root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

RAND_METHOD deprecation: code changes 

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)
This commit is contained in:
Pauli 2020-12-10 12:05:11 +10:00 committed by Pauli
parent de2ea978b5
commit 786b13fa77
4 changed files with 112 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/rand/build.info
View File

@ -1,12 +1,14 @@
LIBS=../../libcrypto
$COMMON=rand_lib.c rand_meth.c
$COMMON=rand_lib.c
$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c
IF[{- !$disabled{'egd'} -}]
$CRYPTO=$CRYPTO rand_egd.c
ENDIF
IF[{- !$disabled{'deprecated-3.0'} -}]
$COMMON=$COMMON rand_meth.c
ENDIF
SOURCE[../../libcrypto]=$COMMON $CRYPTO
SOURCE[../../providers/libfips.a]=$COMMON

110
crypto/rand/rand_lib.c
View File

@ -35,8 +35,10 @@
static ENGINE *funct_ref;
static CRYPTO_RWLOCK *rand_engine_lock;
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
static CRYPTO_RWLOCK *rand_meth_lock;
static const RAND_METHOD *default_RAND_meth;
# endif
static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
static int rand_inited = 0;
@ -49,9 +51,11 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
return 0;
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
rand_meth_lock = CRYPTO_THREAD_lock_new();
if (rand_meth_lock == NULL)
goto err;
# endif
if (!rand_pool_init())
goto err;
@ -60,8 +64,10 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
return 1;
err:
# ifndef OPENSSL_NO_DEPRECATED_3_0
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
# endif
# ifndef OPENSSL_NO_ENGINE
CRYPTO_THREAD_lock_free(rand_engine_lock);
rand_engine_lock = NULL;
@ -71,6 +77,7 @@ DEFINE_RUN_ONCE_STATIC(do_rand_init)
void rand_cleanup_int(void)
{
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = default_RAND_meth;
if (!rand_inited)
@ -79,13 +86,16 @@ void rand_cleanup_int(void)
if (meth != NULL && meth->cleanup != NULL)
meth->cleanup();
RAND_set_rand_method(NULL);
# endif
rand_pool_cleanup();
# ifndef OPENSSL_NO_ENGINE
CRYPTO_THREAD_lock_free(rand_engine_lock);
rand_engine_lock = NULL;
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
CRYPTO_THREAD_lock_free(rand_meth_lock);
rand_meth_lock = NULL;
# endif
rand_inited = 0;
}
@ -109,13 +119,13 @@ void RAND_keep_random_devices_open(int keep)
*/
int RAND_poll(void)
{
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
int ret = meth == RAND_OpenSSL();
if (meth == NULL)
return 0;
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (!ret) {
/* fill random pool and seed the current legacy RNG */
RAND_POOL *pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
@ -138,20 +148,26 @@ int RAND_poll(void)
err:
rand_pool_free(pool);
}
#endif
return ret;
# else
static const char salt[] = "polling";
RAND_seed(salt, sizeof(salt));
return 1;
# endif
}
# ifndef OPENSSL_NO_DEPRECATED_3_0
int RAND_set_rand_method(const RAND_METHOD *meth)
{
if (!RUN_ONCE(&rand_init, do_rand_init))
return 0;
CRYPTO_THREAD_write_lock(rand_meth_lock);
# ifndef OPENSSL_NO_ENGINE
# ifndef OPENSSL_NO_ENGINE
ENGINE_finish(funct_ref);
funct_ref = NULL;
# endif
# endif
default_RAND_meth = meth;
CRYPTO_THREAD_unlock(rand_meth_lock);
return 1;
@ -166,7 +182,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
CRYPTO_THREAD_write_lock(rand_meth_lock);
if (default_RAND_meth == NULL) {
# ifndef OPENSSL_NO_ENGINE
# ifndef OPENSSL_NO_ENGINE
ENGINE *e;
/* If we have an engine that can do RAND, use it. */
@ -178,16 +194,16 @@ const RAND_METHOD *RAND_get_rand_method(void)
ENGINE_finish(e);
default_RAND_meth = &rand_meth;
}
# else
# else
default_RAND_meth = &rand_meth;
# endif
# endif
}
tmp_meth = default_RAND_meth;
CRYPTO_THREAD_unlock(rand_meth_lock);
return tmp_meth;
}
# if !defined(OPENSSL_NO_ENGINE)
# if !defined(OPENSSL_NO_ENGINE)
int RAND_set_rand_engine(ENGINE *engine)
{
const RAND_METHOD *tmp_meth = NULL;
@ -211,22 +227,40 @@ int RAND_set_rand_engine(ENGINE *engine)
CRYPTO_THREAD_unlock(rand_engine_lock);
return 1;
}
# endif
# endif
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
void RAND_seed(const void *buf, int num)
{
EVP_RAND_CTX *drbg;
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth != NULL && meth->seed != NULL)
if (meth != NULL && meth->seed != NULL) {
meth->seed(buf, num);
return;
}
# endif
drbg = RAND_get0_primary(NULL);
if (drbg != NULL && num > 0)
EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
}
void RAND_add(const void *buf, int num, double randomness)
{
EVP_RAND_CTX *drbg;
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth != NULL && meth->add != NULL)
if (meth != NULL && meth->add != NULL) {
meth->add(buf, num, randomness);
return;
}
# endif
drbg = RAND_get0_primary(NULL);
if (drbg != NULL && num > 0)
EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num);
}
# if !defined(OPENSSL_NO_DEPRECATED_1_1_0)
@ -244,21 +278,25 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
int RAND_status(void)
{
EVP_RAND_CTX *rand;
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth != NULL && meth != RAND_OpenSSL())
return meth->status != NULL ? meth->status() : 0;
# endif
if ((rand = RAND_get0_primary(NULL)) == NULL)
return 0;
return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
}
#else /* !FIPS_MODULE */
# else /* !FIPS_MODULE */
# ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *RAND_get_rand_method(void)
{
return NULL;
}
# endif
#endif /* !FIPS_MODULE */
/*
@ -269,6 +307,7 @@ const RAND_METHOD *RAND_get_rand_method(void)
int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
{
EVP_RAND_CTX *rand;
#ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth != NULL && meth != RAND_OpenSSL()) {
@ -277,6 +316,7 @@ int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED);
return -1;
}
#endif
rand = RAND_get0_private(ctx);
if (rand != NULL)
@ -293,6 +333,7 @@ int RAND_priv_bytes(unsigned char *buf, int num)
int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
{
EVP_RAND_CTX *rand;
#ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth != NULL && meth != RAND_OpenSSL()) {
@ -301,6 +342,7 @@ int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, int num)
ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED);
return -1;
}
#endif
rand = RAND_get0_public(ctx);
if (rand != NULL)
@ -670,11 +712,14 @@ EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx)
#ifndef FIPS_MODULE
static int random_set_string(char **p, const char *s)
{
char *d = OPENSSL_strdup(s);
char *d = NULL;
if (d == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
return 0;
if (s != NULL) {
d = OPENSSL_strdup(s);
if (d == NULL) {
ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
return 0;
}
}
OPENSSL_free(*p);
*p = d;
@ -742,4 +787,37 @@ void ossl_random_add_conf_module(void)
OSSL_TRACE(CONF, "Adding config module 'random'\n");
CONF_module_add("random", random_conf_init, random_conf_deinit);
}
int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq,
const char *cipher, const char *digest)
{
RAND_GLOBAL *dgbl = rand_get_global(ctx);
if (dgbl == NULL)
return 0;
if (dgbl->primary != NULL) {
ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED);
return 0;
}
return random_set_string(&dgbl->rng_name, drbg)
&& random_set_string(&dgbl->rng_propq, propq)
&& random_set_string(&dgbl->rng_cipher, cipher)
&& random_set_string(&dgbl->rng_digest, digest);
}
int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed,
const char *propq)
{
RAND_GLOBAL *dgbl = rand_get_global(ctx);
if (dgbl == NULL)
return 0;
if (dgbl->primary != NULL) {
ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED);
return 0;
}
return random_set_string(&dgbl->seed_name, seed)
&& random_set_string(&dgbl->seed_propq, propq);
}
#endif

14
include/openssl/rand.h
View File

@ -36,6 +36,7 @@ extern "C" {
*/
# define RAND_DRBG_STRENGTH 256
# ifndef OPENSSL_NO_DEPRECATED_3_0
struct rand_meth_st {
int (*seed) (const void *buf, int num);
int (*bytes) (unsigned char *buf, int num);
@ -45,13 +46,14 @@ struct rand_meth_st {
int (*status) (void);
};
int RAND_set_rand_method(const RAND_METHOD *meth);
const RAND_METHOD *RAND_get_rand_method(void);
# ifndef OPENSSL_NO_ENGINE
int RAND_set_rand_engine(ENGINE *engine);
# endif
OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_method(const RAND_METHOD *meth);
OSSL_DEPRECATEDIN_3_0 const RAND_METHOD *RAND_get_rand_method(void);
# ifndef OPENSSL_NO_ENGINE
OSSL_DEPRECATEDIN_3_0 int RAND_set_rand_engine(ENGINE *engine);
# endif
RAND_METHOD *RAND_OpenSSL(void);
OSSL_DEPRECATEDIN_3_0 RAND_METHOD *RAND_OpenSSL(void);
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define RAND_cleanup() while(0) continue

10
util/libcrypto.num
View File

@ -73,7 +73,7 @@ NETSCAPE_SPKI_print 74 3_0_0 EXIST::FUNCTION:
X509_set_pubkey 75 3_0_0 EXIST::FUNCTION:
ASN1_item_print 76 3_0_0 EXIST::FUNCTION:
CONF_set_nconf 77 3_0_0 EXIST::FUNCTION:
RAND_set_rand_method 78 3_0_0 EXIST::FUNCTION:
RAND_set_rand_method 78 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
BN_GF2m_mod_mul 79 3_0_0 EXIST::FUNCTION:EC2M
UI_add_input_boolean 80 3_0_0 EXIST::FUNCTION:
ASN1_TIME_adj 81 3_0_0 EXIST::FUNCTION:
@ -167,7 +167,7 @@ EVP_MD_type 170 3_0_0 EXIST::FUNCTION:
EVP_PKCS82PKEY 171 3_0_0 EXIST::FUNCTION:
BN_generate_prime_ex 172 3_0_0 EXIST::FUNCTION:
EVP_EncryptInit 173 3_0_0 EXIST::FUNCTION:
RAND_OpenSSL 174 3_0_0 EXIST::FUNCTION:
RAND_OpenSSL 174 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
BN_uadd 175 3_0_0 EXIST::FUNCTION:
EVP_PKEY_derive_init 176 3_0_0 EXIST::FUNCTION:
PEM_write_bio_ASN1_stream 177 3_0_0 EXIST::FUNCTION:
@ -1397,7 +1397,7 @@ OCSP_RESPBYTES_it 1429 3_0_0 EXIST::FUNCTION:OCSP
EVP_aes_192_wrap 1430 3_0_0 EXIST::FUNCTION:
OCSP_CERTID_it 1431 3_0_0 EXIST::FUNCTION:OCSP
ENGINE_get_RSA 1432 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
RAND_get_rand_method 1433 3_0_0 EXIST::FUNCTION:
RAND_get_rand_method 1433 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
ERR_load_DSA_strings 1434 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,DSA
ASN1_check_infinite_end 1435 3_0_0 EXIST::FUNCTION:
i2d_PKCS7_DIGEST 1436 3_0_0 EXIST::FUNCTION:
@ -1746,7 +1746,7 @@ NAME_CONSTRAINTS_check 1786 3_0_0 EXIST::FUNCTION:
X509_CERT_AUX_it 1787 3_0_0 EXIST::FUNCTION:
X509_get_X509_PUBKEY 1789 3_0_0 EXIST::FUNCTION:
TXT_DB_create_index 1790 3_0_0 EXIST::FUNCTION:
RAND_set_rand_engine 1791 3_0_0 EXIST::FUNCTION:ENGINE
RAND_set_rand_engine 1791 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,ENGINE
X509_set_serialNumber 1792 3_0_0 EXIST::FUNCTION:
BN_mod_exp_mont_consttime 1793 3_0_0 EXIST::FUNCTION:
X509V3_parse_list 1794 3_0_0 EXIST::FUNCTION:
@ -5301,3 +5301,5 @@ EVP_PKEY_fromdata_settable ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_param_check_quick ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_public_check_quick ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_CTX_is_a ? 3_0_0 EXIST::FUNCTION:
RAND_set_DRBG_type ? 3_0_0 EXIST::FUNCTION:
RAND_set_seed_source_type ? 3_0_0 EXIST::FUNCTION: