summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2018-03-05 23:45:44 +0100
committerDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>2018-03-15 18:58:38 +0100
commit6decf9436f77ff65ed8ed773268663a9273cfbc8 (patch)
treed22016d214eff4f34e7ffa34f754cf0d25552379 /crypto
parentAdd code to run test, get malloc counts (diff)
downloadopenssl-6decf9436f77ff65ed8ed773268663a9273cfbc8.tar.xz
openssl-6decf9436f77ff65ed8ed773268663a9273cfbc8.zip
Publish the RAND_DRBG API
Fixes #4403 This commit moves the internal header file "internal/rand.h" to <openssl/rand_drbg.h>, making the RAND_DRBG API public. The RAND_POOL API remains private, its function prototypes were moved to "internal/rand_int.h" and converted to lowercase. Documentation for the new API is work in progress on GitHub #5461. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5462)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/err/openssl.txt10
-rw-r--r--crypto/evp/e_aes.c2
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha1.c2
-rw-r--r--crypto/evp/e_aes_cbc_hmac_sha256.c2
-rw-r--r--crypto/evp/e_aria.c2
-rw-r--r--crypto/evp/e_des.c2
-rw-r--r--crypto/evp/e_des3.c2
-rw-r--r--crypto/evp/evp_enc.c2
-rw-r--r--crypto/evp/p_seal.c2
-rw-r--r--crypto/include/internal/rand_int.h58
-rw-r--r--crypto/rand/drbg_ctr.c4
-rw-r--r--crypto/rand/drbg_lib.c10
-rw-r--r--crypto/rand/rand_err.c10
-rw-r--r--crypto/rand/rand_lcl.h16
-rw-r--r--crypto/rand/rand_lib.c110
-rw-r--r--crypto/rand/rand_unix.c41
-rw-r--r--crypto/rand/rand_vms.c4
-rw-r--r--crypto/rand/rand_win.c25
18 files changed, 175 insertions, 129 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 896c089da6..176a82b156 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -918,11 +918,11 @@ RAND_F_RAND_DRBG_RESTART:102:rand_drbg_restart
RAND_F_RAND_DRBG_SET:104:RAND_DRBG_set
RAND_F_RAND_DRBG_UNINSTANTIATE:118:RAND_DRBG_uninstantiate
RAND_F_RAND_LOAD_FILE:111:RAND_load_file
-RAND_F_RAND_POOL_ADD:103:RAND_POOL_add
-RAND_F_RAND_POOL_ADD_BEGIN:113:RAND_POOL_add_begin
-RAND_F_RAND_POOL_ADD_END:114:RAND_POOL_add_end
-RAND_F_RAND_POOL_BYTES_NEEDED:115:RAND_POOL_bytes_needed
-RAND_F_RAND_POOL_NEW:116:RAND_POOL_new
+RAND_F_RAND_POOL_ADD:103:rand_pool_add
+RAND_F_RAND_POOL_ADD_BEGIN:113:rand_pool_add_begin
+RAND_F_RAND_POOL_ADD_END:114:rand_pool_add_end
+RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
+RAND_F_RAND_POOL_NEW:116:rand_pool_new
RAND_F_RAND_WRITE_FILE:112:RAND_write_file
RSA_F_CHECK_PADDING_MD:140:check_padding_md
RSA_F_ENCODE_PKCS1:146:encode_pkcs1
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index bed9b2743e..2421385425 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -17,7 +17,7 @@
#include "internal/evp_int.h"
#include "modes_lcl.h"
#include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "evp_locl.h"
typedef struct {
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 053189e685..ac564a20f8 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -17,7 +17,7 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "modes_lcl.h"
#include "internal/evp_int.h"
#include "internal/constant_time_locl.h"
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 215e02f131..e752d304b6 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -18,7 +18,7 @@
#include <openssl/aes.h>
#include <openssl/sha.h>
#include <openssl/rand.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "modes_lcl.h"
#include "internal/constant_time_locl.h"
#include "internal/evp_int.h"
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 10525a84d9..9c1036b4bd 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -13,9 +13,9 @@
# include <openssl/evp.h>
# include <openssl/modes.h>
# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
# include "internal/aria.h"
# include "internal/evp_int.h"
-# include "internal/rand.h"
# include "modes_lcl.h"
# include "evp_locl.h"
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index d8c4afa886..3b4b714e38 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -15,7 +15,7 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
# include "evp_locl.h"
typedef struct {
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index 75e6ecf314..b8fe42cb96 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -15,7 +15,7 @@
# include "internal/evp_int.h"
# include <openssl/des.h>
# include <openssl/rand.h>
-# include <internal/rand.h>
+# include <openssl/rand_drbg.h>
# include "evp_locl.h"
typedef struct {
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 3176c61538..9832e562b2 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -13,9 +13,9 @@
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
#include <openssl/engine.h>
#include "internal/evp_int.h"
-#include "internal/rand.h"
#include "evp_locl.h"
int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 3b79dab8b8..731879330b 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -14,7 +14,7 @@
#include <openssl/evp.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include <internal/rand.h>
+#include <openssl/rand_drbg.h>
#include "evp_locl.h"
int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h
index fc1abd97bc..d90d9c5f63 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -15,8 +15,64 @@
* or in the file LICENSE in the source distribution.
*/
-#include <openssl/rand.h>
+#ifndef HEADER_RAND_INT_H
+# define HEADER_RAND_INT_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
void rand_cleanup_int(void);
void rand_drbg_cleanup_int(void);
void rand_fork(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+ unsigned char **pout,
+ int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+ unsigned char *out, size_t outlen);
+size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
+
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+size_t rand_pool_add(RAND_POOL *pool,
+ const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+#endif
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c
index 0496cb0ae1..84425dc4e0 100644
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -12,9 +12,9 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
-#include "rand_lcl.h"
#include "internal/thread_once.h"
-
+#include "internal/thread_once.h"
+#include "rand_lcl.h"
/*
* Implementation of NIST SP 800-90A CTR DRBG.
*/
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 12070d7571..93092c86a9 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -328,7 +328,7 @@ end:
RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED);
drbg->state = DRBG_ERROR;
}
- RAND_POOL_free(drbg->pool);
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
}
if (drbg->state == DRBG_READY)
@@ -446,7 +446,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
if (drbg->pool != NULL) {
RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- RAND_POOL_free(drbg->pool);
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
}
@@ -464,11 +464,11 @@ int rand_drbg_restart(RAND_DRBG *drbg,
}
/* will be picked up by the rand_drbg_get_entropy() callback */
- drbg->pool = RAND_POOL_new(entropy, len, len);
+ drbg->pool = rand_pool_new(entropy, len, len);
if (drbg->pool == NULL)
return 0;
- RAND_POOL_add(drbg->pool, buffer, len, entropy);
+ rand_pool_add(drbg->pool, buffer, len, entropy);
} else {
if (drbg->max_adinlen < len) {
RANDerr(RAND_F_RAND_DRBG_RESTART,
@@ -516,7 +516,7 @@ int rand_drbg_restart(RAND_DRBG *drbg,
if (drbg->pool != NULL) {
drbg->state = DRBG_ERROR;
RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
- RAND_POOL_free(drbg->pool);
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
return 0;
}
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index 22467d83a1..542499f1a7 100644
--- a/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
@@ -34,13 +34,13 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
"RAND_DRBG_uninstantiate"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
- {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "RAND_POOL_add"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
- "RAND_POOL_add_begin"},
- {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "RAND_POOL_add_end"},
+ "rand_pool_add_begin"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
- "RAND_POOL_bytes_needed"},
- {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "RAND_POOL_new"},
+ "rand_pool_bytes_needed"},
+ {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
{ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
{0, NULL}
};
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index ceba8bba3f..2f1a52bb59 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -15,7 +15,7 @@
# include <openssl/sha.h>
# include <openssl/hmac.h>
# include <openssl/ec.h>
-# include "internal/rand.h"
+# include <openssl/rand_drbg.h>
/* How many times to read the TSC as a randomness source. */
# define TSC_READ_COUNT 4
@@ -128,7 +128,7 @@ struct rand_drbg_st {
* with respect to how randomness is added to the RNG during reseeding
* (see PR #4328).
*/
- RAND_POOL *pool;
+ struct rand_pool_st *pool;
/*
* The following parameters are setup by the per-type "init" function.
@@ -206,18 +206,6 @@ extern RAND_METHOD rand_meth;
/* How often we've forked (only incremented in child). */
extern int rand_fork_count;
-/* Hardware-based seeding functions. */
-size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
-size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
-
-/* DRBG entropy callbacks. */
-size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
- unsigned char **pout,
- int entropy, size_t min_len, size_t max_len);
-void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
- unsigned char *out, size_t outlen);
-size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len);
-
/* DRBG helpers */
int rand_drbg_restart(RAND_DRBG *drbg,
const unsigned char *buffer, size_t len, size_t entropy);
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index d328935637..76d5767ccd 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -95,10 +95,10 @@ size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
for (i = 0; i < TSC_READ_COUNT; i++) {
c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
- RAND_POOL_add(pool, &c, 1, 4);
+ rand_pool_add(pool, &c, 1, 4);
}
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
#endif
@@ -125,9 +125,9 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
size_t bytes_needed;
unsigned char *buffer;
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
if (bytes_needed > 0) {
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
@@ -135,7 +135,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
== bytes_needed)
- return RAND_POOL_add_end(pool,
+ return rand_pool_add_end(pool,
bytes_needed,
8 * bytes_needed);
}
@@ -144,16 +144,16 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
== bytes_needed)
- return RAND_POOL_add_end(pool,
+ return rand_pool_add_end(pool,
bytes_needed,
8 * bytes_needed);
}
- return RAND_POOL_add_end(pool, 0, 0);
+ return rand_pool_add_end(pool, 0, 0);
}
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
#endif
@@ -165,7 +165,7 @@ size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
* is fetched using the parent's RAND_DRBG_generate().
*
* Otherwise, the entropy is polled from the system entropy sources
- * using RAND_POOL_acquire_entropy().
+ * using rand_pool_acquire_entropy().
*
* If a random pool has been added to the DRBG using RAND_add(), then
* its entropy will be used up first.
@@ -187,22 +187,22 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
return 0;
}
- pool = RAND_POOL_new(entropy, min_len, max_len);
+ pool = rand_pool_new(entropy, min_len, max_len);
if (pool == NULL)
return 0;
if (drbg->pool) {
- RAND_POOL_add(pool,
- RAND_POOL_buffer(drbg->pool),
- RAND_POOL_length(drbg->pool),
- RAND_POOL_entropy(drbg->pool));
- RAND_POOL_free(drbg->pool);
+ rand_pool_add(pool,
+ rand_pool_buffer(drbg->pool),
+ rand_pool_length(drbg->pool),
+ rand_pool_entropy(drbg->pool));
+ rand_pool_free(drbg->pool);
drbg->pool = NULL;
}
if (drbg->parent) {
- size_t bytes_needed = RAND_POOL_bytes_needed(pool, 8);
- unsigned char *buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ size_t bytes_needed = rand_pool_bytes_needed(pool, 8);
+ unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
@@ -221,20 +221,20 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
bytes = bytes_needed;
rand_drbg_unlock(drbg->parent);
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
} else {
/* Get entropy by polling system entropy sources. */
- entropy_available = RAND_POOL_acquire_entropy(pool);
+ entropy_available = rand_pool_acquire_entropy(pool);
}
if (entropy_available > 0) {
- ret = RAND_POOL_length(pool);
- *pout = RAND_POOL_detach(pool);
+ ret = rand_pool_length(pool);
+ *pout = rand_pool_detach(pool);
}
- RAND_POOL_free(pool);
+ rand_pool_free(pool);
return ret;
}
@@ -329,32 +329,32 @@ size_t rand_drbg_get_additional_data(unsigned char **pout, size_t max_len)
#endif
uint64_t tbits;
- pool = RAND_POOL_new(0, 0, max_len);
+ pool = rand_pool_new(0, 0, max_len);
if (pool == NULL)
return 0;
#ifdef OPENSSL_SYS_UNIX
pid = getpid();
- RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+ rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
#elif defined(OPENSSL_SYS_WIN32)
pid = GetCurrentProcessId();
- RAND_POOL_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
+ rand_pool_add(pool, (unsigned char *)&pid, sizeof(pid), 0);
#endif
thread_id = CRYPTO_THREAD_get_current_id();
if (thread_id != 0)
- RAND_POOL_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
+ rand_pool_add(pool, (unsigned char *)&thread_id, sizeof(thread_id), 0);
tbits = get_timer_bits();
if (tbits != 0)
- RAND_POOL_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
+ rand_pool_add(pool, (unsigned char *)&tbits, sizeof(tbits), 0);
/* TODO: Use RDSEED? */
- len = RAND_POOL_length(pool);
+ len = rand_pool_length(pool);
if (len != 0)
- *pout = RAND_POOL_detach(pool);
- RAND_POOL_free(pool);
+ *pout = rand_pool_detach(pool);
+ rand_pool_free(pool);
return len;
}
@@ -431,26 +431,26 @@ int RAND_poll(void)
} else {
/* fill random pool and seed the current legacy RNG */
- pool = RAND_POOL_new(RAND_DRBG_STRENGTH,
+ pool = rand_pool_new(RAND_DRBG_STRENGTH,
RAND_DRBG_STRENGTH / 8,
DRBG_MINMAX_FACTOR * (RAND_DRBG_STRENGTH / 8));
if (pool == NULL)
return 0;
- if (RAND_POOL_acquire_entropy(pool) == 0)
+ if (rand_pool_acquire_entropy(pool) == 0)
goto err;
if (meth->add == NULL
- || meth->add(RAND_POOL_buffer(pool),
- RAND_POOL_length(pool),
- (RAND_POOL_entropy(pool) / 8.0)) == 0)
+ || meth->add(rand_pool_buffer(pool),
+ rand_pool_length(pool),
+ (rand_pool_entropy(pool) / 8.0)) == 0)
goto err;
ret = 1;
}
err:
- RAND_POOL_free(pool);
+ rand_pool_free(pool);
return ret;
}
@@ -479,7 +479,7 @@ struct rand_pool_st {
* Allocate memory and initialize a new random pool
*/
-RAND_POOL *RAND_POOL_new(int entropy, size_t min_len, size_t max_len)
+RAND_POOL *rand_pool_new(int entropy, size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
@@ -509,7 +509,7 @@ err:
/*
* Free |pool|, securely erasing its buffer.
*/
-void RAND_POOL_free(RAND_POOL *pool)
+void rand_pool_free(RAND_POOL *pool)
{
if (pool == NULL)
return;
@@ -521,7 +521,7 @@ void RAND_POOL_free(RAND_POOL *pool)
/*
* Return the |pool|'s buffer to the caller (readonly).
*/
-const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
{
return pool->buffer;
}
@@ -529,7 +529,7 @@ const unsigned char *RAND_POOL_buffer(RAND_POOL *pool)
/*
* Return the |pool|'s entropy to the caller.
*/
-size_t RAND_POOL_entropy(RAND_POOL *pool)
+size_t rand_pool_entropy(RAND_POOL *pool)
{
return pool->entropy;
}
@@ -537,7 +537,7 @@ size_t RAND_POOL_entropy(RAND_POOL *pool)
/*
* Return the |pool|'s buffer length to the caller.
*/
-size_t RAND_POOL_length(RAND_POOL *pool)
+size_t rand_pool_length(RAND_POOL *pool)
{
return pool->len;
}
@@ -547,7 +547,7 @@ size_t RAND_POOL_length(RAND_POOL *pool)
* It's the responsibility of the caller to free the buffer
* using OPENSSL_secure_clear_free().
*/
-unsigned char *RAND_POOL_detach(RAND_POOL *pool)
+unsigned char *rand_pool_detach(RAND_POOL *pool)
{
unsigned char *ret = pool->buffer;
pool->buffer = NULL;
@@ -571,7 +571,7 @@ unsigned char *RAND_POOL_detach(RAND_POOL *pool)
* |entropy| if the entropy count and buffer size is large enough
* 0 otherwise
*/
-size_t RAND_POOL_entropy_available(RAND_POOL *pool)
+size_t rand_pool_entropy_available(RAND_POOL *pool)
{
if (pool->entropy < pool->requested_entropy)
return 0;
@@ -587,7 +587,7 @@ size_t RAND_POOL_entropy_available(RAND_POOL *pool)
* the random pool.
*/
-size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
{
if (pool->entropy < pool->requested_entropy)
return pool->requested_entropy - pool->entropy;
@@ -601,10 +601,10 @@ size_t RAND_POOL_entropy_needed(RAND_POOL *pool)
* In case of an error, 0 is returned.
*/
-size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
{
size_t bytes_needed;
- size_t entropy_needed = RAND_POOL_entropy_needed(pool);
+ size_t entropy_needed = rand_pool_entropy_needed(pool);
if (entropy_per_byte < 1 || entropy_per_byte > 8) {
RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
@@ -628,7 +628,7 @@ size_t RAND_POOL_bytes_needed(RAND_POOL *pool, unsigned int entropy_per_byte)
}
/* Returns the remaining number of bytes available */
-size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
{
return pool->max_len - pool->len;
}
@@ -641,9 +641,9 @@ size_t RAND_POOL_bytes_remaining(RAND_POOL *pool)
* randomness.
*
* Return available amount of entropy after this operation.
- * (see RAND_POOL_entropy_available(pool))
+ * (see rand_pool_entropy_available(pool))
*/
-size_t RAND_POOL_add(RAND_POOL *pool,
+size_t rand_pool_add(RAND_POOL *pool,
const unsigned char *buffer, size_t len, size_t entropy)
{
if (len > pool->max_len - pool->len) {
@@ -657,7 +657,7 @@ size_t RAND_POOL_add(RAND_POOL *pool,
pool->entropy += entropy;
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
/*
@@ -669,10 +669,10 @@ size_t RAND_POOL_add(RAND_POOL *pool,
* If |len| == 0 this is considered a no-op and a NULL pointer
* is returned without producing an error message.
*
- * After updating the buffer, RAND_POOL_add_end() needs to be called
+ * After updating the buffer, rand_pool_add_end() needs to be called
* to finish the udpate operation (see next comment).
*/
-unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
{
if (len == 0)
return NULL;
@@ -689,12 +689,12 @@ unsigned char *RAND_POOL_add_begin(RAND_POOL *pool, size_t len)
* Finish to add random bytes to the random pool in-place.
*
* Finishes an in-place update of the random pool started by
- * RAND_POOL_add_begin() (see previous comment).
+ * rand_pool_add_begin() (see previous comment).
* It is expected that |len| bytes of random input have been added
* to the buffer which contain at least |entropy| bits of randomness.
* It is allowed to add less bytes than originally reserved.
*/
-size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+size_t rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
{
if (len > pool->max_len - pool->len) {
RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
@@ -706,7 +706,7 @@ size_t RAND_POOL_add_end(RAND_POOL *pool, size_t len, size_t entropy)
pool->entropy += entropy;
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
int RAND_set_rand_method(const RAND_METHOD *meth)
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 74c828239b..b86f94ab72 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -12,6 +12,7 @@
#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
+#include "internal/rand_int.h"
#include <stdio.h>
#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
@@ -50,7 +51,7 @@
*
* As a precaution, we assume only 2 bits of entropy per byte.
*/
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
short int code;
gid_t curr_gid;
@@ -73,13 +74,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
* different processes.
*/
curr_gid = getgid();
- RAND_POOL_add(pool, &curr_gid, sizeof(curr_gid), 0);
+ rand_pool_add(pool, &curr_gid, sizeof(curr_gid), 0);
curr_pid = getpid();
- RAND_POOL_add(pool, &curr_pid, sizeof(curr_pid), 0);
+ rand_pool_add(pool, &curr_pid, sizeof(curr_pid), 0);
curr_uid = getuid();
- RAND_POOL_add(pool, &curr_uid, sizeof(curr_uid), 0);
+ rand_pool_add(pool, &curr_uid, sizeof(curr_uid), 0);
- bytes_needed = RAND_POOL_bytes_needed(pool, 2 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 2 /*entropy_per_byte*/);
for (i = 0; i < bytes_needed; i++) {
/*
@@ -102,9 +103,9 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
/* Get wall clock time, take 8 bits. */
clock_gettime(CLOCK_REALTIME, &ts);
v = (unsigned char)(ts.tv_nsec & 0xFF);
- RAND_POOL_add(pool, arg, &v, sizeof(v) , 2);
+ rand_pool_add(pool, arg, &v, sizeof(v) , 2);
}
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
# else
@@ -155,25 +156,25 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
* of input from the different entropy sources (trust, quality,
* possibility of blocking).
*/
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
# ifdef OPENSSL_RAND_SEED_NONE
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
# else
size_t bytes_needed;
size_t entropy_available = 0;
unsigned char *buffer;
# ifdef OPENSSL_RAND_SEED_GETRANDOM
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
if (getrandom(buffer, bytes_needed, 0) == (int)bytes_needed)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
@@ -186,7 +187,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
# endif
# ifdef OPENSSL_RAND_SEED_DEVRANDOM
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM, NULL };
FILE *fp;
@@ -196,19 +197,19 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
if ((fp = fopen(paths[i], "rb")) == NULL)
continue;
setbuf(fp, NULL);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
if (fread(buffer, 1, bytes_needed, fp) == bytes_needed)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
fclose(fp);
if (entropy_available > 0)
return entropy_available;
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
}
}
# endif
@@ -226,13 +227,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
# endif
# ifdef OPENSSL_RAND_SEED_EGD
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
if (bytes_needed > 0) {
static const char *paths[] = { DEVRANDOM_EGD, NULL };
int i;
for (i = 0; paths[i] != NULL; i++) {
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
int num = RAND_query_egd_bytes(paths[i],
@@ -240,7 +241,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
if (num == (int)bytes_needed)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
@@ -248,7 +249,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
}
# endif
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
# endif
}
# endif
diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
index 4ec4b35bd4..eb68c8a456 100644
--- a/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
@@ -54,7 +54,7 @@ static struct items_data_st {
{0, 0}
};
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
/* determine the number of items in the JPI array */
struct items_data_st item_entry;
@@ -117,7 +117,7 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
* was that it contains 4 bits of entropy per byte. This makes a total
* amount of total_length*16 bits (256bits).
*/
- return RAND_POOL_add(pool,
+ return rand_pool_add(pool,
(PTR_T)data_buffer, total_length * 4,
total_length * 16);
}
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 9eff319bc8..7f34188107 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -10,6 +10,7 @@
#include "internal/cryptlib.h"
#include <openssl/rand.h>
#include "rand_lcl.h"
+#include "internal/rand_int.h"
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
# ifndef OPENSSL_RAND_SEED_OS
@@ -38,7 +39,7 @@
# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
# endif
-size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
{
# ifndef USE_BCRYPTGENRANDOM
HCRYPTPROV hProvider;
@@ -61,21 +62,21 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
# endif
# ifdef USE_BCRYPTGENRANDOM
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
if (BCryptGenRandom(NULL, buffer, bytes_needed,
BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
bytes = bytes_needed;
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
# else
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
/* poll the CryptoAPI PRNG */
@@ -87,13 +88,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
CryptReleaseContext(hProvider, 0);
}
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
- bytes_needed = RAND_POOL_bytes_needed(pool, 8 /*entropy_per_byte*/);
- buffer = RAND_POOL_add_begin(pool, bytes_needed);
+ bytes_needed = rand_pool_bytes_needed(pool, 8 /*entropy_per_byte*/);
+ buffer = rand_pool_add_begin(pool, bytes_needed);
if (buffer != NULL) {
size_t bytes = 0;
/* poll the Pentium PRG with CryptoAPI */
@@ -105,13 +106,13 @@ size_t RAND_POOL_acquire_entropy(RAND_POOL *pool)
CryptReleaseContext(hProvider, 0);
}
- entropy_available = RAND_POOL_add_end(pool, bytes, 8 * bytes);
+ entropy_available = rand_pool_add_end(pool, bytes, 8 * bytes);
}
if (entropy_available > 0)
return entropy_available;
# endif
- return RAND_POOL_entropy_available(pool);
+ return rand_pool_entropy_available(pool);
}
# if OPENSSL_API_COMPAT < 0x10100000L