dir.h";
$crypto.=" include/internal/o_str.h";
$crypto.=" include/internal/err.h";
-$crypto.=" include/internal/rand.h";
foreach my $f ( glob(catfile($config{sourcedir},'include/openssl/*.h')) ) {
my $fn = "include/openssl/" . lc(basename($f));
$crypto .= " $fn" if !defined $skipthese{$fn};