openssl/crypto/rand/rand_meth.c

/*
 * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/evp.h>
#include <openssl/rand.h>
#include "rand_local.h"

/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
    EVP_RAND_CTX *drbg = RAND_get0_primary(NULL);

    if (drbg == NULL || num <= 0)
        return 0;

    return EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
}

/* Implements the default OpenSSL RAND_seed() method */
static int drbg_seed(const void *buf, int num)
{
    return drbg_add(buf, num, num);
}

/* Implements the default OpenSSL RAND_status() method */
static int drbg_status(void)
{
    EVP_RAND_CTX *drbg = RAND_get0_primary(NULL);

    if (drbg == NULL)
        return 0;

    return  EVP_RAND_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0;
}

/* Implements the default OpenSSL RAND_bytes() method */
static int drbg_bytes(unsigned char *out, int count)
{
    EVP_RAND_CTX *drbg = RAND_get0_public(NULL);

    if (drbg == NULL)
        return 0;

    return EVP_RAND_generate(drbg, out, count, 0, 0, NULL, 0);
}

RAND_METHOD ossl_rand_meth = {
    drbg_seed,
    drbg_bytes,
    NULL,
    drbg_add,
    drbg_bytes,
    drbg_status
};

RAND_METHOD *RAND_OpenSSL(void)
{
#ifndef FIPS_MODULE
    return &ossl_rand_meth;
#else
    return NULL;
#endif
}
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509) 2020-07-22 10:55:31 +08:00			`/*`
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14801) 2021-04-08 20:04:41 +08:00			`* Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.`
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509) 2020-07-22 10:55:31 +08:00			`*`
			`* Licensed under the Apache License 2.0 (the "License"). You may not use`
			`* this file except in compliance with the License. You can obtain a copy`
			`* in the file LICENSE in the source distribution or at`
			`* https://www.openssl.org/source/license.html`
			`*/`

			`#include <openssl/evp.h>`
			`#include <openssl/rand.h>`
			`#include "rand_local.h"`

			`/* Implements the default OpenSSL RAND_add() method */`
			`static int drbg_add(const void *buf, int num, double randomness)`
			`{`
			`EVP_RAND_CTX *drbg = RAND_get0_primary(NULL);`

			`if (drbg == NULL \|\| num <= 0)`
			`return 0;`

			`return EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);`
			`}`

			`/* Implements the default OpenSSL RAND_seed() method */`
			`static int drbg_seed(const void *buf, int num)`
			`{`
			`return drbg_add(buf, num, num);`
			`}`

			`/* Implements the default OpenSSL RAND_status() method */`
			`static int drbg_status(void)`
			`{`
			`EVP_RAND_CTX *drbg = RAND_get0_primary(NULL);`

			`if (drbg == NULL)`
			`return 0;`

			`return EVP_RAND_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0;`
			`}`

			`/* Implements the default OpenSSL RAND_bytes() method */`
			`static int drbg_bytes(unsigned char *out, int count)`
			`{`
			`EVP_RAND_CTX *drbg = RAND_get0_public(NULL);`

			`if (drbg == NULL)`
			`return 0;`

			`return EVP_RAND_generate(drbg, out, count, 0, 0, NULL, 0);`
			`}`

Add ossl_rand symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473) 2021-03-08 17:17:53 +08:00			`RAND_METHOD ossl_rand_meth = {`
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509) 2020-07-22 10:55:31 +08:00			`drbg_seed,`
			`drbg_bytes,`
			`NULL,`
			`drbg_add,`
			`drbg_bytes,`
			`drbg_status`
			`};`

			`RAND_METHOD *RAND_OpenSSL(void)`
			`{`
			`#ifndef FIPS_MODULE`
Add ossl_rand symbols Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473) 2021-03-08 17:17:53 +08:00			`return &ossl_rand_meth;`
rand_drbg: remove RAND_DRBG. The RAND_DRBG API did not fit well into the new provider concept as implemented by EVP_RAND and EVP_RAND_CTX. The main reason is that the RAND_DRBG API is a mixture of 'front end' and 'back end' API calls and some of its API calls are rather low-level. This holds in particular for the callback mechanism (RAND_DRBG_set_callbacks()) and the RAND_DRBG type changing mechanism (RAND_DRBG_set()). Adding a compatibility layer to continue supporting the RAND_DRBG API as a legacy API for a regular deprecation period turned out to come at the price of complicating the new provider API unnecessarily. Since the RAND_DRBG API exists only since version 1.1.1, it was decided by the OMC to drop it entirely. Other related changes: Use RNG instead of DRBG in EVP_RAND documentation. The documentation was using DRBG in places where it should have been RNG or CSRNG. Move the RAND_DRBG(7) documentation to EVP_RAND(7). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12509) 2020-07-22 10:55:31 +08:00			`#else`
			`return NULL;`
			`#endif`
			`}`